Flash SSL connection failure IE
I am working on a very innovative e-commerce site with an all
Flash interface. We have uncovered an unusual situation where Flash
works in Firefox but not IE when calling webservices over https. It
only occurs when the certificate doesn't match the site name. It
appears that after a period of time the IE browser is unable to
open an ssl connection to the target site. This happens even though
the user has accepted the mismatch. Works fine in FireFox.
Anyone else seen this?
RE: the talkingtree.com article, I think you're confusing
client certificates and
server certificates. The talking tree article is discussing
an SSLv3 issue with client certs. Server certs are a seperate
animal altogether.
There should be no issue with updating (renewing?) the SSL
certificate on "webA". Just make sure that the SSL cert being used
by "webA" now, has a "common name" that matches the domain name
you're using to address it with.
(I'm guessing you're simply using "webA" as the domain name,
since it's all internal correct?)
One other thing to consider, what is the "Issuer" is on the
new SSL cert? If the new cert was not issued by a globally trusted
third party (like VeriSign/PayPal, or Thawte), than you may need to
register the cert in JRun's "cacerts" file. You can read more about
that here:
http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_19139&sliceId=1#enableCF
Similar Messages
-
Hi,
I'm getting some SSL connection failures on our SSL modules, we've reset the stats and noticed we are getting rsa pkcs pad errors when we do a sh ssl-proxy stats ssl. What causes these errors ?
SSL error statistics:
session alloc fails : 0 session limit exceed: 0
handshake init fails: 0 renegotiation fails : 0
no-cipher alerts : 0 ver mismatch alerts : 0
no-compress alerts : 0 multi buf rec errors: 0
ssl peer closes : 0 non-ssl peer closes : 0
unexpected record : 0 rec formatting error: 0
rsa pkcs pad errors : 2 premaster errors : 0
failed rsa reqs : 0 failed random reqs : 0
failed key-material : 0 failed master-secret: 0
failed update hash : 0 failed finish hash : 0
failed encrypts : 0 failed decrypts : 0
bad record version : 0 bad record size : 0
cert verify errors : 0 unsupported certs : 0
conn aborted : 0
overload drops : 0 hs limit exceeded : 0
hs handle mem fails : 0 conn reuse error : 0
dev invalid params : 0 dev failed requests : 0
dev timeout : 0 dev busy : 0
dev cancelled : 0 no dev fails : 0
dev resource fails : 0 dev unknown errors : 0
dev conn ctx fails : 0 dev cmd ctx fails : 0
mem alloc fails : 0 buf alloc fails : 0
invalid cipher algo : 0 invalid hash algo : 0
unaligned buf addr : 0 unaligned buf len : 0
internal error : 0 unknown ipcs : 0
double free attempts: 0 alert-send fails : 0installed openssl-0.9.8k-3 and the world resumed orbiting the sun
-
QuickVPN SSL connection issue to RV042 only through specific ISP
Hi,
I've noticed a frequent problem using QuickVPN to connect through a RV042. With a specific ISP (Rogers cable internet in Canada) occasionally from a particular location QuickVPN will stop being able to connect into my work VPN (though a RV042), although it had been connecting fine before (and can often connect through the same ISP at a different location). Although the RV042 is contactable and a TCP connection is formed, the SSL connection fails and the problem persists indefinitely. If I connect the same computer (a Windows Vista laptop) to a different ISP I am able to connect fine. Rebooting the cable modem/router do not solve the problem. I once saw a similar problem occuring with a different ISP (Bell DSP internet in Canada), but in that case rebooting the DSL modem/router solved the problem.
I suspect the edge-router in the ISP encounters some problem pertaining to SSL connection routing.
Has anyone experienced this issue or knows a resolution?
thanks,
MarkHi Tom,
Thanks for the response. The subnets involved (the local LAN subnet and the subnet of the RV042) are different. The QuickVPN log says SSL connection failure. When I do a network capture of the failed quickvpn connection I see that a TCP connection is opened between my laptop and the RV042 and the QuickVPN application sends SSL client hello packets to the RV042 but do not receive the necessary SSL ack-response packets in return (the client hello is repeated a few times without response and then the connection is reported as failed)
Mark -
SSL Connection Configuration between Apache and Weblogic 8,1
I'm currently using Apache web server as a front end server for Weblogic server 8.1 and now i' facing some configuration problem to setting up the SSL connection between this 2 server. When i open my web application page, it shows
Failure of Server Apache bridge
No backend server available for connection: timed out after 10 seconds or idempotent set to OFF.
