Fine details of SSL Acceleration

Similar Messages

• How do I use an SSL Accelerator with iWS 6?

  I have an application that uses iWS 6 sp2 and iAS 6 sp4. The web server exposes a https port. I can get this port to work fine with a certificate requested against the internal module. When I use the module supplied by the SSL accelerator (Sun Crypto Accelerator 1) I can install and view a certificate, but I cannot start the web server. I get the following error in my logs:
  [18/Mar/2002:15:57:17] failure ( 2820): Invalid configuration: File /usr/local/iplanet/servers/https-www.exsel.org.uk/config/server.xml, line 22, column 390: SEC_ERROR_BAD_DER - Certificate is improperly DER encoded : unable to find certificate Server-Cert
  I can see a certificate by this name in the cerfticate database for the additional module. I can view it and it looks good (I'm generating my own certificates at the moment - so I know that the internal and external certificates were generated in the same way).
  Has anyone any experience of using this combination of things?

  I think you are getting your certificates crossed up some how. "Server-Cert" is normally the name of the internal certificate. See what the name of the one installed on your accelerator is and change the name in server.xml to match that. Be sure to backup up all your files first!

• EP6.0 SP15 SSL Accelerator card setup

  Hi
  SAP support the use of SSL Accelerator cards as per OSS Note 686293.  However, I can find no details on the configuration of how to set them up for the use with the SAP web server used in the SAP Portal.  The products appear to provide support out of the box for mainstream we servers (MS IIS, Apache etc) but don't indicate how they need to be configured to be used with SAP.
  Can anyone assist?  They're Cavium SSL Accelerator cards.
  Regards
  David

  Just got the bad news from SAP Support.
  Although the note indicates that EP6.0 supports the use of hw SSL accelerator cards - the note itself is "misleading".  The SSL Provider is part of the SAP sw shipment and there is no SAP ICC partner interface to certify the integration of SSL accelerators.  The only SAP solution for EP6.0 at this time is to use them in a SSL Reverse Proxy infont of the portal solution to offload the overhead of SSL before it hits the portal.  The reason I'm not using Webdispatcher is that I'm also trying to fulfill a requirement for standalone ITS on these same servers. Needless to say there are no dates set for when SSL Accelerator cards can be used with Netweaver stack DIRECTLY!!.
  SAP support message below for completeness (from SAP AG Developement Manager so can be taken as gospel) - hope it saves someone else time if thinking of going down this route.   <u>Please post reward points if you have found this information useful!</u>
  SAP Note 686293 is misleading. All releases of EP 6.0 do not support
  SSL hardware accelerators.
  The SSL provider is part of the SAP shipment and there is no SAP ICC
  partner interface to certify the integration of SSL accelerators.
  If you realy require SSL hardware accelerators you should use a
  standalone solution (SSL reverse proxy) to terminate the SSL connection
  in front of the EP system.
  Regards
  David Irwin

• SSL Accelerator hardware for WebLogic

  Hi All,
  Does any one know if WebLogic supports Sun SSL Crypto hardware, ie: SSL Accelerator
  hardware, Sun Part # X113A ?
  Thank You

  Hi Michael,
  Thank you very much for your help. I will keep checking the
  released version for SSL/Hardware support.
  Regards,
  Tuan
  Michael Young <[email protected]> wrote:
  Hi Tuan.
  The next major release of WLS due out this spring will have support for
  hardware SSL accelerators. I don't have any detail beyond what I just
  stated. Keep an eye out for the beta program for the WLS beta release.
  This is not the WLS 7.0 preview currently on
  http://commerce.bea.com/downloads/weblogic_server.jsp. The beta program
  should be out sometime in the next few weeks.
  Regards,
  Michael
  Tuan Phan wrote:
  Hello Michael,
  Thank you very much for your help. Does BEA have plan
  to support any hardware based SSL in the future, how soon ?
  Thank You
  Tuan Phan
  Michael Young <[email protected]> wrote:
  Hi.
  WLS does not currently work with hardware SSL accelerators.
  Regards,
  Michael
  Tuan Phan wrote:
  Hi All,
  Does any one know if WebLogic supports Sun SSL Crypto hardware,
  ie:
  SSL Accelerator
  hardware, Sun Part # X113A ?
  Thank You--
  Michael Young
  Developer Relations Engineer
  BEA Support
  Michael Young
  Developer Relations Engineer
  BEA Support

• SSL Accelerated Service and device groups

  I have a need to set up SSL accelerated services on a data center WAE and one edge WAE. In reading through the Cisco Wide Area Application Services SSL Application Optimiser Deployment Guide (2010), it states that best practice is to create an SSL device group and configure the SSL service and generate the keys through that group.
  Simple question:  Should only the data center WAE be placed in that group, or should also the edge WAE be in the group?  The devices are running 4.3.3.

  Only the data center wae's need to be placed in the SSL device group.
  Regards
  -Smita

• Is fine detail automatic selection available in Elements?

