Configure SSL enabled communication issue

Hi Experts,
I'm having this wierd issue.. Installed SharePoint like for the 10th time in my life or so. But this time when I was doing this "Configure SSL enabled communication" steps the Powershell window just hangs forever.
PS C:\FASTSearch\installer\scripts> .\SecureFASTSearchConnector.ps1 -certPath "C
:\FASTSearch\data\data_security\cert\FASTSearchCert.pfx" -ssaName "FAST Content"
-username "domain\user"
Enter the certificate password: **********
Installed certificate.
Updated acls on certificates private keys.
Nothing happens after that. It usually will say the below but it freezes for me.
Updated acls on certificates private keys.
Your FAST Search Connector has been setup to use certificate, restarting osearch14.
Connection to contentdistributor host:port successfully validated.
Until I restart the osearch14 manually from services. But after that the contentsource page is never opening up for me.
I'm I missing something obvious? Or I'm I facing some premission realted issues? nctrl status shwoings everything is running. Any pointers will help.
Thank you.
Freddie Maize ..A story with Glory is History. Doesn’t matter whether Glory rest in the world of Demon or God. Lets create History..

Thank you for your response.
Yes I have set the particular proerty SSLAlwaysNegoClientCert to True and it is able to establish the ssl conneciton without initiating renegotiation from IIS server side.The property has to be set the metabase.xml file.
Thank you very much once again.
Edited by: arpitak on Jun 23, 2010 2:10 AM

Similar Messages

Facing issue when LDAPSync is enabled for OIM-AD integration with SSL enabled

Hi
We are performing LDAPSync for OIM AD real time sync.We have done all configuration as per oracle documentation on LDAPSync for OIM 11gR2 : http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/oid_oim.htm The OIM environment we tested is the latest OIM version OIM 11gR2 PS1 (11.1.2.1.0).
WE have performed LDAPSync enablement on postinstallation of OIM .So we dont have OVD , we have configured libOVD as mentioned in this doc.
We have performed following steps mentioned in this document in our OIM environment.
3.1 Enabling Post installation LDAP Synchronization
3.3 Creating Identity Virtualization Library (libOVD) Adapters and Integrating With Oracle Identity Manager
As attribute like password might be not getting updated in AD from OIM , we have configured SSL enabled integration in LDAP sync as mentioned in above document.
We implemented this step 3.4.1 Enabling SSL Between Identity Virtualization Library (libOVD) and Microsoft Active Directory,
but here it is not properly mentioned that about how to import public key certificate of AD into OIM envirioment for SSL.
We are getting following error message in logs : Looking at logs it looks like the import of AD SSL certificate did not happen properly in OIM environment. But ,we have imported it using keytool and OVD keystore ...please let us know if we are missing any configuration in this process.Above oracle document is not pretty clear on this.
<Dec 7, 2013 12:22:53 AM IST> <Warning> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.BackendJNDI> <OVD-40118> <Could not automatically detect binary attribute list: simple bind failed: 10.88.164.231:636.>
<Dec 7, 2013 12:22:53 AM IST> <Warning> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.JNDIConnectionPool> <OVD-60024> <Connection error: simple bind failed: 10.88.164.231:636.>
<Dec 7, 2013 12:22:53 AM IST> <Error> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.BackendJNDI> <OVD-60143> <[#LDAP2] Unable to create connection to ldap://[10.88.164.231]:636 as null.
javax.naming.CommunicationException: simple bind failed: 10.88.164.231:636 [Root exception is javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.createCtx(JNDIConnectionPool.java:463)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.create(JNDIConnectionPool.java:494)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.<init>(JNDIConnectionPool.java:156)
at oracle.ods.virtualization.engine.backend.jndi.RemoteServer.getJNDIConnectionPool(RemoteServer.java:163)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:984)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:927)
at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.getHolder(ConnectionHandle.java:415)
at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.search(ConnectionHandle.java:250)
at oracle.ods.virtualization.engine.backend.jndi.JNDIEntrySet.initialize(JNDIEntrySet.java:219)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.get(BackendJNDI.java:728)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:303)
at oracle.ods.virtualization.engine.chain.BasePlugin.get(BasePlugin.java:89)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
at oracle.ods.virtualization.engine.chain.BasePlugin.get(BasePlugin.java:89)
at oracle.ods.virtualization.engine.chain.plugins.usermanagement.UserManagement.get(UserManagement.java:742)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
at oracle.ods.virtualization.engine.chain.PluginChain.runGet(PluginChain.java:211)
at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:351)
at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:316)
...more
Caused By: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1731)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1692)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1675)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1601)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:94)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:414)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:387)
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.createCtx(JNDIConnectionPool.java:463)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.create(JNDIConnectionPool.java:494)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.<init>(JNDIConnectionPool.java:156)
at oracle.ods.virtualization.engine.backend.jndi.RemoteServer.getJNDIConnectionPool(RemoteServer.java:163)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:984)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:927)
...more
Caused By: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:57)
at sun.security.validator.Validator.getInstance(Validator.java:161)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:108)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:204)
at oracle.ods.virtualization.engine.util.OVDTrustManager.checkServerTrusted(OVDTrustManager.java:99)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1198)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:89)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
Let us know for any helpful pointers on this
Thanks in advance,
RPB25

