Coldfusion 11 - Web Sockets via SSL

Help!
I can't seem to figure out how to handle WSS (Websockets over SSL). I have a cert that has already been sent/received by verifier. I have a cert and an intermediate cert. I've been looking at documentation and from what I've gathered i need to add the certs to the "keystore". I issued a command like this ->>> D:\CF11\jre\bin\keytool -import -v -alias myCert-cert -file myCert.cer -keystore D:\CF11\jre\lib\security\cacerts -storepass changeit <-- I see the cert is added. And if list the keystore i see the number of certs increased by one. I then enable the SSL WS, use default port (built in server.. not proxied), and point it to the keystore D:\CF11\jre\lib\security\cacerts and for pass i simply use the default changeit.... I've modified my cfcode to have the secure="true" attribute. So I think everything is setup correctly ....but... when i goto the webpage the web socket will try to connect then simply not connect (Firebug says the connection was refused) (The code works fine removing the secure attribute and accessing via http) ... So i guess i'm not sure exactly what i should be doing. Can i use the same cert that I had created via IIS. The cert looks valid. Also further more i see nothing showing up in the log files.. I see a log called WebSocket.log but the size is 0 and nothing is being thrown in the exception log either.. I'm completely confused.

Hi Sharma,
I also sent you a note directly via email (see below). I am having a similar issue to Prem without resolution.
Our CF11 server configuration:
Windows 2012 Server R2
IIS 8
We have a *.balboadigital.com registered RapidSSL certificate installed on our server which resolves to https://dev.balboadigital.com on this particular development box. I've been unable to locate any online resources which would show me how to utilize this certificate for websockets within CF11. Due to this, I was happy to find your reference to try a self-signed certificate. I followed your instructions. Here is the breakdown:
1. I generated the keystore per your instructions which created the websocket.crt file.
2. The CF server XML was uncommented and updated to:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
                keystoreFile="C:\ColdFusion11\jre\bin\websocket.crt" keystorePass="[my password]"/>
3. I restarted the CF11 Application Windows service.
4. The "Use Built-In WebSocket Server" radio button was selected with PORT: 8575 for non-SLL and PORT: 8543 for SSL as defaults. The KeyStore was set to "C:/ColdFusion11/jre/bin/websocket.crt" and the KeyStore Password to "[MyPassword]" and changes posted.
5. I restarted the CF11 Application Windows service.
6. I then ran a test web page: https://dev.balboadigital.com/admin/websocket/index_withssl.cfm (this is live for you to test)
Application.cfc
<CFCOMPONENT>
    <CFSCRIPT>
    this.name = "balboa";
    this.wschannels = [{name="phone"}];
    </CFSCRIPT>
</CFCOMPONENT>
index_withSSL.cfm
<script type="text/javascript">
    function mymessagehandler(atoken)
        if (atoken.data != null) {
            var message = ColdFusion.JSON.encode(atoken.data);
            var txt = document.getElementById("myDiv");
            txt.innerHTML += message + "<br>";
    function publishmessage()
        var msg = document.getElementById("message").value;
        mycfwebsocketobject.publish("phone.4",msg );
</script>
<cfwebsocket name="mycfwebsocketobject" onmessage="mymessagehandler" subscribeto="phone" secure="true">
"Phone" Message: <input id ="message" type="text" > <input type="button" onclick="publishmessage();" value="Publish Message"><br />
<cfdiv id="myDiv"></cfdiv>
The test fails and returns the following from the Google Chrome Console:
WebSocket connection to 'wss://dev.balboadigital.com:8543/cfusion/cfusion' failed: WebSocket opening handshake was canceled
7. The script was copied and modified to eliminate SSL as follows: http://dev.balboadigital.com/admin/websocket/index_nossl.cfm (this is live for you to test)
index_nossl.cfm
<script type="text/javascript">
    function mymessagehandler(atoken)
        if (atoken.data != null) {
            var message = ColdFusion.JSON.encode(atoken.data);
            var txt = document.getElementById("myDiv");
            txt.innerHTML += message + "<br>";
    function publishmessage()
        var msg = document.getElementById("message").value;
        mycfwebsocketobject.publish("phone",msg );
</script>
<cfwebsocket name="mycfwebsocketobject" onmessage="mymessagehandler" subscribeto="phone">
"Phone" Message: <input id ="message" type="text" > <input type="button" onclick="publishmessage();" value="Publish Message"><br />
<cfdiv id="myDiv"></cfdiv>
This test passes and works as expected, but no SSL.
Please advise as our application absolutely requires that SSL is working for us.
Thanks,
Kevin