and my proxy.log shows:
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: SSL is configured
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: SSL configured successfully
Thu Nov 03 09:36:41 2011 <182413202842013> Using Uri /favicon.ico
Thu Nov 03 09:36:41 2011 <182413202842013> After trimming path: '/favicon.ico'
Thu Nov 03 09:36:41 2011 <182413202842013> The final request string is '/favicon.ico'
Thu Nov 03 09:36:41 2011 <182413202842013> SEARCHING id=[ebwdsk298.ebworx.com:7002] from current ID=[ebwdsk298.ebworx.com:7002]
Thu Nov 03 09:36:41 2011 <182413202842013> The two ids matched
Thu Nov 03 09:36:41 2011 <182413202842013> @@@FOUND...id=[ebwdsk298.ebworx.com:7002], server_name=[10.122.50.218], server_port=[80]
Thu Nov 03 09:36:41 2011 <182413202842013> attempt #0 out of a max of 5
Thu Nov 03 09:36:41 2011 <182413202842013> general list: trying connect to '10.122.50.48'/7002/7002 at line 2696 for '/favicon.ico'
Thu Nov 03 09:36:41 2011 <182413202842013> New SSL URL: match = 0 oid = 22
Thu Nov 03 09:36:41 2011 <182413202842013> Connect returns -1, and error no set to 10035, msg 'Unknown error'
Thu Nov 03 09:36:41 2011 <182413202842013> EINPROGRESS in connect() - selecting
Thu Nov 03 09:36:41 2011 <182413202842013> Setting peerID for new SSL connection
Thu Nov 03 09:36:41 2011 <182413202842013> 0a7a 3230 5a1b 0000 .z20Z...
Thu Nov 03 09:36:41 2011 <182413202842013> Local Port of the socket is 2121
Thu Nov 03 09:36:41 2011 <182413202842013> Remote Host 10.122.50.48 Remote Port 7002
Thu Nov 03 09:36:41 2011 <182413202842013> general list: created a new connection to '10.122.50.48'/7002 for '/favicon.ico', Local port:2121
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Host]=[10.122.50.218]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Connection]=[keep-alive]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept]=[*/*]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[User-Agent]=[Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Encoding]=[gzip,deflate,sdch]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Language]=[en-US,en;q=0.8]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Charset]=[ISO-8859-1,utf-8;q=0.7,*;q=0.3]
Thu Nov 03 09:36:41 2011 <182413202842013> URL::sendHeaders(): meth='GET' file='/favicon.ico' protocol='HTTP/1.1'
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Host]=[10.122.50.218]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept]=[*/*]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[User-Agent]=[Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Encoding]=[gzip,deflate,sdch]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Language]=[en-US,en;q=0.8]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Charset]=[ISO-8859-1,utf-8;q=0.7,*;q=0.3]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Connection]=[Keep-Alive]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[WL-Proxy-Client-IP]=[10.122.50.48]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Proxy-Client-IP]=[10.122.50.48]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[X-Forwarded-For]=[10.122.50.48]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[X-WebLogic-Force-JVMID]=[unset]
Thu Nov 03 09:36:41 2011 <182413202841921> INFO: No session match found
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: No CA was trusted, validation failed
Thu Nov 03 09:36:41 2011 <182413202841921> INFO: DeleteSessionCallback
Thu Nov 03 09:36:41 2011 <182413202842013> ERROR: SSLWrite failed
Thu Nov 03 09:36:41 2011 <182413202842013> SEND failed (ret=-1) at 789 of file ../nsapi/URL.cpp
Thu Nov 03 09:36:41 2011 <182413202842013> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 790 of ../nsapi/URL.cpp
Thu Nov 03 09:36:41 2011 <182413202842013> Marking 10.122.50.48:7002 as bad
Thu Nov 03 09:36:41 2011 <182413202842013> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0, line 790 of ../nsapi/URL.cpp]: at line 3078
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: Closing SSL context
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: Error after SSLClose, socket may already have been closed by peer
Thu Nov 03 09:36:41 2011 <182413202842013> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
Can anyone tell me what should i do in order to correct this error? Your help is kindly appreciate!!! Please~1) Is the managed server up?
2) from apache server are you able to bind the managed server port?
3) can you pls send the weblogic ssl configuration? -
FTP/SSL Connection Problem for FTP Receiver Adapter
Hello All,
We are trying to establish an FTPS/SSL connection with one of our customers from our XI(Unix) system, and are receive following error:
<b>iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier</b>
Communication Channel Parameters:
Connection Security: FTP (FTP Using SSL/TLS) for Control Connection or FTP (FTP Using SSL/TLS) for Control Connection and Data Connection
Command Order: AUTH TLS, USER, PASS, PBSZ, PROT
Checkbox - Use X.509 Certificate.... checked (Certificate was provided by third party (customer issued) and uploaded to service_ssl certificate store on J2EE server)
Data Connection: Passive
Port: 10021
Keystore: service_ssl
X.509 Certificate & Private Key: ssl-credentials
Note: Initial handshaking occurs but connection is being dropped by the third party FTP Server when SSL certificate credentials are being validated. We also tried connecting to the third party FTPS server using standard FTPS client(FileZilla software), this connection gets established successfully with no certificate issues which means certificate and third party FTP Server is functioning correctly.
