Error with default SSL port (443) on Solaris

Hi all
I would like to config default SSL port 443 on Solaris but I found this error. What is the problem?
I use WebLogic 8.1 sp3
SSL port : 443
Unable to create a server socket on Channel Default for port: 443. java.net.BindException: Permission denied Perhaps another process is using port 443
I dont sure about permission. How can I do?

Oh I can use root start weblogic and I can use 443 port, but when I use other users. I can't use 443 port

Similar Messages

Created zone with defaults won't boot completely (Solaris 10, Update 1)

If I create a zone with defaults, i.e. allowing the zone to inherit the typical package dirs, the resulting zone does not boot completely. When I attach to the zone via zlogin, the zone looks to be in an administrative state. It never boots to a point where one would typically enter in the initial configuration info, e.g. timezone and root password.
However if I create the zone after first removing the inherited dirs, the zone boots to a state where it subsequently can be confiured and fully booted.
Looks as if the SMF facilities are not fully initialized when the zone is configured to inherit its packages. This could be a red herring as I'm a newbie who's moved over from Linux and starting to understand SMF specifically and Solaris in general.
I did not have this problem with Solaris 10. I've just installed Solaris 10 Update 1; the problem seems specific to that installation. I reinstalled and the problem persists.

I snipped the output because there were some errors, which on retrospect seems to have been a silly decision. I repeated the process and captured the missing output:
# zoneadm -z foo install
Preparing to install zone <foo>.
Creating list of files to copy from the global zone.
Copying <5913> files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize <942> packages on the zone.
Initialized <942> packages on zone.
Zone <foo> is initialized.
Installation of <1> packages was skipped.
Installation of these packages generated warnings: <SUNWxwfnt
SUNWxwplt SUNWxwcft SUNWjxmft SUNWxwpls SUNWpmowu
SUNWxilrl SUNWolrte SUNWi13rf SUNWi15rf SUNWi2rf SUNWi5rf
SUNWi7rf SUNWi9rf SUNWtxfnt SUNWdoc SUNWi1of SUNWi4rf
SUNWi8rf SUNW1251f SUNWarrf SUNWxwoft SUNWxwxst
SUNWkoi8f SUNWasu SUNWxrpcrt SUNWasac SUNWasdb
SUNWasut>
The file </zone/foo/root/var/sadm/system/logs/install_log> contains a log of the zone installation.The packages are related to App development and X11. I don't see any that might be related to SMF.
The logfile is too large to post at over 37K lines. However there seemed to be a pattern to the package failures. Hopefully these greps highlight the important messages:
# grep "partially failed" /zone/foo/root/var/sadm/system/logs/install_log
Installation of <SUNWxwfnt> on zone <foo> partially failed.
Installation of <SUNWxwplt> on zone <foo> partially failed.
Installation of <SUNWxwcft> on zone <foo> partially failed.
Installation of <SUNWjxmft> on zone <foo> partially failed.
Installation of <SUNWxwpls> on zone <foo> partially failed.
Installation of <SUNWpmowu> on zone <foo> partially failed.
Installation of <SUNWxilrl> on zone <foo> partially failed.
Installation of <SUNWolrte> on zone <foo> partially failed.
Installation of <SUNWi13rf> on zone <foo> partially failed.
Installation of <SUNWi15rf> on zone <foo> partially failed.
Installation of <SUNWi2rf> on zone <foo> partially failed.
Installation of <SUNWi5rf> on zone <foo> partially failed.
Installation of <SUNWi7rf> on zone <foo> partially failed.
Installation of <SUNWi9rf> on zone <foo> partially failed.
Installation of <SUNWtxfnt> on zone <foo> partially failed.
Installation of <SUNWdoc> on zone <foo> partially failed.
Installation of <SUNWi1of> on zone <foo> partially failed.
Installation of <SUNWi4rf> on zone <foo> partially failed.
Installation of <SUNWi8rf> on zone <foo> partially failed.
Installation of <SUNW1251f> on zone <foo> partially failed.
Installation of <SUNWarrf> on zone <foo> partially failed.
Installation of <SUNWxwoft> on zone <foo> partially failed.
Installation of <SUNWxwxst> on zone <foo> partially failed.
Installation of <SUNWkoi8f> on zone <foo> partially failed.
Installation of <SUNWasu> on zone <foo> partially failed.
Installation of <SUNWxrpcrt> on zone <foo> partially failed.
Installation of <SUNWasac> on zone <foo> partially failed.
Installation of <SUNWasdb> on zone <foo> partially failed.
Installation of <SUNWasut> on zone <foo> partially failed.and# grep "not installed" /zone/foo/root/var/sadm/system/logs/install_log
