CSS11506 offloading SSL, Websphere and IE 6 SP2

Similar Messages

• ACE Appliance SSL Offload: IE 7 / and other browser issues

  I'm using a pait of ACE's to offload SSL from our web sites. I'm using the server reuse function on the ACE, I have the SSL certifiates working, in that you can connect to the site using SSL and the certs check out, etc..
  The problem is: Some of our customers are experiencing issues particularly in IE7, where they will get partial page loads. I have reproduced it, and what I see is the page never seems to finish loading, When I sniff the outside stream I see resets coming back from the server side (ie the ACE.). Anyone have any thoughts? Or things to look at?
  Thanks,
  Geoff

  further information: I turned off server reuse and the problem diminished. there are still some long pauses in page updates but that could be server wait times. So anyone have any idea how I can tune server-reuse? or check what might be causing this issue.
  -Geoff

• Single Inbox on Unity Connection 8.5 and Exchange 2003 SP2

  Hi,
  We have Unity Connection 8.5 (with SU2) and Exchange 2003 SP2
  We want to setup the Single Inbox feature that works well with Exchange 2007 and 2010, but my customer is running Exchange 2003 SP2.
  We met all of the requirements outlined in: http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/requirements/8xcucsysreqs.html#wp459928
  I configure a new "Unified Messaging Services" profile for Exchange using Exchange 2003 and enabled for Single Inbox.  When I run "Test" it displays the following errors (other validation is successfully)
  The service port for IMAP is not functioning.      
  The system failed to connect to the server with a socket connection through port beatles.clubone.com:993. The error is error:0200206F:system library:connect:Connection refused. Refer to the tomcat log file for more details. If you are using secure connection, confirm that SSL is enabled on the server.
  Why is it trying to connect using IMAP, that wasn't the case when I used for Exchange 2007 or 2010 when IMAP was not enabled.
  Is there something else I'm missing for configuration with Unity Connection to support Single Inbox with Exchange 2003 SP2?
  Thank you!
  -rya

  Hi Rya,
  I just wanted to add my +5 vote for this great catch by Aaron (nice work "A")
  If you are going to upgrade to Unity Connection 8.6
  Check out this great doc from Saurabh for the refresh upgrade notes to 8.6.
  https://supportforums.cisco.com/community/netpro/collaboration-voice-video/unified-comm-application/blog/2011/08/11/checklist-before-upgrading-to-unity-connection-86
  Cheers!
  Rob
  "Show a little faith, there's magic in the night" - Springsteen

• How to Set Up SSO Between IBM WebSphere and SAP EP Using JAAS

  Hi
  I have read the article on SDN called "How to Set Up SSO Between IBM WebSphere and SAP EP Using JAAS", which is also the name of my posting.
  The reason why I post this is that I've tried to follow the links in the PDF to get the file WebsphereEpSsoLib.zip but I get an error 403, which tells me that the file is not there.
  Does anybody know where this file went or can somebody tell me an alternative place to get this file?
  Jacob

  Please open the associated whitepaper, and you can find the download link to the .ZIP file on page 4.
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/ibm/how to set up single sign-on between an ibm websphere portal and the sap enterprise portal using jaas.pdf
  Hope that works!
  Elise

• Cannot access to any site with ssl connection and fail to open safari and keychain, unless restart computer and login in with Guest account.

  when Update to 10.7.2 ,I cannot access to any site with ssl connection and fail to open safari and keychain, unless restart computer and login in with Guest account.
  OS:10.7.2
  Macbook Pro 2010-mid 13inch

  I also have the same problem, however if I use Firefox or Opera sites with ssl connection work fine. Still, I can't use Google Chrome (ssl), Safari (ssl), the Mac app store (generally), or the iTunes store (generally). Both the iTunes store, Safari and the app store won't respond, and Chrome displays this error: (net::ERR_TIMED_OUT). The problem persists regardless of what network I'm using. Also, when trying to access the keychain or iCloud, the process will not start (will hang). I didn't have these problems at all before updating to 10.7.2.
  Sometimes rebooting helps, and sometimes not. If the problem disappears by rebooting, then it only lasts a few minutes before it reappears. It is very frustrating, especially since there doesn't seem to be any obvious or consistent way of which to fix it.
  I'm also using a Macbook Pro 13-inch mid 2010.

• Transaction Isolation level in WebSphere and JBOSS???