We therefore are thinking that the problem lies with our XI system being unable to load the certificate information correctly at the point when FTPS session is being established.
Your help and suggestions will be greatly appreciated.
Thanks and Best Regards
Prashant RajaniHello All,
Further in order to test connection set up and communication channel configuration we tried simulating the FTP connection locally by configuring FTP Server using FileZilla at a local machine and accessed it from Client's XI Server.
This set up simulates the problem we encounter with our customer's FTP Server.
If connection security parameter in communication channel for Sender FTP Adapter is set to <b>"FTPs( FTP Using SSL/TLS) with Control Connection" only</b>, file gets successfully created with data at the FTP server but as soon as we switch the connection security parameter to <b>"FTPs( FTP Using SSL/TLS) with Control and Data Connection"</b>, we receive error "Certificate rejected by Chain Verifier". The initial handshaking happens successfully and file gets created at the FTP Server but its empty, connection fails when attempt is made to write data into file and we end up with said error thereby closing the connection.
This is what the FTP (FileZilla) sees when the XI system attempts to set-up a fully encrypted data (FTPS) connection i.e., connection security parameter value as<b>"FTPs( FTP Using SSL/TLS) with Control and Data Connection"</b> :-
- (not logged in) (10.18.106.34)> Connected, sending welcome message...
- (not logged in) (10.18.106.34)> 220-FileZilla Server version 0.9.18 beta
- (not logged in) (10.18.106.34)> 220-written by Tim Kosse ([email protected])
- (not logged in) (10.18.106.34)> 220 Please visit http://sourceforge.net/projects/filezilla/
- (not logged in) (10.18.106.34)> AUTH TLS
- (not logged in) (10.18.106.34)> 234 Using authentication type TLS
- (not logged in) (10.18.106.34)> SSL connection established
- (not logged in) (10.18.106.34)> USER test
- (not logged in) (10.18.106.34)> 331 Password required for test
- (not logged in) (10.18.106.34)> PASS ***********
- test (10.18.106.34)> 230 Logged on
- test (10.18.106.34)> PBSZ 0
- test (10.18.106.34)> 200 PBSZ=0
- test (10.18.106.34)> PROT P
- test (10.18.106.34)> 200 Protection level set to P
- test (10.18.106.34)> SYST
- test (10.18.106.34)> 215 UNIX emulated by FileZilla
- test (10.18.106.34)> PWD
- test (10.18.106.34)> 257 "/" is current directory.
- test (10.18.106.34)> CWD /payment/
- test (10.18.106.34)> <b>250 CWD successful. "/payment" is current directory.</b>- test (10.18.106.34)> TYPE I
- test (10.18.106.34)> 200 Type set to I
- test (10.18.106.34)> PASV
- test (10.18.106.34)> <b>227 Entering Passive Mode (10,27,7,103,15,63)</b>- test (10.18.106.34)> STOR BHPDSB20060911-153840-834.txt
- test (10.18.106.34)> <b>150 Connection accepted</b>
- test (10.18.106.34)> <b>Data connection SSL warning: SSL3 alert read: fatal: bad certificate</b>
- test (10.18.106.34)> <b>Data connection SSL warning: SSL_accept: failed in SSLv3 read client certificate A</b>- test (10.18.106.34)> <b>Data connection SSL warning: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate</b>- test (10.18.106.34)> <b>Data connection SSL warning: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure</b>- test (10.18.106.34)> <b>426 Connection closed; transfer aborted.</b>- test (10.18.106.34)> QUIT
- test (10.18.106.34)> 221 Goodbye
- test (10.18.106.34)> SSL connection established
Please suggest your valuable inputs if we are missing out something. Any helpful inputs in this regard is highly appreciated.
Thanks and Best Regards
Prashant -
HTTP 200 response - Connection Failure - CF10 local Tomcat
Hello,
I am invoking a webService, FirstData to be exact. It's SSL. I am invoking properly, and FirstData is seeing my request as valid and successful, but the response comes back with a 200 and the filecontent is "Connection Failure". No SOAP structure in the response. I found that this was a bug with CF8 which I'd expect to be cleared up in CF10. Is there a workaround? I've attempted passing headers in various ways but it continues to fail.