Similar Messages

Calling web service via SSL

Hi,
I do not succeed in calling a web service via SSL from within a Web Dynpro application.
Current settings of my logical port:
Target Address: https://...
Authentication: HTTP authentication, basic (username/password)
I do call methods _setUser and _setPassword to set userid and password before calling method execute() of my modelclass.
On calling method execute(), I get message "Connection closed by remote host".
Any suggestions ?
Many thanks.
Jorgen

Can you check the following?
1) Did you install the SAP Cryptographic toolkit for Java available from service.sap.com?
2) Did you install the "Java Cryptography Extension (JCE)
Unlimited Strength Jurisdiction Policy Files 1.4.2". For Sun they are available here: http://java.sun.com/j2se/1.4.2/download.html (last item on page)
3) How is the SSL server configured? Does it require client authentication? In this case you must send a client certificate.

Consuming a Web Service via SSL with Basic Authentication

Hello,
I have a simple web service (returns a parameter value) and want to consume it. Therefore I have generated a proxy for its in Netweaver Studio SP13.
When I set up the web service to be accessed via HTTP and Basic Authentication (Username/Password), everything is fine. When I set up the web service to communicate via HTTPS, I get the following error message in my client:
java.rmi.RemoteException: Service call exception; nested exception is:
     java.lang.NullPointerException
     at priv.senw04.wsproxy.multisec_ssl.SSLBindingStub.pingText(SSLBindingStub.java:87)
     at priv.senw04.wsproxy.multisec_ssl.SSLBindingStub.pingText(SSLBindingStub.java:96)
     at priv.se.wsclient.MultiSecSSL.main(MultiSecSSL.java:38)
Caused by: java.lang.NullPointerException
     at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.disconnect(HTTPSocket.java:625)
     at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.HTTPTransport.closeSession(HTTPTransport.java:396)
     at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1312)
     at priv.senw04.wsproxy.multisec_ssl.SSLBindingStub.pingText(SSLBindingStub.java:80)
     ... 2 more
Testing the web service with WebServiceNavigator and/or by using a generated WebDynpro Client results in the following error:
000D604C66BE004E0000001300000AFC00040922E0160632 : An error occurred during processing the timestamp. The error was: com.sap.security.core.ws.wss.NoSecurityHeaderException No wsse:Security header has been defined for role soap:finalActor. Please verify the policy configuration..
But my main focus is on the client implementation based on a proxy. Here comes the client's code:
public class MultiSecSSL {
    public static void main(String[] args) {
        try {
            MultiSecuritySSLAuthImpl serviceInterface = new MultiSecuritySSLAuthImpl();
            SSLBindingStub service = (SSLBindingStub)serviceInterface.getLogicalPort(MultiSecuritySSLAuthViDocument.class);
            SecurityProtocol protocol = (SecurityProtocol) service._getGlobalProtocols().getProtocol("SecurityProtocol");
            AuthenticationContext auth = protocol.getAuthenticationContext();
            auth.setIgnoreSSLServerCertificate(true);
            auth.setUsername("cfpcompany");
            auth.setPassword("demo");
            String ret = service.pingText("Called service MultiSecurity via SSL");
            System.out.println(ret);
        } catch (Exception e) {
             e.printStackTrace(System.out);
Here comes the logical port information of the generated proxy:
<?xml version="1.0" encoding="UTF-8"?>
<LogicalPorts Name='MultiSecuritySSLAuth' InterfaceName='priv.senw04.wsproxy.multisec_ssl.MultiSecuritySSLAuth'>
<LogicalPort Name='SSLPort_Document' Endpoint='https://192.168.129.76:50001/MultiSecuritySSLAuth/SSL?style=document' BindingName='SSLBinding' BindingUri='urn:MultiSecuritySSLAuthWsd/SSL/document' BindingImplementation='SOAP 1.1 HTTP Binding with Attachments' StubName='priv.senw04.wsproxy.multisec_ssl.SSLBindingStub' Default='true' InterfaceName='priv.senw04.wsproxy.multisec_ssl.MultiSecuritySSLAuthViDocument' Original='true' Valid='true'>
    <globalFeatures>
      <Feature Name='http://www.sap.com/webas/630/soap/features/headers/' Provider='SoapHeadersProtocol' Original='false'>
      </Feature>
      <Feature Name='http://www.sap.com/webas/630/soap/features/session/' Provider='SessionProtocol' Original='false'>
        <Property Name='SessionMethod' Value='httpCookies'>
        </Property>
      </Feature>
      <Feature Name='http://www.sap.com/webas/630/soap/features/authentication' Provider='SecurityProtocol' Original='true'>
        <Property Name='AuthenticationLevel' Value='None'>
        </Property>
        <Property Name='AuthenticationMechanism' Value='HTTP'>
        </Property>
        <Property Name='AuthenticationMethod' Value='BasicAuth'>
        </Property>
        <Property Name='SupportsSSO2Authentication' Value='false'>
        </Property>
      </Feature>
      <Feature Name='http://www.sap.com/webas/630/soap/features/transportguarantee' Original='true'>
        <Property Name='Level' Value='No'>
        </Property>
        <Property Name='TLSType' Value='SSL'>
        </Property>
      </Feature>
    </globalFeatures>
    <localFeatures>
      <Operation Name='pingText'>
        <Feature Name='http://www.sap.com/webas/630/soap/features/wss' Original='true'>
          <Property Name='RequestPolicy' Value='Signature'>
          </Property>
          <Property Name='ResponsePolicy' Value='None'>
          </Property>
        </Feature>
        <Feature Name='http://sap.com/webservices/authorization' Original='true'>
        </Feature>
      </Operation>
    </localFeatures>
</LogicalPort>
</LogicalPorts>
To me, this looks consistent. Any idea, what is misconfigured on my machine ?