Use the steps given below to perform import public key certificate of AD into OIM envirioment for SSL
Obtain the AD Certificates from the AD Administrator.
Copy the AD Certificates to the directory /jrockit-jdk1.6.0_20/jre/lib/security
Run the following command to import all the certificates
/jrockit-jdk1.6.0_20/bin/keytool -import -alias <provide_alias> -file <file-name> -keystorecacerts -storepasschangeit
4. The CA certificates are now present in the trust store.

Urgent JMS issue with SSL-enabled cluster

Hello, dear All!
We have deployed a SAP WebAS SP13 SSL-enabled cluster (2 servers) and face the following strange behaviour:
When both servers are running our queue-based message driven beans (MDB EJBs) never get any messages.
However, JMS topic subscriber threads (not implemented as MDBs) work fine on both servers and receive JMS broadcasts. As well web-initiated JMS queue browsing works fine.
Then if only one (central) server is up, queue-based MDBs work fine and start receiving messages...
If you know or guess what might be an issue it would be greatly appreciated!
Thank you and best regards,
-Yuri

Hi!
Yes, I solved this problem. You have to set your certificate to the LDAP server and get SSL enabled. You should also add same certificate to your jdk's cacerts file. That should help. :)
Janne

How to enable UWC with SSL on Communication Suite 5?

Sorry for asking this FAQ level question at first.
I have watched this for almost one year but still have problem for enabling UWC + SSL + Self signed certificate.
Would have user to login into https://abc.com/uwc then use the messenger and calendar servers from one single uwc interface, all the connections are secured.
Is there any step-by-step procedure for reference? I appreciate for your help.
The application software is JCS 5.
Best regards,
Robert
Edited by: Robert_Chang on Apr 8, 2008 10:24 AM

Robert_Chang wrote:
Sorry for asking this FAQ level question at first.
I have watched this for almost one year but still have problem for enabling UWC + SSL + Self signed certificate.Let me just point out that using self-signed-certificates are not a good idea in a production environment. They can cause a number of headaches (e.g. trust relationships between products) and don't offer the same level of security/verification as a proper CA signed cert.
Would have user to login into https://abc.com/uwc then use the messenger and calendar servers from one single uwc interface, all the connections are secured.
Is there any step-by-step procedure for reference? I appreciate for your help.There isn't one -- I have been meaning to write one but it's an extremely time consuming process and I haven't gotten around to it.
Where it gets complex is if you messaging/calendar on different hosts (hence different certificate names), including LDAP SSL as well (UWC->LDAP, Messaging->LDAP, Calendar->LDAP), Outlook Connector using SSL, Access Manager using SSL, configuring SSL during initial installation vs. post-installation, renewing SSL certificates, problems when SSL certificates expire and so-on...
I may end up writing a guide for the next release (if time permits).
Regards,
Shane.

Steps to configure Weblogic 10.3 with SSL enabled Sybase 12.5

In WLS 10.3, there is a new feature for supporting the SSL encryption on Sybase 12.5.4.
I want to connect from Weblogic 10.3 to the SSL enabled Sybase 12.5.4.
Can any one please provide the step by step instructions for how to configure on the Weblogic 10.3? Do I need to create any custom class for this?
Thanks

Here is an example of connecting using the Sybase driver.
SybDriver sybDriver = (SybDriver)
Class.forName("com.sybase.jdbc3.jdbc.SybDriver").newInstance();
sybDriver.setVersion(com.sybase.jdbcx.SybDriver.VERSION_6);
DriverManager.registerDriver(sybDriver);
Connection conn = DriverManager.getConnection
("jdbc:sybase:Tds:<host>:5000?ServiceName=<dbname>",<user>,<passwd>);Not sure that the setVersion() call is absolutely necessary.

