Communication through SSL ...

Similar Messages

• How to enable SCCM 2012 clients to get Windows Updates through SSL VPN

  I would like my SCCM 2012 client laptops to get Windows Updates through SSL VPN.
  I suppose I need to add VPN Subnet in my boundary and boundary group.
  What other setting I need to enable?
  At this moment, on the 'Software Update Point Component Properties' "Allow intranet-only client connections" radio button is active. Do I neeed to select "Allow both intranet and internet client connections" and Enable SSL communications
  for the WSUS server?
  or are there something else I need to check?

  No, a VPN client is no different than a client connected internally as far as the network is concerned and as far as ConfigMgr is concerned there is no way to explicitly know any different. Internet clients literally are those that connect via the Internet
  using IBCM.
  Jason | http://blog.configmgrftw.com

• Directory replication among DC through SSL ports

  We have a customer who has a requirement to secure AD replication among DC's through SSL ports. We have tried to convince them that replication that is happening follows kerberos authentication and data is in encrypted format, but still they are asking whether
  replication can happen through SSL port or not. 
  Their requirement involves customization of AD which I am not sure if possible. 
  Also if this is not possible they are asking for a technet article in relevance to that.
  Seeking for support!
  Regards,
  Ankur

  Hiya,
  The answer is no.
  The replication traffic itself is already secure, as it is performed using Kerberos, which is an encrypted protocol. Furthermore internal traffic between geographically dispersed sites should be done using VPN, MPLS or similar inclosed network protocol,
  which is also encrypted. DC replication traffic should be considered internal traffic and should only be performed on internal networks.(traffic on a VPN/MPLS is considered internal in that sense)
  So by default, when installing your DC's, the replication traffic between these DC's is already secure.
  DNS has no need for secure communications, it's a name to IP repository. If you don't want people to use your DNS, don't allow them to use it.
  LDAP can be changed to use LDAPS instead, however it requires client compatibility.
  Kerberos is by default a secure protocol. - And this is the protocol used for replication.