Hi Martin,
that is exactly, what I did.
- Change Web Service Configuration in IDE
- Build and Deploy the Service to my local Server
- Check Service in Visual Administrator
- Deleted and Regenerated the Standalone Proxy
- Deleted and Recreated the link between CLient and Proxy Project in IDE
- Started Client
Here comes the section of the ws-deployment-descriptor.xml of the service. For me, it matches, what the proxy generated.
<webservice>
    <guid>ed8363_10876a54b6d__7fe9_192_168_129_76_1135862193037</guid>
    <ejb-name-temp>MultiSecWSBean</ejb-name-temp>
    <webservice-name>
      <namespaceURI>urn:MultiSecuritySSLAuthWsd</namespaceURI>
      <localName>MultiSecuritySSLAuth</localName>
    </webservice-name>
    <webservice-internal-name>MultiSecuritySSLAuth</webservice-internal-name>
    <standard-namespaceURI>urn:MultiSecuritySSLAuthWsd</standard-namespaceURI>
    <ws-configuration>
      <configuration-name>SSL</configuration-name>
      <ejb-name>MultiSecWSBean</ejb-name>
      <service-endpoint-name>
        <namespaceURI>urn:MultiSecuritySSLAuthWsd</namespaceURI>
        <localName>SSLPort</localName>
      </service-endpoint-name>
      <wsdl-porttype-name>
        <namespaceURI>urn:MultiSecuritySSLAuthWsd</namespaceURI>
        <localName>MultiSecuritySSLAuthVi</localName>
      </wsdl-porttype-name>
      <webservice-definition-ref>
        <package>com.technidata.cfp.i3rdparty.cfpxml</package>
        <name>MultiSecuritySSLAuthWsd.wsdef</name>
      </webservice-definition-ref>
      <service-endpoint-vi-ref>
        <package>com.technidata.cfp.i3rdparty.cfpxml</package>
        <name>MultiSecuritySSLAuthVi.videf</name>
      </service-endpoint-vi-ref>
      <transport-binding name="SOAPHTTP_TransportBinding">
        <wsdl-binding-name>
          <namespaceURI>urn:MultiSecuritySSLAuthWsd</namespaceURI>
          <localName>SSLBinding</localName>
        </wsdl-binding-name>
      </transport-binding>
      <transport-address>/MultiSecuritySSLAuth/SSL</transport-address>
      <global-features>
        <feature name="http://www.sap.com/webas/630/soap/features/transportguarantee" protocol="SecurityProtocol">
          <property name="TLSType" value="SSL"/>
        </feature>
        <feature name="http://www.sap.com/webas/630/soap/features/authorization" protocol="SecurityProtocol"/>
        <feature name="http://www.sap.com/webas/630/soap/features/authentication" protocol="SecurityProtocol">
          <property name="AuthenticationMethod" value="BasicAuth"/>
          <property name="AuthenticationMechanism" value="HTTP"/>
          <property name="SupportsSSO2Authentication" value="false"/>
        </feature>
      </global-features>
      <operation-configuration uniqueViName="pingText(java.lang.String)">
        <transport-binding-configuration>
          <input>
            <property name="soapAction" value=""/>
            <property name="encodingStyle" value="http://schemas.xmlsoap.org/soap/encoding/"/>
          </input>
          <output>
            <property name="encodingStyle" value="http://schemas.xmlsoap.org/soap/encoding/"/>
          </output>
        </transport-binding-configuration>
        <feature name="http://www.sap.com/webas/630/soap/features/wss" protocol="SecurityProtocol">
          <property name="RequestPolicy" value="None"/>
          <property name="ResponsePolicy" value="None"/>
        </feature>
        <feature name="http://sap.com/webservices/authorization" protocol="SecurityProtocol">
          <property name="security-roles">
            <property name="role1" value="use_multisec_service"/>
          </property>
        </feature>
      </operation-configuration>
    </ws-configuration>
</webservice>
Regards,
Stefan