  Hi,
  How to set up the transaction isolation level in Websphere and JBOSS???
  In weblogic, we can set it in weblogic-ejb-jar.xml. Is there any other file where we can set the isolation level in websphere and jboss???
  What is the difference between all the 4 isolation levels such as
  1) Transaction_committed
  2) Transaction_uncommitted
  3)Transaction_Repeatable_read
  4)Transaction_serializable
  Thanks,
  JavaCrazyLover

  In WebSphere 5.1 you can set the isolation level using resource reference. The following link describes the steps involved in this operation. I am not aware how to do the same thing in JBoss.
  Regards,
  Neo

• SSL certificates and Web Services Usage inside Oracle Database Questions!

  We have implemented a specific business logic using PL/SQL for our client, so we open a file and process each line of this, doing something in the Database and also call a Web Services (Service1) using UTL_HTTP package. Service1 runs in a Windows 2008 Server in the DMZ as Database server.
  Service1 is already working, and we can call the service from PL/SQL without troubles.
  However, according with security client's policies they requires all Web services be consumed via https including Service1, so we must to follow the procedure established for Oracle in order to enable the calling of service1 via https from the Database.
  Our client's DBA and IT Team are concerned about two subjects before to continue to follow the certificate installation:
       - SSL Certificates:
  1- Can installed certificates in the Database put in risk the stability of the database?
            2- Can installed certificates in the Database generate performance issues?
            3- Can installed certificates reloading the Databases?
            2- Can installed certificates in the Database generate security issues?
       - Web services:
  1- Can web services calling from the Database put in risk the stability of the database?
  2- Can web services calling from the Database generate performance issues?
  3- Can web services calling from the Database generate security issues in the DMZ?
  Could you please give us any clues, about the possible negative impact related with the SSL certificates and Web Services Usage inside Oracle Database, if it’s the case this impact exists?.
  Those are the links describing the procedure mentioned above.
  1 -http://www.kotti.es/2009/11/oracle-wallet/
  DB: Oracle 9i.
  Average number of lines in file: 300
  Periodicity: Twice at day.

  Thiago:
  You are correct in that there should be no problem interacting with a Web service that has an HTTPS endpoint as long as you create a wallet and specify it when you make your UTL_HTTP calls, like the PayPal example.
  I am not aware of a PL/SQL utility to create a XMLDsig Standard message, but if you find some Java source out there that does it, you may be able to follow a technique I used for a similar use case:
  http://jastraub.blogspot.com/2009/07/hmacsha256-in-plsql.html
  Regards,
  Jason

• SSL Accelerators and WLS???

  The web applications that I'm being asked to build will involve heavy
  use of SSL encryption thoughout. In fact, most of the user interactions
  will be handled over an SSL connection. I know what heavy SSL traffic
  can do to CPU utilization...
  One of the architectural components that we are considering is the use
  of hardware SSL accelerators. We're considering this as a way to make
  the user interaction snappier and to support more concurrent users on a
  single web/app server.
  The one that we are considering is nFast from http://www.ncipher.com/.
  It supports Netscape Enterprise on Solaris, which is our probable
  development/deployment environment. This would, of course, preclude us
  from using WLS as the web server.
  Question #1: In heavily SSL-ified web applications, does BEA reccomend
  the use of an external web server, or will WLS-as-http-server handle the
  job just as well as NES? What experiences have people had using
  WLS-as-http-server in SLL-intensive environments?
  Question #2: Are there any SSL accelerator products out there that
  support the WLS HTTP server? I doubt there are, but it couldn't hurt to
  ask.
  Question #3: By using an external web server (NES on Solaris, for
  example) is there a noticable decrease in servlet performance due to the
  fact that your servlets are now running in a separate process?
  Thanks for your feedback,
  jason

  We are using this box in production. Its very simple, it significantly
  increases load times, and it simplifies the backend architecture since you
  wont have to worry about https, every request is turned into an http
  request. Its around 13K, but I would think the benefits are worth the money
  for anything but lightly loaded sites.
  -eric
  [email protected]
  "Herman Burema" <[email protected]> wrote in message
  news:[email protected]..
  Intel seems to have an interesting product. It's called IntelNetstructure
  7180 e-Commerce Director. It's a bit pricy. Please let me know if anyoneknows
  an alternative.
  http://www.intel.com/network/products/director_7180.htm
  Russell Castagnaro wrote:
  Aren't there some products that just do all of the SSL and the server
  just
  acts like a standard http server??
  Bryan O'Sullivan wrote:
  j> me 4
  We are aware that customers want this feature, don't worry. The
  problem is that the integration between Java SSL products and hardware
  from vendors like Rainbow and NCipher is immature at the moment, so
  it's a lot of work for us to get this done.
  It is pretty high on our list, though, so you will see something just
  as soon as we've built and tested it.
  <b
  Let us pray:
  What a Great System.
  Please Do Not Crash.
  ^G^IP@P6--
  Russell Castagnaro
  Chief Mentor
  SyncTank Solutions
  http://www.synctank.com
  Earth is the cradle of mankind; one does not remain in the cradleforever
  -Tsiolkovsky