<cfhttp url="XXX" method="POST" username="XXX" password="XXX" path="XXX" file="XXX" resolveurl="false" clientCert="XXX" clientCertPassword="XXX">
<cfhttpparam type="XML" value="#myXML#">
<cfhttpparam type="header" name="Accept-Encoding" value="deflate;q=0" />
<cfhttpparam type="header" name="TE" value="deflate;q=0" />
</cfhttp>
Response
struct
Charset
utf-8
ErrorDetail
[empty string]
Filecontent
Connection Failure
Header
HTTP/1.1 200 OK Date: Fri, 22 Mar 2013 19:25:10 GMT Server: Apache/2.4.2 X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1 Accept: text/xml, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Content-Length: 852 Connection: close Content-Type: text/xml;charset=utf-8
Mimetype
text/xml
Responseheader
struct
Accept
text/xml, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection
close
Content-Length
852
Content-Type
text/xml;charset=utf-8
Date
Fri, 22 Mar 2013 19:25:10 GMT
Explanation
OK
Http_Version
HTTP/1.1
Server
Apache/2.4.2
Status_Code
200
X-Powered-By
Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Statuscode
200 OK
Text
YESHi
Might be you are processing huge data because of this you are getting this error.
Regards
Dheeraj Kumar -
ERROR http: 5: Unable to initialize ssl connection with server, aborting co
HI EXPERTS,
one of my database give me below error when i start its dbconsole. and after failure it give me meassge
TZ set to Asia/Karachi
Oracle Enterprise Manager 10g Database Control Release 10.2.0.4.0
Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved.
https://test:5500/em/console/aboutApplication
Starting Oracle Enterprise Manager 10g Database Control ..............................................................
........ failed.
Logs are generated in directory /u01/oracle/product/10.2/cnichol_cpuplt/sysman/log
and in trace file name "emdctl.trc" below error is logged.
ERROR http: 5: Unable to initialize ssl connection with server, aborting connection attempt
ERROR ssl: nzos_Handshake failed, ret=29024
and trace file named "emagent.trc" give below error
2010-10-04 19:12:25 Thread-88238992 ERROR http: 11: Unable to initialize ssl connection with server, aborting connection attempt
2010-10-04 19:12:25 Thread-88238992 ERROR pingManager: nmepm_pingReposURL: Cannot connect to https://test:5500/em/upload/: retStatus=-1
2010-10-04 19:12:38 Thread-88238992 ERROR upload: Error in uploadXMLFiles. Trying again in 300.00 seconds.
dbconosle URL is
https://test:5500/em/console/aboutApplication
Operating system is Redhat linux AS 5.3
what is the possible cause of this failure any one can guide me.
thanx in Advance
regards,
Edited by: AMIABU on Oct 4, 2010 7:28 AMoracle@bcm-laptop:~$ emctl
Oracle Enterprise Manager 11g Database Control Release 11.2.0.1.0
Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved.
Oracle Enterprise Manager 10g Database Control commands:
emctl start | stop dbconsole
emctl status | secure | setpasswd dbconsole
emctl config dbconsole -heap_size <size_value> -max_perm_size <size_value>
emctl status agent
emctl status agent -secure [-omsurl <http://<oms-hostname>:<oms-unsecure-port>/em/*>]
emctl getversion
emctl reload | upload | clearstate | getversion agent
emctl reload agent dynamicproperties [<Target_name>:<Target_Type>]....
emctl config agent <options>
emctl config agent updateTZ
emctl config agent getTZ
emctl resetTZ agent
emctl config agent credentials [<Target_name>[:<Target_Type>]]
emctl gensudoprops
emctl clearsudoprops
Blackout Usage :
emctl start blackout <Blackoutname> [-nodeLevel] [<Target_name>[:<Target_Type>]].... [-d <Duration>]
emctl stop blackout <Blackoutname>
emctl status blackout [<Target_name>[:<Target_Type>]]....
The following are valid options for blackouts
<Target_name:Target_type> defaults to local node target if not specified.
If -nodeLevel is specified after <Blackoutname>,the blackout will be applied to all targets and any target list that follows will be ignored.
Duration is specified in [days] hh:mm
emctl getemhome
emctl ilint
Em Key Commands Usage :
emctl config emkey -emkeyfile <emkey.ora path> [-force] [-sysman_pwd <sysman password>]
emctl config emkey -emkey [-emkeyfile <emkey.ora path>] [-force] [-sysman_pwd <sysman password>]
emctl config emkey -repos [-emkeyfile <emkey.ora path>] [-force] [-sysman_pwd <sysman password>]
emctl config emkey -remove_from_repos [-sysman_pwd <sysman password>]
emctl config emkey -copy_to_repos [-sysman_pwd <sysman password>]
emctl status emkey [-sysman_pwd <sysman password>]
Secure DBConsole Usage :
emctl secure dbconsole -sysman_pwd <sysman password> [-passwd_file <abs file loc>]
[-host <slb hostname>] [-sid <service name>] [-reset] [-secure_port <secure_port>]
[-root_dc <root_dc>] [-root_country <root_country>] [-root_state <root_state>] [-root_loc <root_loc>]
[-root_org <root_org>] [-root_unit <root_unit>] [-root_email <root_email>]
[-wallet <wallet loc>] [-wallet_pwd <wallet pwd>] [-trust_certs_loc <certs loc>]
emctl secure status dbconsole
Register Targettype Usage :
emctl register oms targettype [-o <Output filename>] <XML filename> <rep user> <rep passwd> <rep host> <rep port> <rep sid> OR
emctl register oms targettype [-o <Output filename>] <XML filename> <rep user> <rep passwd> <rep connect descriptor> -
Dear Sir,
I am getting the following error sometimes when browsers (using IE5.5) take
a page from my website served up with Weblogic 5.1
The page contains some JavaScript and HTML.