SSL SSO Communications Suite 2005Q4 setup

I posted this a few days agao on google groups and have not gotten any responses. Can anyone tell me if its possible to do SSl SSO on Communications Suite. I just want my users to access Communications Express [uwc] with mail and calendar using SSL.
I have Messaging Server 6.2-3.04 (built July 15 2005)
Thanks in advance.
-James
SSL SUN Communications Suite 2005Q4
Only 1 message in topic - view as tree
From:          jamturtle - view profile
Date:          Mon, Apr 3 2006 3:48 pm
Email:           "jamturtle" <[email protected]>
Groups:           comp.sys.sun.apps, comp.sys.sun.admin, comp.unix.solaris, comp.unix.admin
Not yet rated
Rating:
show options
Reply | Reply to Author | Forward | Print | Individual Message | Show original | Remove | Report Abuse | Find messages by this author
Does anybody know how to setup step-by-step SSL and SSO on SUN's
Communications Suite? I am using [or rather testing] The following
products: Calendar Server 6, Messaging Server 6, Communications Express
6, Web Server 6.1 and Access Manager 7. All on just one machine.
I have managed to get Single Sign-On working fine with Comm Express but
I can not seem to manage to get it working with SSL. I mainly want to
run https via Comm Express to access messenger and calendar. This works
great on http.
I have also read [and read] SUN's documentation about setting up SSO
with SSL but that is a bit confusing [to say the least]. I found in the
Comm Express Admin Guide:
Messaging SSO is not supported in SSL.
Work around
To support Messaging SSO with SSL perform the following steps:
How to enable Messaging SSO with SSL
1. Configure Web Server in SSL mode.
2. Configure Communications Express for SSL port of Web Server.
3. Set uwcauth.ssl.enabled=true.
4. Set uwcauth.https.port to SSL port of Web Server.
5. Enable Messaging Server in SSL mode.
6. Set the webmail.port in uwcconfig.properties to SSL port of
Messaging Server.
7. Provide messagingsso.ims.url to Non SSL port of Messaging Server
8. Install the Certificate Management Server root Certificate Authority
(CMS root CA) on both Web Server and Messaging Server.
9. Restart Web Server.
10. Provide a value to local.webmail.sso.ims.verifyurl pointing to Non
SSL port of Messaging Server.
11. Restart Messaging Server.
The problem here is what is meant by "CMS root CA" ?? of course when
searched on Google I get the Communications Express Admin Guide lol :^)
Anyways I got a Thawte Cert for the web server, this seems to work fine
and the "uwc" login page works fine too. Now what do I do to get
messenger to work? Get another Cert?? It says "install CMS root CA on
both Web Server and Messenger" how??? maybe I need to create self
signed certificates??
I need to have calendar working too, there is a SSL setup for calendar
but will it run with SSO uwc??
I also run into the problem in the Admin Guides of using "iplanet
console" to manage certs and some other features, what is this? of
course I can't find it or SUN has changed its name [but still suggests
to use it].
Well I am a bit frustrated, maybe something I am missing or not read
correctly [my apologies]. I do not think this to be uncommon to want an
integrated mail and calendar application running SSO and SSL. So if
anybody knows an easy step-by-step setup or a link to such a thing
please let me know. I am not new to Unix nor Solaris but definitely
know little about Communications Suite [or maybe SUN has changed that
name too :^(
Thanks in Advance
-James