• Java Websphere and Weblogic

  Can any one explain or what type of applications are being developed by
  java websphere and weblogic ,also is there any sample project or source
  url please inform me?
  Thanks
  Arun

  websphere and weblogic are j2ee container implementations by IBM and BEA respectively. They are ment to host j2ee application complient to the j2ee spec. You can develop any kind of applications on these servers as long as they comply to j2ee spec. Both these servers provide various extensions to j2ee such as tools and APIs to make development for these server easier.

• SSL Session and Connection

  What is the difference between SSL Session and Connection. I understand, that session is negotiation of parameters and connections are built upon the sessions. But please help me understand, how it works in practicaly as in when using a Any connect client or browser, how does it function.

  How about something like:
  // It appears there may be issues with TLS...
  // so to prevent it from being used, we'll be
  // specific...SSLv3
  SSLContext context = SSLContext.getInstance("SSLv3");
  context.init(kmFactory.getKeyManagers(), null, null);
  SSLSocketFactory ssf = context.getSocketFactory();
  com.sun.net.ssl.HttpsURLConnectionHttpsURLConnection.setDefaultSSLSocketFactory(ssf);
  That do ya?
  -michael

• Websphere and weblogic version

  hi everybody,
  Can anyone please say me the free version of websphere and weblogic that supports the
  oracle waveset/sunIDM8.1version.
  Please anyone help me out from this issue.
  Thanks,
  Tarun.

  From: http://docs.oracle.com/cd/E19225-01/820-5592/820-5592.pdf
  Here are the supported application servers that can be used with Sun IDM 8.1 (see below).
  Of course, instead of Sun IDM 8.1 you should utilize Oracle Waveset 8.1.1 and then apply the latest patch, which is 8.1.1.8. This is the latest possible version and contains all possible fixes and enhancements.
  Note: If you run the latest patch version of Sun IDM 8.1 (8.1.0.15) it also supports (from the 8.1.0.15 Rel Notes):
  IBM WebSphere 7.x application server can now be used with Identity
  Manager. (ID-13555125) 8.1.0.15
  If you have any additional questions please let me know.
  ==========
  Application Servers
  The application server you use with Identity Manager must be Servlet 2.2-compliant and
  installed with the included Java platform (unless noted as follows). Identity Manager requires
  Java SE Development Kit (JDK) 5 or 6 on the following application servers, if the application
  server supports these versions.
  ■
  Apache Tomcat 5.5.x, 6.0.x
  ■
  BEA WebLogic Server 9.1, 9.2, 10
  ■
  IBM WebSphere 6.1
  ■
  JBoss Application Server 4.2
  ■
  Oracle® Application Server Enterprise Edition 10g Release 3 (10.1.3)
  ■
  Oracle Application Server Standard Edition 10g Release 3 (10.1.3)
  ■
  Sun Java
  TM
  System Application Server 9.1 (GlassFish
  TM
  v2 UR1, v2 UR2, v2.1 32-bit and
  64-bit)
  ■
  Sun Java System Application Server Platform Edition 8.1, 8.2, 9.0
  ■
  Sun Java System Application Server Enterprise Edition 8.1, 8.2
  ■
  Sun Java System Application Server Standard Edition 8.2
  Note–
  ■
  If your current application server does not support JDK 5, please check with your vendor to
  examine the implications of upgrading to one that does before installing Identity Manager.
  ■
  Identity Manager requires a JDK that correctly handles the 2007 adjustments to U.S.
  Daylight Savings Time (DST). You must install any relevant DST patches for the JDK
  version you are using. For Sun JDK 5, Update 15 contains the necessary DST fixes. All
  versions of Sun JDK 6 contain the necessary DST fixes.
  ■
  You can run Identity Manager on BEA WebLogic application servers with all
  WebLogic-supported 5 JDKs.
  ==========