*** package <SPROmrdwf> was not installed:
*** package <SPROdwrfb> was not installed:
*** package <SPROlang> was not installed:
*** package <SPROlangx> was not installed:
*** package <SPROdwrfx> was not installed:
*** package <SPROsbld> was not installed:
*** package <SPROsbldx> was not installed:
*** package <SPROrdbkb> was not installed:
*** package <SPROrdbkx> was not installed:
*** package <SPROcc> was not installed:
*** package <SPROutool> was not installed:
*** package <SPROmrcc> was not installed:
*** package <SPROmrcom> was not installed:
*** package <SPROmr3m> was not installed:
*** package <SPROmrtcv> was not installed:
*** package <SPROm9xs> was not installed:
*** package <SPROsunms> was not installed:
*** package <SPROsmsx> was not installed:
*** package <SPROsmpx> was not installed:
*** package <SPROmrsbe> was not installed:
*** package <SPROsbe> was not installed:
*** package <SPROpnsn> was not installed:
*** package <SPROfd> was not installed:
*** package <SPROupdck> was not installed:
*** package <SPROcpl> was not installed:
*** package <SPROcplx> was not installed:
*** package <SPROcmpl> was not installed:
*** package <SPROtlbn7> was not installed:
*** package <SPROtll7> was not installed:
*** package <SPROtl7x> was not installed:
*** package <SPROtll7x> was not installed:
*** package <SPROscl> was not installed:
*** package <SPROsclx> was not installed:
*** package <SPROmrstd> was not installed:
*** package <SPROmrcpl> was not installed:
*** package <SPROstl4h> was not installed:
*** package <SPROstl4a> was not installed:
*** package <SPROstl4o> was not installed:
*** package <SPROstl4x> was not installed:
*** package <SPROstl4y> was not installed:
*** package <SPROftool> was not installed:
*** package <SPROl90> was not installed:
*** package <SPROl90x> was not installed:
*** package <SPROl90s> was not installed:
*** package <SPROl90sx> was not installed:
*** package <SPROf90> was not installed:
*** package <SPROmrftn> was not installed:
*** package <SPROgc> was not installed:
*** package <SPROlgc> was not installed:
*** package <SPROgcx> was not installed:
*** package <SPROlgcx> was not installed:
*** package <SPROdbx> was not installed:
*** package <SPROdbxx> was not installed:
*** package <SPROjdbx> was not installed:
*** package <SPROjdbxx> was not installed:
*** package <SPROmrdbx> was not installed:
*** package <SPROdemo> was not installed:
*** package <SPROdmake> was not installed:
*** package <SPROmrdmk> was not installed:
*** package <SPROtdemo> was not installed:
*** package <SPROmride> was not installed:
*** package <SPROdbxui> was not installed:
*** package <SPROsvc> was not installed:
*** package <SPROxdplg> was not installed:
*** package <SPROidext> was not installed:
*** package <SPROjnsnb> was not installed:
*** package <SPROjnsrt> was not installed:
*** package <SPROjnsup> was not installed:
*** package <SPROctags> was not installed:
*** package <SUNWnbide> was not installed:
*** package <SUNWnbcpp> was not installed:
*** package <SUJAnbcpp> was not installed:
*** package <SUZHnbcpp> was not installed:
*** package <SUNWexted> was not installed:
*** package <SUJAexted> was not installed:
*** package <SUZHexted> was not installed:
*** package <SPROnbreg> was not installed:
*** package <SPROfdxd> was not installed:
*** package <SPROmrxd> was not installed:
*** package <SPROgvim> was not installed:
*** package <SPROxmbin> was not installed:
*** package <SPROxmshr> was not installed:
*** package <SPROxmsrc> was not installed:
*** package <SPROmrxm> was not installed:
*** package <SPROprfan> was not installed:
*** package <SPROmrpan> was not installed:
*** package <SPROprfax> was not installed:
*** package <SPROprflb> was not installed:
*** package <SPROprflx> was not installed:
*** package <SPROprfgn> was not installed:
*** package <SPROmrpgn> was not installed:
*** package <SPROhtbas> was not installed:
*** package <SPROhttl7> was not installed:
*** package <SPROhtstd> was not installed:
*** package <SPROhtxd> was not installed:
*** package <SPROdwrfs> was not installed:
*** package <SPROrdbks> was not installed:
*** package <SPROctsrc> was not installed:
*** package <SPROplg> was not installed:
*** package <SPROpl> was not installed:
*** package <SPROplx> was not installed:
*** package <SPROpls> was not installed:
*** package <SPROplsx> was not installed:
*** package <SPROmrpl> was not installed:These messages seem to be inline with the general output captured from the zone install itself.
> What does "svcadm list -vc" give you when you started the zone ?
I took that as a typo, instead using "zoneadm?"
# zoneadm list -vc
ID NAME             STATUS         PATH
   0 global           running        /
   7 foo              running        /zone/fooThe zone is not on its own slice, however "/zone" is mounted as a loopback from /export/zone. I don't think that's a problem since the zone install seems to work if I don't inherit packages. Unless perhaps its a nesting level of lofs's.
FWIW,
# mount |grep zone
/zone on /export/zone read/write/setuid/devices/dev=1540000 on Fri Feb 24 16:10:55 2006
/zone/foo/root/dev on /zone/foo/dev read/write/setuid/devices/zonedevfs/dev=4640007 on Tue Feb 28 13:13:03 2006
/zone/foo/root/lib on /lib read only/setuid/nodevices/nosub/dev=dc0440 on Tue Feb 28 13:13:03 2006
/zone/foo/root/platform on /platform read only/setuid/nodevices/nosub/dev=dc0440 on Tue Feb 28 13:13:03 2006
/zone/foo/root/sbin on /sbin read only/setuid/nodevices/nosub/dev=dc0440 on Tue Feb 28 13:13:03 2006
/zone/foo/root/usr on /usr read only/setuid/nodevices/nosub/dev=dc0440 on Tue Feb 28 13:13:03 2006
/zone/foo/root/proc on proc read/write/setuid/nodevices/zone=foo/dev=4400007 on Tue Feb 28 13:13:06 2006
/zone/foo/root/system/contract on ctfs read/write/setuid/nodevices/zone=foo/dev=43c0008 on Tue Feb 28 13:13:06 2006
/zone/foo/root/etc/svc/volatile on swap read/write/setuid/nodevices/xattr/zone=foo/dev=448000e on Tue Feb 28 13:13:06 2006
/zone/foo/root/etc/mnttab on mnttab read/write/setuid/nodevices/zone=foo/dev=4440008 on Tue Feb 28 13:13:06 2006