Please note that this does not always happen but when it does it only
happens from PCs on the same sub-network as the server.
It looks like a weblogic error to me. Any ideas?
Thanks,
Spencer
Thu Aug 31 22:38:21 GMT+01:00 2000:<E> <HTTP> Connection failure
java.net.SocketException: ReadFile on fd=536 failed with err=64
at weblogic.socket.NTSocketMuxer.initiateIO(Native Method)
at weblogic.socket.NTSocketMuxer.read(NTSocketMuxer.java, Compiled
Code)
at weblogic.socket.MuxableSocketHTTP.requeue(MuxableSocketHTTP.java,
Compiled Code)
at weblogic.socket.MuxableSocketHTTP.execute(MuxableSocketHTTP.java,
Compiled Code)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java, Compiled
Code)What would cause a RESET from the server?
I have a situation where a SSL connection through ACE to a server works fine from some workstations and it does not work from others. It is not a network connectivity issue. When it fails I get the message indicating there is a certificate error, then I click continue and get a page cannot be displayed.
This works fine from other workstations. -
Unable to make SSL connection from Proxy Server to Directory Server
I have recently installed Directory Proxy Server 5.2 Patch 3 on Solaris 9 server. Backend directories are Sun Directory Server 5.2sp3 using Thawte signed certificates.
I can't get the Proxy Server to make a successful SSL connection to the Directory Servers. The proxy server can make the non-ssl connection without problem. When the Proxy Server attempts the SSL connection it gives SEC_ERROR_UNTRUSTED_ISSUER error. The SSL certificates on the Directory Servers are signed by Thawte and have just recently been updated. The certificate for the Proxy Server is also signed by Thawte. The CA certificate is loaded in both the Proxy Server and the Directory Server.
I also have an iPlanet Directory Access Router (iDAR) 5.0 Server that is our current production server that serves these same directories and I haven't had a problem with SSL connection with it. So, the certificates are good.
I've encluded an exerpt from the Proxy Server log below for one of SSL connection attempts.
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [STAT/CONN] [ 560
307] Connection from secured listen port. New connection is on socket 37.
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [STAT/CONN] [ 560
305] Number of open connections is 1.
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [STAT/CONN] [ 171
211] [client( 152.3.100.30, 37)] Accepting connection via dukenet-group
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE] [ 302
023] Failure with CERT_VerifyCertNow (checking signature, usage: "certUsageSSLSe
rver").
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE] [ 302
023] SEC_ERROR_BASE + 20, NSPR error: -8172 (0xffffe014). Native errno is: 11
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE] [ 385
729] Rejected certificate on socket 38
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE] [ 385
729] SEC_ERROR_BASE + 20, NSPR error: -8172 (0xffffe014). Native errno is: 11
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE] [ 385
728] Certificate rejected on socket 38
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE] [ 385
728] SEC_ERROR_BASE + 20, NSPR error: -8172 (0xffffe014). Native errno is: 11
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE] [ 385
721] Read on socket 38 failed.
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE] [ 385
721] SEC_ERROR_BASE + 20, NSPR error: -8172 (0xffffe014). Native errno is: 11
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [EXCEPTION] [ 301
006] Unexpected error on socket 38. (Error: -8172).
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE] [ 171
002] [client( 152.3.100.30, 37)] [server( 152.3.101.110+ 636, 38)] L
ost connection to server, trying to failover to another
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE] [ 302
023] Failure with CERT_VerifyCertNow (checking signature, usage: "certUsageSSLSe
rver").
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE] [ 302
023] SEC_ERROR_BASE + 20, NSPR error: -8172 (0xffffe014). Native errno is: 11
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE] [ 385
729] Rejected certificate on socket 38
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE] [ 385
729] SEC_ERROR_BASE + 20, NSPR error: -8172 (0xffffe014). Native errno is: 11
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE] [ 385
728] Certificate rejected on socket 38
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE] [ 385
728] SEC_ERROR_BASE + 20, NSPR error: -8172 (0xffffe014). Native errno is: 11
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [EXCEPTION] [ 385
717] ber_flush unexpected error on socket 38
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [EXCEPTION] [ 385
717] SEC_ERROR_BASE + 20, NSPR error: -8172 (0xffffe014). Native errno is: 11
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [EXCEPTION] [ 385
717] ber_flush unexpected error on socket 38
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [EXCEPTION] [ 385
717] NSPR error: -5938 (0xffffe8ce). Native errno is: 11
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE] [ 385
721] Read on socket 38 failed.