  I don't use 99.9% of Photoshop, so am thinking about getting the newest version of Elements instead of upgrading to the newest Photoshop this time.  I've just spent an hour reading the site, trying to find out whether Elements has a selection tool that will isolate fine details (think: hair blowing in wind) automatically...but no luck. 
  I do 3D computer art and often pose and render a figure against a plain background in Poser, then select and extract it to place it into a background rendered in Vue d'Esprit or into a photograph.  If Elements can do that to a fine level of detail, automatically, I'll get it and avoid paying a lot of money for Photoshop features that I never, ever use.  Any info on the fine-ness of the selection tools in Elements would be appreciated, since the articles don't seem to address that aspect at all.
  Patricia

  Selection of whisps of hair is very tedious in Elements, in my experience. It can be done under high magnification. Certainly not "automatic."
  Under certain circumstances it is easier to remove the background, leaving just the foreground to deal with.
  Why not download the trial version of the program to see if it meets your needs?

• Urgent!! SRA gateway and SSL accelerator??

  I access url in portal destop, but it can not work.
  My gateway is working behind ssl accelerator, and gateway url is http://gateway.com, port is 880, external virtual host url is https://home.com. The profile platform.conf.default is like this,
  gateway.customurl=true
  gateway.httpurl=https://home.com:443
  gateway.virtualhost=gateway.com home.com
  but in desktop url http://www.sun.com is written to https://home.com/http://sun.com, but it canot be accessed.
  If I browse it like https://home.com/http://sun.com/, it work well.
  Please help me config it.
  Many Thanks
  Peter

  Thank you Jerry.
  We use the Radware's accelerator board that is one factory in china.
  The follows are the gateway profile list:
  gateway.cdm.cacheSleepTime=60000
  gateway.protocol=http
  gateway.jdk.dir=/usr/jdk/entsys-j2se
  gateway.userProfile.cacheCleanupTime=300000
  gateway.userProfile.cacheSize=1024
  gateway.external.ip=192.18.22.45
  gateway.logdelimiter=&&
  gateway.httpurl=https://home.com:443
  gateway.data.dir=/var/opt/SUNWps
  portal.server.instance=default
  gateway.port=880
  gateway.debug=on
  gateway.bindipaddress=192.18.20.33
  gateway.certdir=/etc/opt/SUNWps/cert/default
  gateway.host=gateway.com
  gateway.logging.password=RcyB48rxF7cxHv8As45shg\=\= Z0Wk2ebVID0XtY+eg30gsg\=\=
  gateway.sockretries=3
  gateway.enable.customurl=true
  gateway.userProfile.cacheSleepTime=60000
  gateway.enable.accelerator=true
  gateway.cdm.cacheCleanupTime=300000
  gateway.favicon=
  gateway.notification.url=notification
  gateway.httpsurl=
  portal.server.port=80
  gateway.virtualhost=portal.com 192.18.20.33 home.com
  gateway.allow.client.caching=true
  gateway.retries=6
  gateway.dsame.agent=http\://portal.com\:80/portal/RemoteConfigServlet
  portal.server.host=portal.com
  gateway.user=noaccess
  gateway.trust_all_server_certs=true
  gateway.debug.dir=/var/opt/SUNWps/debug
  portal.server.protocol=http
  gateway.ignoreServerList=true
  At first, the user has full access.
  We can login the portal server using https://home.com, and the urls also are written correctly, but when click the link like https://home.com/http://www.sun.com, there is not '/' at the end of this url, it can not work formally. But if I append '/' to the end of this url, and browse it in url address, it works well.
  Could you give me some advice?
  Many Thanks
  Peter

• Hardware SSL Accelerator + JSSE

  Hi all,
  How can I use hardware SSL/TLS accelerator with java platform. The server part of application needs hardware SSL/TLS acceleration. I was looking for information how "access" hardware accelerator from java application. The result was that I need custom JCE Provider which can work with this piece of hardware. Ok this point is clear. So I start looking for hardware accelarators which provide JCE Provider. But I failed. The questions are:
  Did I understand correctly the mechanizm how use such piece of hardware?
  Which hardware SSL accelerators provide JCE Provider?
  Is somewhere universal JCE Provider which uses "external" SSL implementation e.g. OpenSSL (I was thinking about "bridge" between my application and hardware accelerator using external implementation)?
  Every advice welcome. thank you and have a nice day.

  Look into the mozilla.org's package jss. It is a C API
  with java
  interconnects (JNI) which will allow you to interface
  with hardware
  accelerators using PKCS#11...
  You will need to have a compiler!ok .. it looks good. but how exactly it works? How I exactly redirect SSL request from CPU to hardware SSL accelerator.
  I rather want to use standard JSSE from Java2 platform.
  thanks for advice.

• SSL Acceleration between iPlanet and WLS

  I was wondering if anybody has successfully deployed a SSL accelerator card for SSL acceleration between iPlanet and WLS?

  This is a feature in the latest release, WebLogic Server 6.1.0
            <http://e-docs.bea.com/wls/docs61/////adminguide/nsapi.html#101168>. It is
            not available for WebLogic Server 5.1.0.
            Regards,
            -- Ian
            "Abhinandan" <[email protected]> wrote in message
            news:3ba5dfa9$[email protected]..
            > Can i get SSL communication between iPlanet and Weblogic 5.1? if yes then
            how??
            