How do i temporarily disable TLS/SSL port 443 going to server on CSS

We are having issues with truncating packets that go through the CSS
I did a capture after the CSS and there is truncation............however i cant read it before the since everything is encrypted.
They hit vip address 172.20.120.16. on the CSS and get redirected to 2 servers depening on what the url says
They server team would like to turn it off just to test..i tried removing
"add service ARR-public-ssl" from the contetn below and we lost http and https to the server
so in essence i want to try and turn the 443 connection to a port 80---than it goes to port 7777 backend to 172.20.212.6
content BYE-WEB-SSL
   vip address 172.20.120.16
   protocol tcp
   port 443
   advanced-balance ssl
   application ssl
   add service ARR-public-ssl
   active
ssl-server 40
ssl-server 40 rsacert byetest
ssl-server 40 vip address 172.20.120.16
ssl-server 40 cipher rsa-with-rc4-128-sha 172.20.120.17 80
ssl-server 40 cipher rsa-with-rc4-128-md5 172.20.120.17 80
ssl-server 40 urlrewrite 1 *
ssl-server 40 cipher rsa-with-3des-ede-cbc-sha 172.20.120.17 80
ssl-server 40 rsakey byekey
backend-server 50
backend-server 50 type initiation
backend-server 50 server-ip 69.xxx.xxx.xxx
backend-server 50 ip address 69.xxx.181.xxx
backend-server 50 rsacert byetest
backend-server 50 rsakey byekey
active
!************************** SERVICE **************************
service TIE-SSLINIT
protocol tcp
ip address 69.xxx.xxx.xxx
keepalive type tcp
keepalive port 443
slot 2
type ssl-init
add ssl-proxy-list HR-SSL
active
owner PublicBYE
content BYE-WEB-ARRR
    vip address 172.20.120.17
    protocol tcp
    port 80
    url "/arr*"
    advanced-balance arrowpoint-cookie
    balance aca
    arpt-lct http-100-reinsert
    add service BYE-ods-web1
    active
content BY-WEB-TIX
    protocol tcp
    port 80
    url "/tix*"
    advanced-balance arrowpoint-cookie
    balance aca
    arpt-lct http-100-reinsert
    add service BYE-ods-web2
    vip address 172.20.120.17
    active
content BYE-WEB-TIX-CLEARTEXT
    add service TIX-SSLINIT
    vip address 172.20.120.19
    protocol tcp
    port 80
    active
content BYE-WEB-Nav
vip address 172.20.120.17
protocol tcp
port 80
url "/na*"
balance aca
arpt-lct http-100-reinsert
add service BYE-ods-web1
active
content BYE-WEB-SSL
vip address 172.20.120.16
protocol tcp
port 443
advanced-balance ssl
application ssl
add service ARR-public-ssl
active
service BYE-ds-web1-ssl
ip address 172.20.212.5
port 443
keepalive type ssl
active
service BYE-ds-web2
ip address 172.20.212.6
port 7777
keepalive port 7777
keepalive type tcp
active
service BYE-ds-web2
ip address 172.20.212.6
port 7777
keepalive port 7777
keepalive type tcp
active
service BYEos-web2-ssl
ip address 172.20.212.6
port 443
keepalive type ssl
active