Thanks Jay but I think we are now digressing. I am
sorry if it sounds like I am complaining, I just want
to figure out to how to make this work. Someone must
know how to set this up step-by-step. I think I
understand the difference between SSO and SSL and
that they are not interchangeable, I want both to
work.
If I was to use only ME then I don't need SSO, I
would just use it with SSL, which I still have not
figured out how to do, because I do not know where to
find iPlanet Console???Iplanet Console may be found in your Directory SErver install. command, "startconsole:
You do not need to use Console for anything.
You can use "certutil" to manipulate certificates, should you prefer to do that.
You can use "configutil" to change config settings.
do you know where it should
be, is there a default path? Does it install with ME?It's really the Directory Server console. You have it.
Can I download it?
I also understand that the benefit of SSO is not to
have to sign on several times and that in my case we
are talking about 3 different pieces of software, CE,
ME and Calendar [plus Access Manager].
I am running my system with SSO on CE, ME and
Calendar and it works great. I wish to offer this
setup so my users can access both mail and calendar
via one web interface, just like hotmail, yahoo etc.
I also want remote users to access the same web
b interface via SSL [their passwds will have some
level of security]. As usual, you need to take these one step at a time. First, get your SSL working. Then get CE working. Then follow the documentation to get SSO working. It does work. Many others have been successful getting it all to work.
The reason I asked about possibly another SUN product
is because I have setup other products like IMP and
Zimbra via SSL and they work in this fashion.
I am fairly sure this is possible with these SUN
products but I am still trying to figure out how to
do it.
This is why I am asking if anybody has any experience
setting up this combination of products in this
fashion, please let me know or guide me in the right
direction.
Thanks in advance
-James

What should be done in certmap.conf for 2-way SSL support from a standalone Java application to an SSL enabled LDAP Server

To support certficate based client authentication using 2-way SSL from a standalone java application which uses JNDI and JSSE1.0.2 to connect to an SSL enabled LDAP Server how do we configure the certmap.conf?Is there any additional setup required at the LDAP Server side apart from enablinf SSL with the option"Required Client Authentication" enabled.The 2 way SSL handshake goes through but the access log file (After configuring the certmap.conf for the issuer DN of the client certficate etc..)shows SSL failed to LDAP DN?But inspite of this access log error the Java client does get an SSL Connection object with which it is able to connect to the LDAP.IS the certmap.conf file being looked up by the LDAP Server at all?

have you out.flush() and out.close() before you call connection.getInputStream()?

Problems in accessing an SSL enabled site through Weblogic 6.1

Hi,
We want to connect to an SSL enabled site (https://test.SalesForce.com) through Weblogic 6.1. We are using JDK1.3.1_08 and Apache axis.
We have followed the appropriate steps explained in the URL -
http://www.pankaj-k.net/WSOverSSL/WSOverSSL-HOWTO.html
As mentioned in the above link, we made the configurations in JDK 1.3.1_08 to put the jsse.jar and other important JARs in jre\lib\ext folder and also updated the java security file to add the proper "Provider".
After that we tried to execute the test application to connect to an SSL site specified in it. It is a stand alone Java application and connects to the site and reads the bytes of the home page and displays them on the console.
When we tried to connect the SalesForce test site, we figured out that we were able to connect to the site and were able to read entire stream of bytes.
Then we copied the same code in a sample JSP, set the JDK1.3.1_06 as the JAVA_HOME for Weblogic6.1 and tried to connect to our test site through that JSP.
We observed that it is connecting to the site but reading just a few initial bytes and not the entire stream.
When we tried the same steps with Weblogic8.1 and JDK1.4.2_X, it works fine and reads the entire page with Weblogic8.1 as client.
So, we observed that the standalone application works fine with JDK1.3.1_08, it also works fine on the the Weblogic 8.1 and JDK1.4.2_x combination, but when we use Weblogic6.1 and JDK1.3.1_08, it does not work properly.
Is there any setup issue in Weblogic 6.1 regarding connecting to a SSL enabled site?
Our actual problem scenario is a bit different than this, but we are sure that it is related to this situation and a solution to this problem can resolve the actual problem.
Another question we have is do we need to configure SSL in Weblogic 6.1 and also care for installing certificates evenif Weblogic 6.1 in this case is a mere client?
We have tried to connect to the same site using Weblogic 8.1 and JDK1.4.2_X. We did not require any kind of certicates in that case. Hence I want to clear my doubt.
Please help.

Hello,
Just wondering if you ever found a solution to this problem. We are suffering just about the exact same issue, where our environment with WebLogic 6.1 SP4 cannot access an SSL enabled site, but our WebLogic 8.1 SP2 upgrade environment can. The only difference we've been able to pinpoint is that our 6.1 server connects via TLS1.0 (SSL3.1) and our 8.1 server connects via SSLv3 (SSL3.0). Does anyone know how to control which version of SSL WebLogic 6.1 uses?