• Unable to monitor SLES 10 SP4,SLES 11 SP3 and SLES 11 SP2 via SCOM 2012 R2

  Hi ,
  I am unable to get SLES 10 SP4, SLES 11 SP3 and  SLES 11 SP2 under SCOM 2012 R2 monitoring. The PAM ,glibc and openssl are at the right versions.
  Per the documentation SCOM MP for unix/Linux provides monitoring of SUSE Linux Enterprise
  Server 9, SUSE Linux Enterprise Server 10 SP1, and SUSE Linux Enterprise Server 11 operating systems. Does this mean it cannot monitor SP2, SP3 and SP4 for the same Operating systems?
  Plat form not supported is the error which I get.
  Thank you much,

  There should not be any problems with monitoring SLES 10 SP4 or SLES 11 SP2/SP3. If you are getting a "platform not supported" error, it may be that the right management packs have not successfully imported. Can you give more details on when
  you get the error, and the management pack versions that you have installed?  And what Update Rollup (UR) for OpsMgr do you have installed?  The latest is UR4, and the Linux/UNIX management packs for UR4 are here: 
  http://www.microsoft.com/en-hk/download/details.aspx?id=29696 .  Be sure to download the version for "R2".
  Michael Kelley, Lead Program Manager, Open Source Technology Center

• SSL termination and redirect

  We have moved SSL termination to a loadbalancer (F5) from the Sun webservers. The load balancer after terminating SSL goes to the http listener on the webservers. We have some NSAPI code that does a redirect. It used to do the redirect based on the original scheme of the listener (if http then the redirect was http based. If https then redirect https). Of course, now all redirects come back http even though the user may have an https session.
  For weblogic we can feed a header from the F5 (WL-PROXY-SSL) and it would recognize that a load balancer was used for SSL termination and perform java redirects using the correct scheme. Is there any header like this I can feed to the Sun Webserver so it recognizes that a loadbalancer has terminated the SSL session and any redirects should be https?

  It might be easiest to configure separate HTTP listeners (e.g. separate ports) for SSL and non-SSL requests. You can configure which scheme should be used in self-referencing URLs (such as those used in redirects) per HTTP listener. In Sun Java System Web Server 7.0, you can do that using the admin GUI, CLI, or by editing the server.xml configuration. If you edit server.xml, you need to specify the <server-name> element in the appropriate <http-listener> element.

• Disable SSL v2 and weak cipers on a RV325 for PCI compliance

  How do you disable SSL v2 and weak cipers on a RV325 to become PCI compliant?

  Hello
  per Cisco RVS4000 product site information this router is already end of life since January 30, 2010. Last date of support is also already missed - April 30, 2013. This means that according Cisco policy no further updates to existing firmware will be done - neither security-related fixes. And I am afraid that this is fact with which you have to deal.
  regarding RV320 - it seems that there is no any possibility to restrict SSL/TLS protocol/version by your own in current version. Francis - I would recommend you to open service request to Cisco SMB Support if you still have valid support contract. I hope there is good chance to get it fixed as this security related inability.
  lastly - for all products (including RVS4000) - I would suggest to keep management interface of router separated most as possible - i.e. restrict access to management interface only to single subnet/host(s) only (via Firewall feature). With having administration/management subnet and certain client(s) which is a part of this subnet can help to avoid eavesdropping your connection to router. Of course disabling remote management is the best thing you can do in any case (including avoid of possible firmware bugs, loggin attempts and so on).

• What SSL accelerator and load-balancer does anyone recommend?

  Hi:
  I wanted to find out:
  Does anyone recommend SSL accelerator cards/boards or SSL accelerator appliances?
  What SSL accelerator and load balancer does aynone recommend to help 9iAS?

  Ana_Alm wrote:
  Hi there!
  I just downloaded and installed OS X Lion, and I'm loving it so far.
  However, I've seen that Mountain Lion will have some new features when it comes to social apps (what I call the ones that combine twitter, facebook, rss readers and so on).
  So, does anyone knows any cools apps for that? I'm currently using Socialite, that combines all those three, but it has a few issues I don't particularly like. Plus, I'm using Adium for a msn client. I'm also thinking about downloading that beta version of "Messages" that will be realeased on Mountain Lion.
  So, what do you think? Give me your ideas
  Thanks a lot in advance!
  As Mountain Lion has not been released to the public yet, then most of us have no idea which companies have updated the development of their Apps for  ML. It is in Development phase so any App you try is at your own risk.
  Good Luck
  Pete