CSS11506# sh ver
Version:               sg0810205 (08.10.2.05)
Flash (Locked):        08.10.1.06
Flash (Operational):   08.10.2.05
Type:                  PRIMARY
Licensed Cmd Set(s):   Standard Feature Set
                       Secure Management
Yeah..if done a packet trace before it hits the CSS and after......the only issue is that everything is engrypted before it hits the LB so i cant really read anythign....i did a pacet trace after the LB and on the Server itself its seems we get this
I thought i saw some bug info from cisco but i cant tell if its related
CSCsx05640—When you configure the CSS for a Layer 5 (L5) content rule and it receives an HTTP method POST with the HTTP header in one packet that is quickly followed by many packets of POST data or payload, it could fail to deliver all the data to the back-end server. The CSS Flow Manager (FM) application could incorrectly handle the POST and the data packet as a spanned content request and could cause the data to be mishandled. Workaround: Use less than 1-Gb connections in the network; a 100-Mb link does not exhibit this issue.
As you can see after the content-length..........nothing comes across........sometimes addtional stuff will come in ...but usually nothing
Is there a bug related to this on the CSS?
POST /TIXX/DocumentRepository_Service HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/soap+xml;charset=UTF-8;action="urn:ihe:iti:2007:ProvideAndRegisterDocumentSet-b"
User-Agent: Jakarta Commons-HttpClient/3.1
Host: www.xxxxxxxxxxxx.net
Content-Length: 9044

Synching error with different USB port

I set up my iPhone and had no problems synching with iTunes. I then changed to a different USB port than the one I had originally used. I began to recieve the following error when I tryed to synch "0xE800001". I then switched to a different usb port and everything worked fine.
Is there any way to get iPhone to work with the new usb port because that is the only port that charges when my computer is off.

Check out article below for tips and suggestions
iPhone: Troubleshooting USB connections
http://support.apple.com/kb/TS1286
Make sure you perform all Vista Software updates, also visit your PC manufacture website and download and install latest drivers for your PC hardware.
Also ensure you are not connecting via a USB Hub or using a USB extension cable.
If it only gives that error message in 1 USB port and not others. Try disconnecting any un-needed USB devices. Then connect back to that port and try syncing again.

Critical error with default host

Hi,
I am relatively new to Web Logic and think I have made an error within the Web Logic Console with the default host parameter. As a result, I can no longer start up my WLS.
Is there a way I can edit this parameter outside of the Web Logic Console?
The error from the logs is below:
####<01-May-2012 12:22:30 o'clock BST> <Critical> <WebLogicServer> <AOKEEFF-GB> <AdminServer> <main> <<WLS Kernel>> <> <> <1335871350199> <BEA-000362> <Server failed. Reason:
There are 1 nested errors:
java.net.UnknownHostException: http://127.0.0.1
     at java.net.Inet6AddressImpl.lookupAllHostAddr(Native Method)
     at java.net.InetAddress$1.lookupAllHostAddr(InetAddress.java:850)
     at java.net.InetAddress.getAddressFromNameService(InetAddress.java:1201)
     at java.net.InetAddress.getAllByName0(InetAddress.java:1154)
     at java.net.InetAddress.getAllByName(InetAddress.java:1084)
     at java.net.InetAddress.getAllByName(InetAddress.java:1020)
     at java.net.InetAddress.getByName(InetAddress.java:970)
     at weblogic.rjvm.JVMID.setLocalID(JVMID.java:238)
     at weblogic.rjvm.RJVMService.setJVMID(RJVMService.java:48)
     at weblogic.rjvm.RJVMService.start(RJVMService.java:30)
     at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Thanks

Along the lines that Fabian suggested, this is what you can do now.
Create a new domain and compare the config.xml of that new domain with the existing one you have issues with. This should give you the an indication of the changes that need to be reverted from the existing config.xml.
And as already suggested, always take a back of the config.xml before you make any changes. :)
Thanks,
Patrick

Compiler error with default arguments and static template function

Hi
The following does not compile with visual studio 2010 sp1, and compiles with gcc.
#include <string>
class A
public:
template<class T>
static T& Get(const std::wstring&);
class B
public:
void f(
double d,
double c =A::Get<double>(L"test"));
int main()
B b;
b.f(5);
It gives me the following error
error C2783: 'T & A::Get(const wchar_t *)' : could not deduce template argument for 'T'
If I change Get to be global function and not static function of A, it compiles.