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE] [ 385
721] NSPR error: -5938 (0xffffe8ce). Native errno is: 11
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [EXCEPTION] [ 301
006] Unexpected error on socket 38. (Error: -5938).
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE] [ 171
002] [client( 152.3.100.30, 37)] [server( 152.3.232.3+ 636, 38)] L
ost connection to server, trying to failover to another
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [EXCEPTION] [ 385
717] ber_flush unexpected error on socket 38
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [EXCEPTION] [ 385
717] NSPR error: -5938 (0xffffe8ce). Native errno is: 11
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [EXCEPTION] [ 190
102] [client( 152.3.100.30, 37)] Rejecting request The server is tempor
arily busy
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [OP/CONN] [ 170
904] [client( 152.3.100.30, 37)] [server( 152.3.101.110+ 636, 38)] C
onnection unbound by clientNo, that was on 5.1. For 6.0, my classpath has just:
%JAVA_HOME%\lib\tools.jar;%WL_HOME%\lib\weblogic_sp.jar;%WL_HOME%\lib\weblogic.jar;
%CLASSPATH%
This works fine. -
Sporadic SSL connection trouble
I happened to run across https://discussions.apple.com/message/5546820, which describes a problem very similar to one I've had troubles with since Mac OS X 10.5 Server and still happens with 10.6.7; I did not experience this with Tiger.
I have a web service written in PHP (v5.3.4) that makes another web service call to a third party web service. The call TO my web service and the call my web service MAKES are both SSL encrypted; neither are going through a proxy. Occasionally, my web service will get a SoapFault raised with the error "Could not connect to host" when instantiating a SoapClient object to connect to the third party web service. We use this web service an average of nearly 1,000 times a day, and of those, only a handful each day gets this exception. I have gone so far as to add code that will make a second attempt to instantiate the SoapClient class when the first fails. Sometimes the second attempt works, but sometimes even it fails.
At one point I moved this process back to 10.4.11 Server (w/PHP v5.2.4), and experienced no errors. I've also ran the same code on a Windows machine with PHP 5.3 installed and it did not experience the problem either. So I don't believe it has anything to do with upgrading PHP from 5.2 to 5.3. I have performed tests from other Macs connecting to one of Amazon's web services over HTTPS, and they too experienced random failures beginning with Leopard. So I don't think it has anything to do with the specific machine on which the process is running. I also tried consuming the Amazon web service over HTTP, and didn't experience the problem.
We have another process (on a different server running 10.5.8) that uses CURL to establish a SSL encrypted connection to a partner's system, and it's randomly failing on curl_exec() with "SSL read: error:00000000:lib(0):func(0):reason(0), errno 54". According to http://curl.haxx.se/libcurl/c/libcurl-errors.html, error 54 means "Failed setting the selected SSL crypto engine as default!".
CURL details:
10.5.8 machine:
curl 7.16.4 (i386-apple-darwin9.0) libcurl/7.16.4 OpenSSL/0.9.7l zlib/1.2.3
Protocols: tftp ftp telnet dict ldap http file https ftps
Features: GSS-Negotiate IPv6 Largefile NTLM SSL libz
10.6.7 machine:
curl 7.19.7 (universal-apple-darwin10.0) libcurl/7.19.7 OpenSSL/0.9.8l zlib/1.2.3
Protocols: tftp ftp telnet dict ldap http file https ftps
Features: GSS-Negotiate IPv6 Largefile NTLM SSL libz
Neither error can be reproduced at will, but they do happen daily (no particular time of day; it's completely random). It just really sounds like something is wrong with some low level code in the OS dealing with SSL that began with Leopard. Anyone else having similar trouble?i got the connection to work, and the problem was that the regional settings of the client was set to "Turkish". after changing it to EN, it worked.
(questions 2), 3) and 4) are "answered" herewith).
is there a workaround for the language problem ? (the reg. settings have to be Turkish)
(when set to "Turkish", the JRE parses the cacerts file erroneous (because of the Turkish 'i' character). running the program with "-javax.net.debug=all" parameter prints the trace)
now, i've another question :
when creating a user how do we specify which group the user belongs to ?
a solution for this is to find the group and add the user to the group. is there an attribute of the user which can be set directly at creation time ?
last question :
why does it take so long to get a context with ssl connection ? does anybody know how to make it faster ?
thanks -
CSM not accepting new SSL connections
Hi,
Could some one please help on me on this.