WWSAPI - Cannot connect to web service via SSL and HTTP proxy authentication with NTLM, errorCode 0x803d0016, HTTP status 407

Hi,
I built a web service client using WWSAPI. The connection works via SSL (without HTTP proxy) and it works with SSL and proxy with basic authentication as well. When I try to connect using a proxy with NTLM authentication, then I get the errorCode
0x803d0016, HTTP status "407 (0x197)", "Proxy Authentication Required".
In WireShark I see only one HTTP request to connect to the proxy with NTLM Message Type: NTLMSSP_NEGOTIATE. The HTTP Response returns Status 407 and the connection ist closed. Comparing this to Internet Explorer - the Connection is not closed and
a second request with NTLMSSP_AUTH is sent.
Why doesn't it make the complete NTLM handshake? Why wasn't sent the NTLMSSP_AUTH directly?
I oriented in the HttpCalculatorWithKerberosOverSslClientExample.
Using WS_HTTP_HEADER_AUTH_SECURITY_BINDING,
WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_SCHEME was set to WS_HTTP_HEADER_AUTH_SCHEME_NTLM, WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_TARGET to WS_HTTP_HEADER_AUTH_TARGET_PROXY. I tried WS_DEFAULT_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE but also WS_STRING_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE.
Any idea?
Thanks

Hi,
I built a web service client using WWSAPI. The connection works via SSL (without HTTP proxy) and it works with SSL and proxy with basic authentication as well. When I try to connect using a proxy with NTLM authentication, then I get the errorCode
0x803d0016, HTTP status "407 (0x197)", "Proxy Authentication Required".
In WireShark I see only one HTTP request to connect to the proxy with NTLM Message Type: NTLMSSP_NEGOTIATE. The HTTP Response returns Status 407 and the connection ist closed. Comparing this to Internet Explorer - the Connection is not closed and
a second request with NTLMSSP_AUTH is sent.
Why doesn't it make the complete NTLM handshake? Why wasn't sent the NTLMSSP_AUTH directly?
I oriented in the HttpCalculatorWithKerberosOverSslClientExample.
Using WS_HTTP_HEADER_AUTH_SECURITY_BINDING,
WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_SCHEME was set to WS_HTTP_HEADER_AUTH_SCHEME_NTLM, WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_TARGET to WS_HTTP_HEADER_AUTH_TARGET_PROXY. I tried WS_DEFAULT_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE but also WS_STRING_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE.
Any idea?
Thanks

WebDynpro Consuming a Web Service via SSL (https)

Hello dovelopers,
i want to consume a Web Service in a WebDynpro Application via https.
can anybody give me a few links to pdfs etc.
Thank You
Michel