It seems to be a compiler bug. It fails in VS2012, but compiles in VS2013.
For completion sake, the problem exists if A is a namespace containing Get. But not if Get is global.
The only solutions I can see are try to workaround the problem (make Get global) or upgrade to a newer version of VS.

Errors with the parallel port

I am trying to communicate with a robotic arm which is attached to the parallel port.

and... ?
See:
http://exchange.ni.com/servlet/ProcessRequest?RHIVEID=101&RPAGEID=205&HUSERSHADE=0&HOID=5065000000110000006D070000&UCATEGORY_0=_49_%24_6_&UCATEGORY_S=0
2006 Ultimate LabVIEW G-eek.

Sievefilter over SSL (port 443)

Does anybody know how i can get sievefilter to work if i use SSL? I have installed the sievefilter function and it works fine over http but the server will not display the sievefilters when i'm using https. Why?

Sieve filters settings work through iDA, not webmail. You have to turn ssl on for that web server, too.

Satellite A300-1BZ with Vista - Com Port has disappeared

Hi everyone.
My first time and I'm a bit of a duffer with technical stuff, so please be gentle with me!
A300-1BZ with Vista.
A while ago I installed 'CarSoft V.83' (Engine diagnosis) from CD onto my laptop. It asked me to verify the com-port.
I looked in the device manager and in the list I saw 'com-port 4'. Ok, we'll go with that then. Everything worked fine and I was happily talking away to my car.
Yesterday I went to use it for the second time and it said there was an error with the com-port and to 'verify' the com-port.
So, I got the device manager back up and there is no mention of any com-ports in the list! It was there the last time I looked and now it's vanished!
I was at a loss what to do so, I uninstalled the CarSoft and then re-intsalled it again. Got the same error message.
Went to device manager. Still no com-port 4 in the list, or anything that relates to a com-port.
I don't know how or if I can get it back.
Please help!

Hi mate
First of all there are no com ports. The com port which you could see in device manager was an virtual port created by car software.
What to say
I recommend removing the car software from the system firstly.
Then download the CCleaner and clean the system and registry entries.
Reboot the notebook and run the CCleaner again
After that install the car software again
Maybe it helps