• Can I pilot SSL acceleration single subnet and exclude SSL acceleration on rest of network.

  I have a large WAAS deployment and would like test SSL acceleration on a single regional IP subnet pointing to the main Data Centre all in the same device group. The SSL feature seems to be either on/off per host/IP Address. I would like to do the rollout SSL acceleration in a phased manner if possible.                  

  Hi,
  Cisco WAAS has an option to create self-signed certificates and private keys/ Generate certificate signing request (Our own CA) or this can imported from existing certificate and key if we have them.
  When a connection is requested, the WAN optimization device in the data center splits the original SSL connection from the client to the SSL server into two SSL connections. To the client the connection appears as the SSL server, and to the SSL server it appears as the SSL client. To act as the SSL server, the data center WAN optimization device needs an authentication certificate for each SSL service it is optimizing. When the WAN optimization device intercepts a connection request from a client, it uses the SSL server IP address/domain name to associate the certificate with the client.
  You can refer below link for configuring the SSL and moreover you can view the white paper for example
  http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v501/configuration/guide/policy.html#wp1191888

• What SSL accelerator and load-balancer does anyone recommend?

  Hi:
  I wanted to find out:
  Does anyone recommend SSL accelerator cards/boards or SSL accelerator appliances?
  What SSL accelerator and load balancer does aynone recommend to help 9iAS?

  Ana_Alm wrote:
  Hi there!
  I just downloaded and installed OS X Lion, and I'm loving it so far.
  However, I've seen that Mountain Lion will have some new features when it comes to social apps (what I call the ones that combine twitter, facebook, rss readers and so on).
  So, does anyone knows any cools apps for that? I'm currently using Socialite, that combines all those three, but it has a few issues I don't particularly like. Plus, I'm using Adium for a msn client. I'm also thinking about downloading that beta version of "Messages" that will be realeased on Mountain Lion.
  So, what do you think? Give me your ideas
  Thanks a lot in advance!
  As Mountain Lion has not been released to the public yet, then most of us have no idea which companies have updated the development of their Apps for  ML. It is in Development phase so any App you try is at your own risk.
  Good Luck
  Pete

• SSL Accelerated Services

  Hi All,
  I'm about to create the first SSL accelerated services for my customer and need to confirm a design point in advance of my deployment window.
  I have one *.xyz.com wildcard domain and server port and 2 certificates.  One of the certs is for an interim environment and the other for the main environment which is not yet live.  Can I associate both certificates to the same wildcard domain & port?  I'd ideally like to do this to allow for a seamless transition between the two environments or do I need to delete the interim cert and install the main one on the transition date?
  Thanks
  Claire

  I dont think you can associate both certificates to the same wild card domain & port. You can use one at a time.

• Need lens for EOS Rebel T3 for copystand work shooting fine detail & close-ups of plants.??

  I need a Canon lens for EOS Rebel T3 to work well on a copystand shooting fine detail & close-ups of botanical speciemens.  Please suggest lens which might work.

  It will depend upon how large your copy stand is and the size of your subjects, plus how much magnification you need.
  I'd look at the EF 50/2.5 "Compact Macro", EF-S 60/2.8 Macro, and EF 100/2.8 USM (possibly the 100L IS, but the stabilization would be more useful for handheld work, off the copy stand).
  For indoor, tabletop studio work with a crop sensor camera (like your T3, but a different model), I often use the Canon TS-E 45mm. It's not a true "macro" lens, but quite close focusing, and can be used with macro extension tubes for higher magnification. The tilt and shift features are useful with three dimensional subjects, allowing the plane of focus to be carefully aligned or the lens to be offset to "dodge" reflections. This is a manual focus only lens, probably doesn't matter for copystand work... but you might not need the TS-E features, if your subjects are primarily flat.
  Alan Myers
  San Jose, Calif., USA
  "Walk softly and carry a big lens."
  GEAR: 5DII, 7D(x2), 50D(x3), some other cameras, various lenses & accessories
  FLICKR & PRINTROOM 

• WAAS statistics for SSL accelerated services

    Hi all,
  the customer has configured two SSL accelerated services on the core WAVEs. He would like to monitor both these services separatelly. He uses SSL accelerated report, but there is summary statistics from both services. Is possible to create an application per SSL service for the collection statistics? For example: when I will have two SSL accelerated services ssl1 and ssl2, is possible to monitor statistics for ssl1 and monitor statistics for ssl2?
  Thank you
  Roman

  I dont think you can associate both certificates to the same wild card domain & port. You can use one at a time.

• Pricing and licensing details for Migration accelerator

  Could anyone please tell where can I find the pricing and licensing details for Microsoft Accelerator

  Hi,
  As per the document here, While in limited preview, Migration Accelerator is free and available only in North America. You pay only for any Azure services consumed.
  As the service is in preview, we have very limited information about it.
  Regards,
  Shirisha Paderu