Try this:
Are you trying to create https trust relation ship between two SAP Portals or SAP Portal to Non Sap Portal?
Help on How to Consume a Web Service in SAP Portal?
http://help.sap.com/saphelp_nw04/helpdata/en/f5/30c5aca7f92f418d889b99ccc9ee08/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/df/a08340d990ce62e10000000a155106/content.htm
http://www.sapportalguide.com/web_services.html
Here the documents helps you how to integreate https authentication betweeen two portals:
http://help.sap.com/saphelp_nw2004s/helpdata/en/43/2235260b413fe1e10000000a11466f/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/62/881e3e3986f701e10000000a114084/frameset.htm
http://help.sap.com/saphelp_nw04/helpdata/en/14/29236de1864c6e8d46e77192adaa95/frameset.htm
http://help.sap.com/saphelp_nw04/helpdata/en/d3/41c8efb31d11d5993800508b6b8b11/frameset.htm
Thanks
Krishna

Java Web Start and SSL

I have an AP designed as a Java Web Start program,
and I want it to connect to a web service via SSL.
I know how to do that in a normal AP. Just add a property like :
System.setProperty("javax.net.ssl.trustStore","my.keystore");
But since a JAWS program is downloaded from server, and don't have a my.keystore on local file system. I can't set a property that way. Is anyone know how to deal with this?
Can a signed jar file help?
Thanx in advance.

We had the same problem. There's basically two ways around this. One is extremely easy and the other is a pain.
easy: Use a CA certificate on the web server (Verisign, thawte etc.). All java applications already have a keystore (cacerts) that recognizes
these CAs. This keystore will be used when the cert on the server is a CA. Only drawback - $250 or so for the cert.
painful: Programmatically extract your personal certificate keystore from the deployed client jar. Also programmatically apply it to your SSL handler. Basically - you have to code what's done in a regular App simply by "javax.net.truststore=keyfile". I didn't explore this option
too much as the easy option was viable.

Calling a web service through SSL via a stand alone java class

HI,
I am trying to call a web service through SSL via a simple stand alone java client.
I have imported the SSL certificate in my keystore by using the keytool -import command.
Basically I want to add a user to a group on the server. Say I add a user user 1 to group group 1 using an admin userid and password. All these values are set in an xml file which I send to the server while calling the server. I pass the web service URL, the soap action name and the xml to post as the command line arguments to the java client.
My xml file(Add.xml) that is posted looks like :
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope
xmlns:xsi = "http://www.w3.org/1999/XMLSchema-instance"
xmlns:SOAP-ENC = "http://schemas.xmlsoap.org/soap/encoding/"
xmlns:SOAP-ENV = "http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd = "http://www.w3.org/1999/XMLSchema"
SOAP-ENV:encodingStyle = "http://schemas.xmlsoap.org/soap/encoding/">
<SOAP-ENV:Body>
<namesp1:modifyGroupOperation xmlns:namesp1 = "/services/modifyGroup/modifyGroupOp">
<auth>
<user>adminUser</user>
<password>adminPassword</password>
</auth>
<operationType>ADD</operationType>
<groupName>group1</groupName>
<users>
<userName>user1</userName>
</users>
</namesp1:modifyGroupOperation>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
I call the client as:
java PostXML https://com.webservice.com/services/modifyGroup "/services/modifyGroup/modifyGroupOp" Add.xml
I my client, I have set the following:
System.setProperty("javax.net.ssl.keyStore", "C:\\Program Files\\Java\\jre1.5.0_12\\lib\\security\\cacerts");
System.setProperty("javax.net.ssl.keyStorePassword", "password");
System.setProperty("javax.net.ssl.trustStore", "C:\\Program Files\\Java\\jre1.5.0_12\\lib\\security\\cacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "password");
But when I try to execute the java client, I get the following error:
setting up default SSLSocketFactory
use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
keyStore is : C:\Program Files\Java\jre1.5.0_12\lib\security\cacerts
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: C:\Program Files\Java\jre1.5.0_12\lib\security\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
init context
trigger seeding of SecureRandom
done seeding SecureRandom
instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
main, setSoTimeout(0) called
main, setSoTimeout(0) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: .....
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 73
main, WRITE: TLSv1 Handshake, length = 73
[write] MD5 and SHA1 hashes: len = 98
main, WRITE: SSLv2 client hello message, length = 98
[Raw write]: length = 100
[Raw read]: length = 5
[Raw read]: length = 58
main, READ: TLSv1 Handshake, length = 58
*** ServerHello, TLSv1
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
[read] MD5 and SHA1 hashes: len = 58
[Raw read]: length = 5
[Raw read]: length = 5530
main, READ: TLSv1 Handshake, length = 5530
*** Certificate chain
chain [0] = ...
chain [1] = ...
chain [2] = ...
chain [3] = ...
main, SEND TLSv1 ALERT: fatal, description = certificate_unknown
main, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 2E .......
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.c
ertpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:506)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2110)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1088)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
at PostXML.main(PostXML.java:111)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find v
alid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source)
... 18 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 23 more
I do not know where I have gone wrong. Could someone point out my mistake.
Thanks In advance!