Error with SSL Message

Hello Guys,
I am implementing solution where in I need to post http request to a secure server. I am using following mechanisam to talk to the ssl server. But when I run the program on my local machine I get following error. Can you guys please help me out since I have limited knowledge of security API and I need to get this done in very short time. Please help me understand necessary steps required to resolve this issue.
Thanks
Code
SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault();
tunnelHost = "<my proxy server >";
tunnelPort = "<proxy server port>";
tunnel = new Socket(tunnelHost, tunnelPort);
doTunnelHandshake(tunnel, host, port ,username , password);
socket =(SSLSocket)factory.createSocket(tunnel, host, port, true);
socket.addHandshakeCompletedListener(
new HandshakeCompletedListener()
     public void handshakeCompleted(
     HandshakeCompletedEvent event)
          {"\t CipherSuite:" + event.getCipherSuite());
          System.out.println(
          "\t SessionId " + event.getSession());
          System.out.println(
          "\t PeerHost "+
          event.getSession().getPeerHost());
socket.startHandshake();
socket.close();
tunnel.close();
} catch (Exception e) {
     e.printStackTrace();
private void doTunnelHandshake(Socket tunnel, String host, int port , String username , String password)
throws IOException
OutputStream out = tunnel.getOutputStream();
String AuthString = new String("NORTHAMERICA\\"+username+ ":" + password );
byte [] AuthBytes = AuthString.getBytes();
char []AuthChar = Base64encode(AuthBytes);
String test = String.valueOf(AuthChar);
String ProxyAuthorization = new String("Proxy-Authorization: Basic " + test);
String msg = "CONNECT " + host + ":" + port + " HTTP/1.0\n"
+ "User-Agent: Java SSL Sample\n"
+ "Host: FSM Gateway\n"
+ "Proxy-Connection: Keep-Alive\n"
+ "Pragma: No-Cache\n"
+ ProxyAuthorization
+ "\r\n\r\n";
byte b[];
try {
b = msg.getBytes("ASCII7");
} catch (UnsupportedEncodingException ignored) {
* If ASCII7 isn't there, something serious is wrong, but
* Paranoia Is Good �
b = msg.getBytes();
out.write(b);
out.flush();
byte reply[] = new byte[200];
int replyLen = 0;
int newlinesSeen = 0;
boolean headerDone = false; /* Done on first newline */
InputStream in = tunnel.getInputStream();
boolean error = false;
while (newlinesSeen < 2) {
int i = in.read();
if (i < 0) {
throw new IOException("Unexpected EOF from proxy");
if (i == '\n') {
headerDone = true;
++newlinesSeen;
} else if (i != '\r') {
newlinesSeen = 0;
if (!headerDone && replyLen < reply.length) {
reply[replyLen++] = (byte) i;
* Converting the byte array to a string is slightly wasteful
* in the case where the connection was successful, but it's
* insignificant compared to the network overhead.
String replyStr;
try {
replyStr = new String(reply, 0, replyLen, "ASCII7");
} catch (UnsupportedEncodingException ignored) {
replyStr = new String(reply, 0, replyLen);
/* We asked for HTTP/1.0, so we should get that back */
if (!replyStr.startsWith("HTTP/1.0 200")) {
throw new IOException("Unable to tunnel through "
+ tunnelHost + ":" + tunnelPort
+ ". Proxy returns \"" + replyStr + "\"");
System.out.println("tunneling Handshake was successful!");
Exception is javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at com.sun.net.ssl.internal.ssl.InputRecord.b(Unknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at SSLSocketClient.doIt(SSLSocketClient.java:166)
at SSLSocketClient.main(SSLSocketClient.java:54)
Debug information is
keyStore is :
keyStore type is : jks
init keystore
init keymanager of type SunX509
trustStore is: C:\Program Files\Java\j2re1.4.2_06\lib\security\cacerts
trustStore type is : jks
init truststore
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000bf
Valid from Wed May 17 09:01:00 CDT 2000 until Sat May 17 18:59:00 CDT 2025
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.),
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.),
Algorithm: RSA; Serial number: 0x374ad243
Valid from Tue May 25 11:09:40 CDT 1999 until Sat May 25 11:39:40 CDT 2019
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000b9
Valid from Fri May 12 13:46:00 CDT 2000 until Mon May 12 18:59:00 CDT 2025
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Net
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Net
Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
Valid from Thu Sep 30 19:00:00 CDT 1999 until Wed Jul 16 18:59:59 CDT 2036
adding as trusted cert:
init context
trigger seeding of SecureRandom
done seeding SecureRandom
tunneling Handshake was successful!
Socket is 15e83f9[SSL_NULL_WITH_NULL_NULL: Socket[addr=/10.0.1.38,port=80,localport=2133]]
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1115833203 bytes = { 119, 0, 234, 70, 240, 74, 55, 9, 64, 89, 133, 251, 64, 160, 105, 25, 113, 219, 252, 65, 240, 228, 184, 117, 235,
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_
Compression Methods: { 0 }
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, handling exception: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
main, SEND TLSv1 ALERT: fatal, description = unexpected_message
main, WRITE: TLSv1 Alert, length = 2
main, called closeSocket()
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at com.sun.net.ssl.internal.ssl.InputRecord.b(Unknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at SSLSocketClient.doIt(SSLSocketClient.java:166)
at SSLSocketClient.main(SSLSocketClient.java:54)

No it is not correct.
The socket creation should be provided with the proper host and the port. the resource on the host is something you should ask your server (HTTP GET ... whatever).
The https://abc.com:443 is equal to https://abc.com as the default port for https is 443. the host variable should be "abc.com" and the port "443" and the rest negotiated in application level (HTTP GET /XYZ [is not the proper syntax]).
Further, with this description, the first url (https://server/resource:port) is not making any sense.
You problem in first place is probably the host and port parameters (specifically the port has been set to 80 which most likely is wrong) . you need to consider the other port regarding newline and CRs buildging the proxy authentication header, but you debug logs suggest that your test proxy server takes it.

Non SSL website on port 443

Hi, I have a non-SSL website running on port 443. When I access this website using Chrome or IE it works just fine, but Firefox can't seem to accept what I have done. All browsers on the same machine and using the same web proxy.
I access the website as http://xyz:443.
Just a bit of background info as to why I need this. Where I work I can only access ports 443 and 80 via the web proxy. I have two distinct websites running on a couple of devices at home behind a very config-wise limited router which has ports 80 and 443 redirected to these hosts. There is no way for me to setup two port forward rules on port 80 to two different devices. I cannot setup SSL on either of the websites.
Regardless of options that could exist to overcome my particular issue, I would like to check if you guys know how to make Firefox work with a website running on port 443 whilst not having a certificate assigned to it.
Firefox 32.0.3
Error message:
The connection was reset
The connection to the server was reset while the page was loading.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer's network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

What type of ssl are you running? [https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/]
You can somehow remove the Strict-Transport-Security header or if there is a feature that forced encryption but by default https uses 443 for encryption. I do not know if this is possible.