• Calling a web service through SSL via a stand alone java class

  HI,
  I am trying to call a web service through SSL via a simple stand alone java client.
  I have imported the SSL certificate in my keystore by using the keytool -import command.
  Basically I want to add a user to a group on the server. Say I add a user user 1 to group group 1 using an admin userid and password. All these values are set in an xml file which I send to the server while calling the server. I pass the web service URL, the soap action name and the xml to post as the command line arguments to the java client.
  My xml file(Add.xml) that is posted looks like :
  <?xml version="1.0" encoding="UTF-8"?>
  <SOAP-ENV:Envelope
  xmlns:xsi = "http://www.w3.org/1999/XMLSchema-instance"
  xmlns:SOAP-ENC = "http://schemas.xmlsoap.org/soap/encoding/"
  xmlns:SOAP-ENV = "http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:xsd = "http://www.w3.org/1999/XMLSchema"
  SOAP-ENV:encodingStyle = "http://schemas.xmlsoap.org/soap/encoding/">
  <SOAP-ENV:Body>
  <namesp1:modifyGroupOperation xmlns:namesp1 = "/services/modifyGroup/modifyGroupOp">
  <auth>
  <user>adminUser</user>
  <password>adminPassword</password>
  </auth>
  <operationType>ADD</operationType>
  <groupName>group1</groupName>
  <users>
  <userName>user1</userName>
  </users>
  </namesp1:modifyGroupOperation>
  </SOAP-ENV:Body>
  </SOAP-ENV:Envelope>
  I call the client as:
  java PostXML https://com.webservice.com/services/modifyGroup "/services/modifyGroup/modifyGroupOp" Add.xml
  I my client, I have set the following:
  System.setProperty("javax.net.ssl.keyStore", "C:\\Program Files\\Java\\jre1.5.0_12\\lib\\security\\cacerts");
  System.setProperty("javax.net.ssl.keyStorePassword", "password");
  System.setProperty("javax.net.ssl.trustStore", "C:\\Program Files\\Java\\jre1.5.0_12\\lib\\security\\cacerts");
  System.setProperty("javax.net.ssl.trustStorePassword", "password");
  But when I try to execute the java client, I get the following error:
  setting up default SSLSocketFactory
  use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
  class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
  keyStore is : C:\Program Files\Java\jre1.5.0_12\lib\security\cacerts
  keyStore type is : jks
  keyStore provider is :
  init keystore
  init keymanager of type SunX509
  trustStore is: C:\Program Files\Java\jre1.5.0_12\lib\security\cacerts
  trustStore type is : jks
  trustStore provider is :
  init truststore
  adding as trusted cert:
  init context
  trigger seeding of SecureRandom
  done seeding SecureRandom
  instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
  main, setSoTimeout(0) called
  main, setSoTimeout(0) called
  %% No cached client session
  *** ClientHello, TLSv1
  RandomCookie: GMT: .....
  Compression Methods: { 0 }
  [write] MD5 and SHA1 hashes: len = 73
  main, WRITE: TLSv1 Handshake, length = 73
  [write] MD5 and SHA1 hashes: len = 98
  main, WRITE: SSLv2 client hello message, length = 98
  [Raw write]: length = 100
  [Raw read]: length = 5
  [Raw read]: length = 58
  main, READ: TLSv1 Handshake, length = 58
  *** ServerHello, TLSv1
  %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
  ** SSL_RSA_WITH_RC4_128_MD5
  [read] MD5 and SHA1 hashes: len = 58
  [Raw read]: length = 5
  [Raw read]: length = 5530
  main, READ: TLSv1 Handshake, length = 5530
  *** Certificate chain
  chain [0] = ...
  chain [1] = ...
  chain [2] = ...
  chain [3] = ...
  main, SEND TLSv1 ALERT: fatal, description = certificate_unknown
  main, WRITE: TLSv1 Alert, length = 2
  [Raw write]: length = 7
  0000: 15 03 01 00 02 02 2E .......
  main, called closeSocket()
  main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  main, called close()
  main, called closeInternal(true)
  main, called close()
  main, called closeInternal(true)
  main, called close()
  main, called closeInternal(true)
  Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.c
  ertpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
  at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
  at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
  at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
  at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
  at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
  at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
  at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
  at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
  at java.io.BufferedOutputStream.flush(Unknown Source)
  at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:506)
  at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2110)
  at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1088)
  at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
  at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
  at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
  at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
  at PostXML.main(PostXML.java:111)
  Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find v
  alid certification path to requested target
  at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
  at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
  at sun.security.validator.Validator.validate(Unknown Source)
  at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
  at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source)
  ... 18 more
  Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
  at java.security.cert.CertPathBuilder.build(Unknown Source)
  ... 23 more
  I do not know where I have gone wrong. Could someone point out my mistake.
  Thanks In advance!

  Hi jazz123,
  There's an example in the [*Java Web Services Tutorial*|http://java.sun.com/webservices/docs/2.0/tutorial/doc/] : see Chapter 1: Building Web Services with JAX-WS - A Simple JAX-WS Client.

• How do I restrict access to JSP or servlet only through SSL Port

  Hi
  I want to restrict the access to few jsp and servlet only through SSL port,
  so how can I block the acces to those jsp and servlet through normal port??? We
  are using weblogic 5.1.
  Any help on this highly appreciated.
  Aruna

  Hi,
  To restrict access(56 bits or less). follow the below steps.
  1. Go to your Webserver instance ServerManager
  2. Click Preferences Tab ------> Encryption Preference
  ------> There disable "DES with 56 bit
  encryption and MD5 message authentication."
  for SSL 2.0 ciphers or SSL3.0 Ciphers. Which ever
  needed.
  3. Save and Restart the Webserver instance.
  The above steps are for 4.x version.
  Thanks,
  Daks.

• OIM AD password Sync connector. Connection to AD through SSL

  Hi.
  I am trying to configure AD password sync connector 9.1.1.5 with patch 14627510 to connecto to AD through SSL.
  At this moment, connector is able to connect to OIM through SSL but not to the AD. If i set AD port number to 389 on the connector configuration, everything works fine.
  If i set it to 636, it is not able to connect to the AD.
  I've imported the AD SSL certificate to <connector install directory>\OIMADPasswordSync\_jvm\lib\security\cacerts and restarted the domain controller but still no luck.
  To test that the certificate and everything else is OK, i've also installed a jxplorer and imported the same certificate into <jexplorer install directory>\jxplorer321\security\cacerts. Jxplorer is able to connect to the AD through SSL on port 636 so user credentials, certificate, etc.. are ok
  Connector documentation doesn't mention anything regarding SSL connection to AD, it only describes SSL connection to OIM.
  Anyone has donde this before? Is there any additional step i should follow to enable SSL connection from AD password sync connector to AD? Does the connector support SSL connection to AD?
  Regards.

  have you tried importing the cert in cacerts under $JAVA_HOME?