SSL Enabling Shared Services and Active Directory

The SSL config guidfe suggests that a valid certificate (CA) must be issue for User directories (MSAD/LDAP), Web and application servers. Is it essential to obtain a CA for for MSAD as well? Can we do without MSAD cert? We have the certs for our Web and App layers ready. We are not sure if the IT department has SSL configured MSAD. If MSAD/LDAP is not SSL configured - can we still go about SSL-Enabling Hyperion? Thanks.
-- Srini

If your MSAD is set for SSL, you can import their certificates through your Java Application Server. Since you are unsure, I would set up MSAD and if you are able to browse for users on the AD domain in Shared Services, you are good to go.
I must say that SSL is a big pain from my point of view. Unless you are required to encrypt because of the data you have stored, I would pass it up. The certificates often expire on a yearly basis and there are many different certificates to keep track of. Multiply that by Development, Prod, BCP or Recovery server, and you're looking at lots of maintenance.
The big pain comes when the signer certificate for your server expires because after the next reboot or restart of your JVMs, Shared Services starts up but none of the other applications can talk to it which means your whole application is down until you get that certificate fixed. My organization is fairly strict on their controls, so that means that I either make a federal case out of my system being down or I get to wait three days for a change request. Big pain in the rear.

WCF service fronted with SSL enabled NGINX load balancer shows HTTP based WSDL url instead of HTTPS

Hi,
I have WCF service hosted using IIS 8.5 on application server. And application servers are fronted with NGINX load balancer with SSL enabled. Backend communication protocol between NGINX to application server is http.
When customer visits public domain url (https://xxx.com/service.svc), they can see the WSDL url with http://xxx.com/service.svc?wsdl.
What change should I make so that WSDL url will have https instead of http ?
This is service side configuration.
<system.serviceModel>
<services>
<service name="Service.IService">
<endpoint address="" binding="basicHttpBinding" bindingNamespace="http://xyz.com/Service" name="Service_Endpoint" contract="Service.IService" />
</service>
</services>
<bindings>
<basicHttpBinding />
</bindings>
<client />
<behaviors>
<serviceBehaviors>
<behavior>
<serviceThrottling maxConcurrentCalls="5000" maxConcurrentInstances="2147483647" maxConcurrentSessions="5000" />
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
Thanks in advance !!

Hi,
For this scenario, you could just enable SSL in IIS to get HTTPS endpoints. If your service is exposed at https then you configure the same using “httpsGetEnabled”:
<behaviors>
<serviceBehaviors>
<behavior
name="MyServiceTypeBehaviors"
>
<serviceMetadata
httpGetEnabled="true"
/>
</behavior>
</serviceBehaviors>
</behaviors>
For more information, you could refer to:
http://www.codeproject.com/Articles/327260/What-s-new-in-WCF-Automatic-HTTPS-endpoint-for
http://blogs.msdn.com/b/brajens/archive/2007/04/26/accessing-description-metadata-wsdl-of-wcf-web-service.aspx
Regards

SSL enabled directory proxies and F5?

I have two directory proxy 5.2 servers (SSL enabled) and load balanced using F5. The problem is when use LDAP browser to connect to proxy via f5 I couldn't able to establish a connection. But If I connect directly to the DPS I get a cert acknowledgement and on accepting it I could able to query directory server. Should I need to have certs installed in F5's too? Or how is this handled in real world? Even If I install a cert on f5 wouldn't the client get 2 certs to accept? Any thoughts would be of great help?
Thanks.

Mr Upson wrote:
But, I am still confused, why would Apple enable SSL to an option that Microsoft is not even allowing to begin with? If the virtual directory cannot have SSL enabled, why would Apple think differently?
ActiveSync has allowances for SSL for certain components of access. I don't know which parts, but I can assure you that all phones that I have ever dealt with (most of those being windows mobile based) have SSL as the default checked option while configuring
I had a full bar of power this morning that was charged over night and with Active Sync enabled for my Calendar and Contacts, I am now at 10% battery life.
This has become more of a problem than a solution....
I would have no idea what would be causing that. I have full push services on for both exchange (everything synced) alsong side of MobileMe. Now I don't use SSL, but all that does is force communications over a different port - I seriously doubt that usage of data differs weather or not SSL is used or not. I can tell you that I do not experience the same type of drain you describe unless you are heavily using things like you tube other services over WI-Fi.