Kernel SSL (KSSL) Proxy isn't listening on port 443

Hello
I'm having some trouble with Solaris 10 KSSL. The SMF says it's configured and online but netstat shows nothing listening on 443. The configuration I'm using is below so you can try it if you like.
Thanks for any insight.
J
--- config commands start here ---
- Generate certificate and key (In this case self-signed for testing)
/usr/sfw/bin/openssl req -x509 -nodes -days 365 -subj "/C=NZ/ST=Canterbury/L=MtHutt/CN=`hostname`" -newkey rsa:1024 -keyout /var/tmp/mykey.pem -out /var/tmp/mycert.pem
- Configure KSSL Proxy instance
echo "password" > /var/tmp/kssl.pass
cat /var/tmp/mycert.pem /var/tmp/mykey.pem > /var/tmp/mystuff.pem
rm /var/tmp/mykey.pem /var/tmp/mycert.pem
(NOTE: The following command must be run from Global Zone.)
ksslcfg create -f pem -i /var/tmp/mystuff.pem -p /var/tmp/kssl.pass -x 8080 443
- Configure web server
(This example uses the Solaris supplied Apache in /usr/apache2)
hostname=`hostname`
ipaddr=`grep $hostname /etc/hosts | awk '{ print $1 }'`
cat /etc/apache2/httpd.conf-example | sed "s/^Listen 80/Listen $ipaddr:8080/" > /etc/apache2/httpd.conf
svcadm enable apache2
Edited by: ajcook on 9/01/2009 00:25

The answer, as it often is, was user error. I had neglected to restart the Apache server to listen on the KSSL proxy port (port 8080 in the example given).
Mildly interesting exercise because it means that the KSSL doesn't start listening on it's SSL port until it verifies that the proxy port is available.
As soon as Apache was restarted, KSSL burst into life, ie.
/usr/sfw/bin/openssl s_client -connect localhost:443
CONNECTED(00000004)

SSL - Default SSL context init failed: null - need help with code

Hi!
Once Again I have problems with SSL.
I read something about SSL here:
http://www.javaalmanac.com/egs/javax.net.ssl/Server.html
Now I tried to test this stuff, that resulted in this program (I simply tried to put the SSL stuff from the above code in a small skeleton):
import java.io.*;
import java.net.*;
import java.security.*;
import javax.net.ssl.*;
import javax.net.*;
public class MyServer
     public static void main(String arguments[])
     try
          int port = 443;
          ServerSocketFactory ssocketFactory = SSLServerSocketFactory.getDefault();
          ServerSocket ssocket = ssocketFactory.createServerSocket(port);
          // Listen for connections
          Socket socket = ssocket.accept();
          System.out.println("Connected successfully");
          // Create streams to securely send and receive data to the client
          InputStream in = socket.getInputStream();
          OutputStream out = socket.getOutputStream();
          // Read from in and write to out...
          // Close the socket
          in.close();
          out.close();
     catch(IOException e)
          System.out.println("GetMessage() = "+e.getMessage());
          e.printStackTrace();
}     Now I compiled this stuff with : 'javac MyServer.java' - there were no errors. After this I run the program
with the following command (also taken from java almanac):
'java -Djavax.net.ssl.keyStore=mySrvKeystore -Djavax.net.ssl.keyStorePassword=123456 MyServer'
But if I run it, it reports:
"GetMessage() = Default SSL context init failed: null
java.net.SocketException: Default SSL context init failed: null
at javax.net.ssl.DefaultSSLServerSocketFactory.createServerSocket(Dasho
6275)
at MyServer.main(MyServer.java:15)"
createServerSocket() seems to be the wrong line, but what is wrong with it.
Is there any mistake in my code ?
Btw. I created my keystore etc. according to the instructions at
http://forum.java.sun.com/thread.jsp?forum=2&thread=528092&tstart=0&trange=15
Any help appreciated
Greets
dancing_coder

I got this error last week.
The problem was that the keystore I was pointing to, was in other location, so it could not initialize the default context.
I had defined ...
String CLIENT_CERTIFPATH = getParam("client.certificate.path", "/users/pridas/myKeystoreFile");
// getParam extracts the location of the keystore from a text file which contains some configuration parameters. The default value will be /users/pridas/myKeystoreFile
In my case, I will try to develop a secure SOAP conexion using certificates.
Before to try the conexion, I defined ...
System.setProperty("javax.net.ssl.trustStore", CLIENT_CERTIFPATH);
System.setProperty("javax.net.ssl.keyStore", CLIENT_CERTIFPATH);
... and the problem when I got this error ... the keystore file was not in the correct location.
That was how I resolved this error.
I hope everybody will be oriented about this kind of errors.
Salu2.