• UDP communication through proxy

  Hello,
  I've been struggling for hours now trying to work out how to use UDP communication through a proxy. It took me quite a bit of work to get it working for HTTP, but it's working fine now.
  I'm trying to use the DatagramSocket class and there's no option to use a proxy anywhere. I tried setting the proxy globally by doing:
  properties.put("proxyHost", "proxyAddress");
  properties.put("proxyPort", "proxyPOrt");
  properties.put("proxySet", "true");
  but it doesn't work. I get errors on name resolution when I try to connect.
  I'm looking for a global (programmatical) way to set up the proxy, so that I can use the InetAddress too to get IP addresses and such.
  Cheers.

  properties.put("proxyHost", "proxyAddress");
  properties.put("proxyPort", "proxyPort");Those two properties are just equivalents for http.proxyHost/proxyPort. They come from the defunct HotJavaBean (1997-8) and somehow leaked into the JDK, maybe because books of the era mistakenly documented them as part of the JDK, or maybe because part of the HJB implementation leaked into Java.
  properties.put("proxySet", "true");That property has never done anything in the JDK. It did something in the HJB which is no longer with us ...
  There is no support for UDP proxying in Java.
  but it doesn't work. I get errors on name resolution
  when I try to connect.That's a DNS topology issue, nothing to do with proxying really.

• Access webservices through SSL

  HI!
  I want to access webservices through SSL. I could config the SOA suite to connect to (for example) Enterprise Manager Console through SSL (https://localhost:4443/em), but when I want to try to access a webservice through SSL (https://bonus4:4443/CreditService/ValidateCreditCardServiceSoapHttp?wsdl), I get the next error:
  404 Not Found
  Resource /j2ee/CreditService/ValidateCreditCardServiceSoapHttp not found on this server
  What can I config on SOA Suite(10.1.3.1.0) to use the webservices through SSL?
  Thanks You very much, it would be a big help for me!
  Viktor

  Hello,
  I would invite you to read this blog entry on the subject, it is using stand alone OC4J but the idea is the same using OracleHTTP Server:
  - Using HTTPS with Web Services
  Could you clarify if you are using OHS or OC4J HTTP server?
  Regards
  Tugdual Grall

• Communicating through the iPhone photos app

  I upgraded my iPhone and gave my wife the old one. How do I change my name to hers on the photos app? She has her own account and so forth. It is only the photos app that still thinks it is my phone.

  Hi, AyaniB_VZW
  The app on her iPhone is called Photos, not iPhoto. (It is one of the apps
  that comes with the iPhone, and it cannot be deleted and reinstalled.) I
  reset the phone to factory settings before activating it for her. In fact,
  I did it again yesterday, just to make sure.
  Jursi
  2013/10/16 Verizon Wireless Customer Support <[email protected]>
      image: Verizon Wireless Community<http://community.verizonwireless.com>  <http://www.verizonwireless.com/b2c/index.html>
  <http://www.verizonwireless.com/b2c/explore> <http://www.verizonwireless.com/b2c/store/controller?item=phoneFirst&action=viewShopIndex> <https://wbillpay.verizonwireless.com/vzw/nos/topline.jsp> <http://support.verizonwireless.com/clc/>    Re:
  communicating through the iPhone photos app  created by Verizon Wireless
  Customer Support<https://community.verizonwireless.com/people/vzw_customer_support>in
  Apple - View the full discussion<https://community.verizonwireless.com/message/1008320#1008320>

• How are we every supposed to develop a community through Ping?!