My CSM is not accepting any new SSL connections for around 4 hours now. I have manaully rebooted the CSM now and it seems to be working fine.
Teh CSM was working fine without any problem and I have not done any changes on the module. I would like to know why suddenly CSM not operational?
Is ths hardware issue or software?
I am running 4.1(3) software versin on the CSM.
Thanks in advance. Your help would be highly appriciated.
Regards
Alex.Hi Alex,
We would need to see a failed connection on the CSM's port-channel to see at what point the connection fails and multiple showtechs taken during the issue to see what, if any, error counters were incrementing. Without this kind of data, there is no way to tell what the root cause of the failures were.
Given that a reload of the module recovered the connectivity, it is likely not a hardware issue.
In the event that this was to reoccur, I would recommend the following action plan:
Get a showtech from the Supervisor
Using SPAN, start a capture on the CSM port-channel. The source interface of your monitor session would be Po<256 + csm-slot>. For example, if the CSM is in slot 4, then the source interface of your monitor session would be Po260.
Let one or more connections fail
Stop the capture
Get a second showtech from the Supervisor.
Also, as a proactive measure, I would strongly recommend an upgrade to the latest CSM 4.2(x) or 4.3(x) software as the 4.1 code is very old and there have been many bug fixes since then.4.2(13) would be a good choice, unless you need features of the 4.3(x) stream.
Also, note that the CSM is now End-of-Life, as well as the 4.1(x) software. Any bug fixes that are implemented until the End-of-Engineering support will only go into the 4.2(x) and 4.3(x) streams.
Hope this helps,
Sean -
ACE : Rserver connection failures ?
Hi,
In a productive environment, I observe rserver counters and I can read several connection failures. However, the site seems to work correctly.
What are the conditions under which he ACE increments the connection failures counter ?
Here is an extract of the show serverfarm command :
CH01AC03/P-115-A# sh serverfarm NCL_FARM_PROD
serverfarm : NCL_FARM_PROD, type: HOST
total rservers : 6
----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: HQBUUN203
10.56.7.209:443 12 OPERATIONAL 11 2363414 334
rserver: HQBUUN205
10.56.7.210:443 12 OPERATIONAL 11 2321347 2055
rserver: HQBUUN221
10.56.7.94:443 8 OPERATIONAL 10 1611561 1270
rserver: HQBUUN222
10.56.7.93:443 8 OPERATIONAL 20 1608550 189
rserver: HQVEUN218
10.56.7.96:443 8 OPERATIONAL 15 1532865 1307
rserver: HQVEUN219
10.56.7.95:443 8 OPERATIONAL 12 1607162 304
Thank you for any hints
Yves HaemmerliYves,
normally only RST from the rserver or no response to SYN from the rserver are counted as failure.
However, we had issues with this as identified in CSCtd22008 "ACE- Client RST in End-to-End SSL generates Rserver conn-failures."
An old one is CSCsh14278 "sh serverfarm failure conn incremented for successful connection".
So, if you want to be sure, the only option is to capture a sniffer trace.
Gilles. -
when Update to 10.7.2 ,I cannot access to any site with ssl connection and fail to open safari and keychain, unless restart computer and login in with Guest account.
OS:10.7.2
Macbook Pro 2010-mid 13inchI also have the same problem, however if I use Firefox or Opera sites with ssl connection work fine. Still, I can't use Google Chrome (ssl), Safari (ssl), the Mac app store (generally), or the iTunes store (generally). Both the iTunes store, Safari and the app store won't respond, and Chrome displays this error: (net::ERR_TIMED_OUT). The problem persists regardless of what network I'm using. Also, when trying to access the keychain or iCloud, the process will not start (will hang). I didn't have these problems at all before updating to 10.7.2.
Sometimes rebooting helps, and sometimes not. If the problem disappears by rebooting, then it only lasts a few minutes before it reappears. It is very frustrating, especially since there doesn't seem to be any obvious or consistent way of which to fix it.
I'm also using a Macbook Pro 13-inch mid 2010. -
i cant update my iphone 3gs to a more newer ios? it says here error! and the phone flashes some connect to itunes.. an if i connct nothing happens.. help me.. the ipgone wont open . and work pls help me thank you!
Hello AlexCornejo,
Thanks for using Apple Support Communities.
The screen you're seeing on your iPhone indicates it is in recovery mode. Now since the device is not appearing in iTunes on your PC, first follow the steps in this article:
iOS: Device not recognized in iTunes for Windows
http://support.apple.com/kb/TS1538
After following those steps, you should be able to restore your iPhone.
Take care,
Alex H. -
I really can't figure out this problem. Search the internet tried all kinds of things, nothing help so far.