Hi jazz123,
There's an example in the [*Java Web Services Tutorial*|http://java.sun.com/webservices/docs/2.0/tutorial/doc/] : see Chapter 1: Building Web Services with JAX-WS - A Simple JAX-WS Client.

SSL and Quicktime Player: QT crashes if it opens a web video via https

Hello,
it was running some test-videos, I think, some weeks ago very well - as I can remember. After some days quicktime client starts crashing when it opens a .mp4 file from a https: connection. Thers a message concerning the certificate from quicktime then it crashes.
It crashes also on another computer. Quicktime plays the same file via a http connection (that is not secured via ssl) very well.
Safari is playing the https(ssl)-file with quicktime very well.
If Safari runs the ssl video and finally completed do load the full video I can copy the https:-URL to Quicktime player - and it plays the video very well.
Via quicktime streaming server the .mp4 runs too - but its not secured - I think
What can I do? Thank you for any suggestion.
Best regards.

Dear Paul,
thank you for your concerns - but I don´t want to give the address to the public.
I hope for your understanding.
Best regards

Error when configuring Web Dispatcher for SSL with Enterprise Portal

We are in the process of configuring the Web Dispatcher using SSL to connect to our Enterprise Portal (the Web Dispatcher will be in the DMZ). We have followed all of the help.sap.com guides and now have SSL listening on the EP side (port 8103). We are now receiving this strange certificate error when we start the Web Dispatcher:
[Thr 5332] Tue Mar 20 00:36:23 2007
[Thr 5332]   MatchTargetName("<FULLY QUALIFIED HOSTNAME>", "CN=XXX, OU=XXX, O=XXXX, C=XX") FAILS
[Thr 5332]   SSL socket: local=<IPADDRESS>:4742 peer=<IPADDRESS>:8103
[Thr 5332] <<- ERROR: SapSSLSessionStart(sssl_hdl=009D7670)==SSSLERR_SERVER_CERT_MISMATCH
[Thr 5332] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH [icxxconn.c 2005]
[Thr 5332] *** ERROR => IcmConnClientRqCreate() failed (rc=-14) [icrxx.c      4919]
[Thr 5332] *** ERROR => Could not connect to SAP Message Server at <FULLY QUALIFIED HOST NAME>. URL=/msgserver/text/logon?version=1.2 [icrxx.c      2301]
[Thr 5332] *** ERROR => rc=-1, HTTP response code: 0 [icrxx.c      2302]
[Thr 5332] *** ERROR => see also OSS note 552286 [icrxx.c      2303]
We have gone through the trouble shooting note 552286 as listed in the error above. Any assistance is appreciated.

Hello, did you receive any resolution for this problem? We are receiving a similar error and I am unsure of how to resolve.

Web Service Using SSL issue

I have a web service that has been working fine using http. Just switched over to SSL using the <WLHttpsTransport> tag on the jwsc ant command. Now I get the following error at runtime: Any ideas/suggestions? Thanks in advance - Craig
16:22:27,953 INFO [STDOUT] Caused by: java.lang.NoClassDefFoundError: org/apache/tools/ant/BuildException
16:22:27,953 INFO [STDOUT] at weblogic.wsee.bind.buildtime.internal.TylarJ2SBindingsBuilderImpl.<init>(TylarJ2SBindingsBuilderImpl.java:87)
16:22:27,953 INFO [STDOUT] at weblogic.wsee.bind.buildtime.J2SBindingsBuilder$Factory.newInstance(J2SBindingsBuilder.java:30)
16:22:27,953 INFO [STDOUT] at weblogic.wsee.util.ExceptionUtil.<clinit>(ExceptionUtil.java:48)
16:22:27,953 INFO [STDOUT] at weblogic.wsee.util.FaultUtil.exception2Fault(FaultUtil.java:230)
16:22:27,953 INFO [STDOUT] at weblogic.wsee.message.soap.SoapMessageContext.setFault(SoapMessageContext.java:102)