  I could give a crap if this is a sound statement or not, I run a few mixes that I update frequently through Ping and the server is so slow and does not update effectively when creating or managing playlists! How the **** are we ever supposed to develop a sense of community through Ping when its this awful!!? Comon Apple, you can do better than this!!

  http://www.apple.com/feedback/itunesapp.html

• Communication through contextual events in ADF 11g?

  hi everyone ,
  I have a requirement that i have to establish a communication between two taskflows and communication between page and the two taskflows at a time through contextual events
  I'm able to establish a communication between two taskflow regions but when it comes to establish a communication between a page and two taskflows at a time the two taskflows are rendering but the region in page s not
  (when i click deptno in taskflow region ,the employee table is displayed according to the deptno in another taskflow and the region contains output text is not at all rendering according to the deptno)
  plz do this needful
  thanx in advance

  Hi,
  contextual events are between active PageDef files. This means that if a task flows is not displayed on a view, then it is not included in contextual event communication.
  Frank

• Labview was blocked when building communication through TCP/IP

  I am trying to transfer data between a Labview system with Win2k and a RT system on PXI controller through TCP/IP. A problem is that when the Labview program started to build the communication to RT, the other Labview programs are all blocked. Howerver, the other application programs except Labview are running properly.  

  Thank you Mike.
  I am trying to transfer data through TCP/IP and Ethernet. The source is a Labview RT program in a PXI controller, and the receiver is a Labview 6.1 program in a workstation with Win2k, and here we focus on the program in the workstation. Besides the communication program, some other Labview programs are also running in the workstation in the mean time.
  The problem occurred at the beginning of the TCP connection: during the following several seconds after the communication program started, I cannot access any of the Labview programs (no response when click on any Labview program). Meanwhile, I found that the CPU usage and memory usage were in normal level and I can access any other windows application program properly. So it seems that the communication program held up all the LabVIEW programs when it started to build connection. Do you have any idea?
  Pierce

• Flexiable Communication through TCP/IP or RS-485 using VISA

  I am trying to create a flexiable distributed application that can communicate over RS-485 or TCP/IP visa.  The application has a basic Host / Client(Listener) type of Architecture.  What I would like to be able to do is simply to change my Visa resource name from [Com4] to [TCP::192.168.1.10::3000::socket] and seemlessly change communication protocals.  The problem I am running into is creating a flexiable visa listener.  I tried using the visa events vi's, but I don't know what the syntax of the visa string should be.  Any thoughts or clarifing questions would be apprecaited.

  Hi,
  I am using Compact FieldPoint 2120 with analog I/O to control a robot arm and i am trying to interface a third party device such as a mobile phone (using Java) to program and control the rotation of each joint of the robot arm. I understand this process can be done through TCP/IP or usign DSC software.
  For example:
  Hosting on TCP port (?) and use the syntax
  [newline]::[joint number]::[degree of freedom]::[set to angle in degrees]::
  [arm number] = an ascii value 1 or 2 to determine which arm.
  [joint number] = an ascii number value.
  [degree of freedom] = ascii value x,y or z.
  [set to angle in degrees] = ascii value between 0 and 360.
  The true is that i have no clue how to set up the interface steps and i will appreciate if someone can suggest an easy way of doing the above steps and which software to use. I am currently using LabVIEW 8.20 for building the control model for the robot arm.
  Many thanks
  Bakari

• Connecting to Tibco JMS through SSL

  Hi,
  How to we connect to a Tibco JMS Provider using SSL through OAS 10.1.3. Is there a way to configure OAS to use SSL when connecting to Tibco JMS Provider.
  Thanks

  Did you figure out a solution for this? I have the same need and I'm investigating using JAAS configuration to accomplish.

• Communication through RS232c serial interface using labview

  i am trying to communicate with a device through RS232c serial interface using labview 6.1....i have tried to run the example "Serial communication.vi" provided in 6.1 and it doesnt work....do i need any special hardware or do i need to configure my hardware to communicate through RS232c...
  thanks in advance
  shri

  Seems like I placed a small (maybe 30ms) delay at the end of the serialcommunications.vi structure.. for some reason my PC didn't like running as fast as it tried to go. Also look into the actual serial communication.vi and open the vi's inside it - check that the port setting (0 or 1) are ok, the baud rate (probably 9600) are ok. I'm running with only three wires in my application, TX, RX and Common. The PC may need to be rebooted to enable the com port - or use device manager and see if it says the com ports 0 and 1 are both OK..
  Try buildinga loopback plug with TX to RX, RX to TX, and Common to Common and see if hyperterminal (or other serial communications program works - there is also Loopback.VI in the NI library somewhere that can be used. Good Luck!! Dave