About the communication issues in the client-server program

About the communication issues in the client-server program
Hi, I have some questions about the communication issues in a java project, which is basically the client and server architecture. In brief, the client, written in java, can be deployed anywhere, and in the following part, assume it is in the LAN (Local Area Network) which is connnected to the internet through the firewall and/or proxy, and the server, written in
java too, simply provides the listening service on a port in a remote machine. And assume the server is connected to the internet directly so that the scenario can be simple to focus on the core questions.
My questions are as follows:
1 About the relationship between the communication port and protocol
Generally, protocols at the application level like HTTP, FTP have their own default port, e.g., HTTP is corresponding to 80,
FTP is to 25. But it is NOT necessary for the web server to provide the HTTP listening service at port 80, right? E.g, Tomcat provides the HTTP listening service at 8080. So it means the default relationship between the application protocl and their port is some routine, which is not necessary to follow, right?
2 Assume a LAN connected to the internet through a proxy, which only allows HTTP protocol, then questions are:
2.1 Does the proxy recognize the HTTP request from the client by the port number (carried in the request string)? For example, when the server provides the HTTP listening service at 80, then the request from the client will include the port number 80, then the proxy will parse such info and decide if or not the request can be out.
2.2 Does the proxy recognize the HTTP request from the client by protocol (carried in the request string)? For example, the protocol used in the communicatin should be included in the request, then the proxy can parse it to make the decision.
3 In java programm, if using the HTTP protcol, then on the client: the corresponding API is java.net.URLConnection, right?
If using the TCP protocol directly, then on the client:the corresponding API is java.net.Socket, right? In both cases, the server side use the same API, java.net.ServerSocket?
Is it correct to say that the communication by Socket is faster than URLConnection?
4 Take MSN messenger for example, which protocol does it use? Since proxy configure is only the possible option, so I guess generally the TCP protocol is used directly so that the better perfomrance can be achieved, right?
5 Given 3 computers within the same LAN, can the client, proxy, server environment above be correctly simulated? If so, can
you recommend me some typical proxy program so that I can install it to configure such an enviroment to perform some test?
6 I guess there should be some software to find out which port number a given program/process is going through to connect to
the remote machine, and which port number a given program/process is listening on? Also, what protocl is used in the given
communication.
7 Finally, regarding each of the above questions, it will be highly appreciated that if you can recommed some references,
tutorials, books etc. In summary, what I care about is how to enable the java client behind the proxy and firewall to
communicate with the remote server without problems, so if you know some good tutorials plz let me know and thx in advance!
Finally, thanks for your attention so such long questions =).

FTP is to 25. But it is NOT necessary for the web
server to provide the HTTP listening service at port
80, right? E.g, Tomcat provides the HTTP listening
service at 8080. So it means the default relationship
between the application protocl and their port is
some routine, which is not necessary to follow,
right?Not sure what you're saying here.
There must be a server listening on some port. The client must know what port that is. If you open the connection using the Socket class, you'll explicitly specify the port. If you use some higher level class like URLConnection or something in the commons Net package, there's probably a default port that will be used if you don't explicitly specify another.
There's no way for the client to know that the HTTP request will go to port 80 instead of port 8080. If you think the the client contacts the server without explicitly naming a port, and then asks the server "get me your HTTP server", and the port is determined from that, you're mistaken.
Not sure if you're thinking that, but it sounded like you might be.
2 Assume a LAN connected to the internet through
a proxy, which only allows HTTP protocol, then
questions are:
2.1 Does the proxy recognize the HTTP request
from the client by the port number (carried in the
request string)? For example, when the server
provides the HTTP listening service at 80, then the
request from the client will include the port number
80, then the proxy will parse such info and decide if
or not the request can be out. I'm not sure, but I think most proxies and firewalls are configured by ports. I thought I'd heard of more sophisticated, higher-level ones that could understand the content to some degree, but I don't know anything about those.
3 In java programm, if using the HTTP protcol,
then on the client: the corresponding API is
java.net.URLConnection, right?That's one way.
You might want to look into this:
http://jakarta.apache.org/commons/httpclient/
If using the TCP protocol directly, then on the
client:the corresponding API is java.net.Socket,
right? In both cases, the server side use the same
API, java.net.ServerSocket? A Java client will user Socket, and a Java server will use ServerSocket and Socket.
Is it correct to say that the communication by Socket
is faster than URLConnection?Probably not.