SSL on port 443

BM 3.8 sp5, Open Enterprise 6.5 SP6 - SSL - listening port 443 - Craig
advised to change to port 444 because it conflicts with Apache on the
server. Do my users need to type :444 when they authenticate or is this
change will be transparent to them? Also, one of our NetAdmins indicates
we are not running Apache...
Please provide me with more info. on this issue.
Thank you in advance for your help

Is wrote:
> BM 3.8 sp5, Open Enterprise 6.5 SP6 - SSL - listening port 443 - Craig
> advised to change to port 444 because it conflicts with Apache on the
> server. Do my users need to type :444 when they authenticate or is this
> change will be transparent to them?
I assume you're referring to proxy authentication, where the user enters
credentials in the browser to gain access to the proxy. In this case the
BM server automatically redirects users to the port 444 URL... they
don't type it in. Thus, the port the proxy listens on for SSL
*authentication* requests doesn't matter much, as long as it doesn't
conflict with other services running on the server.
Jim
Support Sysop

Petstore 1.3 with Oracle 8.1.7 on Solaris 9 - deployment error

Hello,
I'm trying to get Petstore 1.3 shipped with WebLogic Server 7.0 to work with Oracle
8.1.7 on Solaris 9 with a third-party (Oracle) jdbc driver (classes12). I did
the following:
1) created a new connection pool with the correct Oracle database URL and driver
class name (oracle.jdbc.driver.OracleDriver), also user/password properties for
the Oracle db, and the WL server selected in targets;
2) created a database schema for Oracle based on the data in Pointbase and the
weblogic-cmp-rdbms-jar file as well as petstore_catalog_utf8.sql;
3) created a new tx datasource pointing to the Oracle conn pool;
4) modified the catalog component's ejb-jar.xml file's env-entry to contain CatalogOracleDAOImpl;
5) put weblogic.jar in the classpath;
6) used Java's dbping utility to check connection to the database via the Oracle
driver (works fine--no network adapter error or anything related).
I then rebuilt the ear files (build is successful), but when deploying get the
following error:
"Cannot deploy EJB AccountEJB from customerEjb.jar. Cannot find datasource for
JNDI datasource-petstorePool" and says to make sure the JNDI name and deployment
descriptors are correct (I checked the customer component's deployment descriptors
against the tx datasources' JNDI and they match).
What step(s) am I missing? Any suggestions on what else I need to modify would
be very much appreciated.
Thanks,
Beverly Claire

Beverly:
If you have 8.1, then you should be able to simply and easily create a
connection pool to petstore via the console.
The current error you encountering: "petstorePool does not exist" is
because either:
petstorePool is not defined or there was a failure when the pool was first
created trying to connect to the DBMS.
The full errror should be in the log file prior to the TXDatasource error.
Cheers
mbg
"Beverly Claire" <[email protected]> wrote in message
news:[email protected]...
>
Hello Rob,
Thanks for your reply. Yes, the tx datasource's JNDI name isdatasource-petstorePool.
The server log says that "petstorePool does not exist".
My conn pool contents:
Name: petstorePool
URL: jdbc:oracle:thin:@<replaced with db address>:<replaced with dbport>:<replaced
with db SID>
Driver Class Name: oracle.jdbc.driver.OracleDriver
Properties: user=<replaced with username*>
password=<replaced with password*>
*same username and password used to set up the Petstore tables in Oracledb.
>
My tx datasource contents:
Name: PetstoreDataSource
JNDI: datasource-petstorePool
Pool Name: petstorePool
No, actually we're not evaluating in the sense of just-trying-things-out.One
of our clients is considering an application server. They're relying on usfor
help in choosing which would be best. As of now, we are comparing BEA WLServer
7 and 8.1, Sun ONE Application Server 7 EE, Oracle 9i Application Server,and
Fujitsu Interstage v5 Application Server. For cluster testing andperformance
comparison purposes, we'd like to use the same J2EE Application across allservers,
and the obvious choice is Petstore 1.3. One aim is to smoothly connect toan Oracle
database. The other app servers provide setup scripts and databaseschemas for
Petstore-with-Oracle, so db conn and deployment are not a problem at all.As for
WL, we've been trying to get Petstore (both the version downloaded fromSun's
Java Blueprints and the version that shipped with WL 7) to work withOracle, but
no luck so far. It's getting a bit frustrating, given the ease with whichthings
worked out with the other app servers.
Yes, I've tried out Avitek MedRec for WL 8.1, and this time BEA has kindlymade
provisions for Oracle db, so connection to Oracle is not a problem. I'mhoping
BEA will come around to doing the same thing for Petstore, although I'mguessing
that won't be in the near future.
Any other suggestions would be much appreciated.
Thanks,
Bevery Claire

Error with default SSL port (443) on Solaris

Similar Messages

Maybe you are looking for