I have a Macbook Pro (Lion originally installed) running on Mavericks (all latest updates). SSD installed and the DVD tray is replaced by the original HDD.
The laptop wasn't running very smooth anymore so decided to give it a fresh Mavericks install (even though I know it's not really necessary for mac, it helped, everything is much faster except a weird internet problem came up).
After freshly installing Mavericks I couldn't get into my google account anymore, just wouldn't load. Tried Safari (use this normally) and Firefox and Chrome, this last was gave a SSL connection error, both Safari and FF said the website couldn't be loaded because the server didn't respond. For Gmail I use Mailplane which is just stuck on a white page. I tried repairing the keychain, repaired disk and disk permissions, cleaned browsers, turned off firewall and antivirus (Shopos) started in safe mode, checked time settings which were all good. Nothing of this helped. I even ended up creating a usb bootdisk for Mavericks, formatted the disk and reinstalled from the start just Mavericks and nothing else, started Safari, still the same problem. As even this didn't help I figured it's not worth reinstalling all software so put back my backup.
Now I ended up somehow only being able to use Gmail normally in Firefox, Chrome still gives SSL error and Safari can load the inbox, but I can't open any messages. I get the error there is a problem with the connection. If I try in Basic HTML mode it surprisingly does work.
You would say, just use Firefox, finished...but the thing is that sometimes random websites won't load in Firefox, when I load the same site in Safari it works perfectly.
O yes, I also tried the connect to my iPhone and use the Cellular data network, then it's no problem using Gmail in Safari normally. You would say it's a router problem, but I have another Macbook Pro (just one model later running Mountain Lion) this one works perfectly with every browser. Also my iPhone does everyting logged into the WiFi network.
You can understand I really have no clue what's going on here, I don't see any logic. I can only think of a hardware problem in my Macbook, but don't see how that could cause these problems.
I hope someone is ably to help me ?Please read this whole message before doing anything.
This procedure is a test, not a solution. Don’t be disappointed when you find that nothing has changed after you complete it.
Step 1
The purpose of this step is to determine whether the problem is localized to your user account.
Enable guest logins* and log in as Guest. Don't use the Safari-only “Guest User” login created by “Find My Mac.”
While logged in as Guest, you won’t have access to any of your documents or settings. Applications will behave as if you were running them for the first time. Don’t be alarmed by this behavior; it’s normal. If you need any passwords or other personal data in order to complete the test, memorize, print, or write them down before you begin.
Test while logged in as Guest. Same problem?
After testing, log out of the guest account and, in your own account, disable it if you wish. Any files you created in the guest account will be deleted automatically when you log out of it.
*Note: If you’ve activated “Find My Mac” or FileVault, then you can’t enable the Guest account. The “Guest User” login created by “Find My Mac” is not the same. Create a new account in which to test, and delete it, including its home folder, after testing.
Step 2
The purpose of this step is to determine whether the problem is caused by third-party system modifications that load automatically at startup or login, by a peripheral device, by a font conflict, or by corruption of the file system or of certain system caches.
Please take this step regardless of the results of Step 1.
Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards, if applicable. Start up in safe mode and log in to the account with the problem. You must hold down the shift key twice: once when you turn on the computer, and again when you log in.
Note: If FileVault is enabled, or if a firmware password is set, or if the startup volume is a software RAID, you can’t do this. Ask for further instructions.
Safe mode is much slower to start up and run than normal, with limited graphics performance, and some things won’t work at all, including sound output and Wi-Fi on certain models. The next normal startup may also be somewhat slow.
The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.
Test while in safe mode. Same problem?
After testing, restart as usual (not in safe mode) and verify that you still have the problem. Post the results of Steps 1 and 2.
Maybe you are looking for
-
I read there is a solutions to open and save every single picture. I hope this is not the solution.
-
HI, I am using struts in my web application deployed on OC4J server. I am hitting a problem that the "sub page" gets incorrect url.The details are as follows: in my struts config the mapping is defined as : 1) "parent.do" is mapped to /WEB-INF/mypage
-
DMS - Document display without local copy - EAI Viewer
Hi, I have configured the BMP image file with EAI viewer in my DMS system. when i display in CV03N, the document is opening and download in to my Temp folder. After closing the document, the Temp folder has the image. I don't want that functionality.
-
How do I install the card into the
I received my new card in the mail today and it came with no instructions. I know it goes in the PCI slot but what am I supposed to do with the cord? I've searched and searched, all I keep coming up with anywhere are how to install the drivers which
-
What is Apple's warranty on their repairs?
I had an out-of-warranty repair done for a Macbook Pro to have the keyboard changed. Now, a few weeks later, the keyboard and mouse are not responding intermittenly. It causes the computer to freeze, and making it **** for when getting work done. Wha