SSL Required but Microsoft says the directory can't have SSL enabled?

I am confused? iPhone is requiring an SSL connection to the Exchange server, however, Microsoft's KB's are saying the Exchange directory that OMA and ActiveSync talks to cannot have SSL enabled, which means the iPhone will be attempting to sync through port 80?
How are we suppose to use this technology with SSL, if the Exchange directory is configured for non-SSL connections. They are even going as far as telling you to set up a secondary virtual Exchange directory with SSL disabled, leaving WebAccess connections SSL enabled...

Mr Upson wrote:
But, I am still confused, why would Apple enable SSL to an option that Microsoft is not even allowing to begin with? If the virtual directory cannot have SSL enabled, why would Apple think differently?
ActiveSync has allowances for SSL for certain components of access. I don't know which parts, but I can assure you that all phones that I have ever dealt with (most of those being windows mobile based) have SSL as the default checked option while configuring
I had a full bar of power this morning that was charged over night and with Active Sync enabled for my Calendar and Contacts, I am now at 10% battery life.
This has become more of a problem than a solution....
I would have no idea what would be causing that. I have full push services on for both exchange (everything synced) alsong side of MobileMe. Now I don't use SSL, but all that does is force communications over a different port - I seriously doubt that usage of data differs weather or not SSL is used or not. I can tell you that I do not experience the same type of drain you describe unless you are heavily using things like you tube other services over WI-Fi.

Can port 25 be used for SSL-enable SMTP server ?

Hi,
Our customer is using port 25 for a SSL-enabled SMTP server without certificate. When our email client tried to connect to it, the following exception thrown:
DEBUG SMTP: exception reading response: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
Since we don't want to ask our customer to change their port configuration unless absolutely necessary, we did some tests with our own SSL-enabled SMTP server that uses certificate. Here is what I got:
1) with port 25, got the same exception as above;
2) with port 465, worked fine;
3) with any other randomly pick up valid port, worked fine.
This made me wonder if 25 is for non SSL SMTP server ONLY. By the way, I'm using Javamail 1.3.4 and JSDK 1.4.2_02. My question is whether we can configure javamail so that port 25 can be used by SSL-enabled SMTP server?
Your help will be appreciated.

Yes, port 25 is intended for non-SSL servers only, although that doesn't
prevent a client from making a plain text connection and then using the
STARTTLS command to switch the connection to SSL/TLS. JavaMail 1.4
supports that usage.
You can configure JavaMail to use port 25 for SSL connections if you
really want to. JavaMail 1.3.x requires you configure an appropriate
socket factory to get SSL connections; you can configure whatever port
you want for use with that socket factory.

Configure SSL in J2SE Plain adapter

I tryed to configure SSL in J2SE Plain adapter. (7.0)
I've generated a certificate file "certif_file.cer" and
while I put in GUIBrowserEngine Property File the following
line:
HTTP.SSLcertificate=F:\tech_adapter_70\certif_file.cer
I've got the following error message:
16:19:10 : Error(s) in GUIBrowserEngine configuration
parameters found:
ERROR: Certificate file 'F: ech_adapter_70certif_file.cer' not
found, must quit!
It seems that something wrong with my definition of full path
to this file. But I do not find from SAP Library any solution
about this problem.
Could you help me?

Hi Boris,
Please try to give the full path using backslash '/' :
e.g. F:/tech_adapter_70/certif_file.cer
I hope it will work.
          The J2SE Adapter Engine uses SSL only for communication line encryption, not for client and server authentications. Since this is a drawback with respect to security, you should use the J2EE Adapter Engine in insecure environments.
                         All configuration data for the Plain J2SE Adapter Engine is maintained in flat property files.The file for the engine administration data itself is located in the following directory:
<installation directory>/tech_adapter/BaseConfiguration
The file for the adapter configuration data is located in the following directory:
<installation directory>/tech_adapter/Configuration
                   The adapters of the Plain J2SE Adapter Engine are configured locally and not in the Integration Directory. Exchanged messages are also stored directly in the file system.
Therefore, ensure that only the operating system user, who has started and therefore owns the adapter engine process, can read the property files and has access to the directories used for message exchange.
*Pls: Reward points if helpful*
Regards,
Jyoti
Edited by: Jyoti Acharya on Dec 19, 2007 5:05 PM

Configure SSL enabled communication issue

Similar Messages

Maybe you are looking for