I thought I would post an update since I found a solution. The problem was a ClassCast exception in a part of the SSL stack, that wanted to use the ant BuildException class. This has the effect of hiding the real issue which was that the SSL connection was not successfully occuring. The real problem was that the SSL connection started with a WSDL retrieved via SSL, but the connection for the port was through a username/password. When a username/password is used to create a port, the WL stack falls back to http and causes a ClassCast exception on weblogic.wsee.connection.transport.http.HttpTransportInfo. The solution is to create an https transport object when the service impl is created:
HttpsTransportInfo transport = new HttpsTransportInfo ();
transport.setUsername (user.getBytes ());
transport.setPassword (pass.getBytes ());
gServiceImpl = new PersistenceManagerService_Impl (url, transport);
and to create the port without parameters:
port = getServiceImpl ().getPersistenceManagerServicePort ();
This allows one-way SSL with username/password for the connection.

SAP Web Dispatcher Configuration (SSL, certificates)

Hi all,
We're trying to configure the SAP Web Dispatcher for the use of SSL (terminated) and client authentication using x.509 certificates. All works (almost)fine. However, there's some strange behavior that I can not explain.
The following access point have been specified in the profile:
Description of the Access Points
icm/server_port_0 = PROT=HTTPS, PORT=443, TIMEOUT=15
icm/server_port_2 = PROT=HTTP, PORT=83, TIMEOUT=15
icm/HTTPS/verify_client = 2
Basicly we only need users to access the web dispatcher using SSL. However, when I remove the line: icm/server_port_2 = PROT=HTTP, PORT=83, TIMEOUT=15
The Web Dispatcher returns an error upon accessing it using HTTPS:
Dispatching Error
Error: -26
Version: 6040
Component: HTTP_ROUTE
Date/Time: Tue Mar 14 07:19:38 2006
Module: http_route.c
Line: 2383
Server: sapvm1_DVS_26
Detail: no valid destination server available for '!ALL' rc=13
Any help would be highly appreciated. Thanks!
Frodo

Hi KS,
Maybe you were right afterall I found a nice How to on the servce.sap.com (https://websmp203.sap-ag.de/~form/sapnet?_SHORTKEY=00200797470000073632&_SCENARIO=01100035870000000202) and it seems you do have to add the HTTP server_port parameter in case SSL is being terminated (no re-encryption).
icm/server_port_0 = PROT=HTTPS, PORT=443, TIMEOUT=15
icm/server_port_1 = PROT=HTTP, PORT=0, TIMEOUT=15
However, the trick is to set the port to zero (0), that way you can still only access the Web Dispatcher via HTTPS.
All is working now.
Frodo

Coldfusion web application got hacked today

I am not sure if my coldfusion server is hacked.
I found the following items within a directory of one of my coldfusion web applications making it unavailable:
1) 1.zip
* this zip file was decompressed with 301 malicious folders related to vigra and dkeys.txt
2) make2.zip
* this zip file was decompressed with a folder named test-test and two other cfm files: application.cfm and tampl.cfm.
Is anyone else experiencing this issue? It just happened today. And I just patched the server with the latest security hotfix last Thursday.
My coldfusion server has RDS disabled, and the directory for CFIDE has been renamed, meanning CFIDE is technically not available. And CFIDE has also been moved to a different virtual web server running on a different port on IIS (not accessible from the internet) according to the instructions. I can't guess any possible way that hackers could hack into the server, unless via coldfusion web itself.
And i wonder how these two zip files got decompressed remotely.

Hello MrCFusion,
We apologize for the inconvenience caused. Please send an email to Adobe Product Security Incident Response Team ([email protected])
Regards,
Anit Kumar

How to use an iPad 2 for web search (via 3G only) while using AirPrint via Airoprt express wifi (NOT connected to the internet)

Heres the setup: I have an IOS 7 iPad 2 that I want to use 3G only for web searches/ emails while using an Airport Express generated wifi bubble (without any connected internett) to print web seraches via airprint to a wifi printer.
The problem: the ipad deafults to searching via the AE's wifi and vainly waits for the non existent interent to connect. It ignores the available 3G internet.
The workaround: a) turn off the AE's wifi, search the web via 3G b) once I have something to print, turn the wifi back on and print via airprint and the AE's wifi to the printer.
The question: Is there a way to turn off the AE's internet access. Using Airport utility, I have tried setting Bridge mode and static IPs to no avail. There is no turn-the-internet-off tick box.
In the ideal setup I would like the ipad 2 to search the web via 3G only (straight away versus waiting vainly for the AE to find it!!) and then print the results via the AE's wifi and airprint without having to toggle wifi on and off all the time.....
Thanks in advance,
Bill...

Hi,
You can consider to configure the Forefront TMG Arrays or NLB.
Planning for Forefront TMG server high availability and scalability
http://technet.microsoft.com/en-us/library/dd897010.aspx
Thanks.
Jeremy Wu
TechNet Community Support

BAD_CERTIFICATE error calling a web service over SSL in ALSB 2.6

We have a business service on an ALSB 2.6 server (running on WL 9.2.1) that connects to a web service over SSL. When we try to run it, we get the following exception:
<Sep 17, 2009 7:49:17 AM PDT> <Error> <ALSB Kernel> <BEA-380001> <Exception on TransportManagerImpl.sendMessageToService, com.bea.
wli.sb.transports.TransportException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
com.bea.wli.sb.transports.TransportException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
at com.bea.wli.sb.transports.TransportException.newInstance(TransportException.java:146)
at com.bea.wli.sb.transports.http.HttpOutboundMessageContext.send(HttpOu
tboundMessageContext.java:310)
at com.bea.wli.sb.transports.http.HttpsTransportProvider.sendMessageAsync(HttpsTransportProvider.java:435)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
Truncated. see log file for complete stacktrace
javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
Truncated. see log file for complete stacktrace
This exception only occurs when hitting the web service through the bus. I have written a standalone Java application that posts to the web service and it works fine. I ran the application on the server where the ALSB is running using the same jdk (1.5.0_06 - the version that ships with 9.2.1) and the same cacerts file so I know it's not a problem with the certificate not being trusted. I have tried updating the cacerts file to the latest one distributed with JRE 1.6 and it still doesn't work.
After 8 hours of troubleshooting, I'm out of ideas. Does anyone have any suggestiosn?
Thanks.
Matt
Edited by: user6946981 on Sep 17, 2009 7:58 AM

Are you sure that your standalone application is using the same keystore (eg. cacert)? Default WebLogic configuration uses different keystore (demo).
I saw BAD_CERTIFICATE error only once and the cause was in keytool that somehow corrupted certificate during import. Deleting and importing certificate again helped me, but I doubt you have the same problem as your standalone application works.
Another idea ... Is hostname varification used? I know that the error message would look different if this was the cause, but try to add this parameter to your weblogic startup script: -Dweblogic.security.SSL.ignoreHostnameVerification=true
Last but not least, there is difference between your standalone application and ALSB runtime as WebLogic uses Certicom SSL provider. If you don't find the reason, contact Oracle support. Maybe they can help you to tweak Certicom provider in some way.

Pdf error in printing in WEB UI via transaction launcher

Hi Experts,
We have created a custom report program in CRM 2007. We are launching it from WEB UI via transaction launcher. When we try to print the report output, it displays the standard print dialog box. The moment we select output device = LOCL for local printer and click on Continue button,it launches two new windows:-
a) One window is for WEB UI with message-The formatted data will be displayed in this window; wait and do not close the window
b) Second window is ADOBE PDF window with information message-Adobe Reader could not open 'frontend_print[1].pdf' because it is either not a supported file type or because the file has been damaged.
In the end, user is not able to print the report. Now my doubts are:-
What is the link between print button and pdf? Why is it going to ADOBE? Something to do with WEB UI? If we launch SAP GUI, go to SE38 and execute the report program, we are able to print the output successfully.
Please give me some pointers to proceed forward.
Thanks
Rohit

HI Rohit,
My blog can answer your questions.
http://wiki.sdn.sap.com/wiki/display/CRM/AdobeFormsin+WebUI
Cheers, Satish

Coldfusion 11 - Web Sockets via SSL

Similar Messages

Maybe you are looking for