FTPS  &  SOAP with SSL

Similar Messages

• SOAP with SSL in weblogic 5.1

  Hello!
  Any idea of using SOAP with SSL in weblogic 5.1.?? My webservice works properly
  when I use http, but it doesn't work with http.
  It's very important to me, to get a solution for this problem!!
  Many thanks.
  Best regards,
  Rafa.

  Hi Rafa,
  Can you possibly upgrade? WLS 5.1 does not have a built-in web services
  stack. WLS 7 and WLS 8.1 make this very easy.
  You might try searching back in this newsgroup using the header search
  of "5.1"
  For starters, see:
  http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.developer.interest.webservices&item=1894&utag=
  HTHs,
  Bruce
  Rafa Nocete wrote:
  >
  Hello!
  Any idea of using SOAP with SSL in weblogic 5.1.?? My webservice works properly
  when I use http, but it doesn't work with http.
  It's very important to me, to get a solution for this problem!!
  Many thanks.
  Best regards,
  Rafa.

• Setup automated Powershell to upload files to a remote ftp server with ssl

  Thanks in advance for the advice!
  I need to create a script to upload a file to a remote server to transfer some large files, and I've been reviewing some methods needed, and have a few questions.
  Is there a best practice for sending large files? 
  Is the webrequest or put commands better to use?
  This will be the first time we use Powershell on this server.   Should I change the executive policy on the server or should I change it in the script when running for security purposes?   This is a data warehouse therefore our strategic
  data is else where but want to make sure everything is secure as possible.
  I am able to run something similar on my laptop which works but when I try it on the server it is blocked.   I'm assuming I'll have to open up port 22 for this application to work.   How can I confirm that this is the port Powershell
  needs open for these transfers. 
  Any references to learning links appreciated since I'm new to Powershell.
  Thanks!

  Sorry but we cannot help you with this.  We suggest you contact a support tech or consultant to help you set up your system.
  Start by learning how PowerShell works and how to set it up. As fro the SSL you will need to postyourscript with any issues and errors.
  Start here:
  http://technet.microsoft.com/en-us/scriptcenter/dd793612.aspx
  ¯\_(ツ)_/¯

• JDeveloper Oracle ESB Designer calling SOAP with SSL

  Hi,
  I am new to Oracle ESB. I am creating a SOAP serving in Jdeveloepr ESB designer to invoke a WSDL. That url needs a user id/ pwd to be accisible. How can I enable this in Jdeveloper ESB designer
  Thanks!

  Not sure what documentation you have read but JDev does not get installed as part of the 10.1.3.1. It did with the single user license of 10.1.2
  here is the link, just unzip and play
  http://www.oracle.com/technology/software/products/jdev/htdocs/soft10134.html
  Please not that this is 10.1.3.4 and is only certified for SOA Suite 10.1.3.4. If you are using 10.1.3.1 then install JDev of that version. I would recommend upgrading SOA Suite to 10.1.3.4 as 10.1.3.1 is old. Part of the 10.1.3.4 install is installing 10.1.3.1
  patch is found here http://www.oracle.com/technology/software/products/ias/htdocs/101310.html (There is a patch link in the 10.1.3.1 install) Don't be surprised with the size of the patch as it looks like a fresh install. You just install into the same home as your 10.1.3.1 install.
  cheers
  James

• Working with SOAP and SSL in weblogic 5.1

  Hello!
  Any idea of using SOAP with SSL in weblogic 5.1.?? My webservice works properly
  when I use http, but it doesn't work with http. It's very important to me, to
  get a solution for this problem!!
  Many thanks. Best regards, Rafa.

  Hi Rafa,
  Can you possibly upgrade? WLS 5.1 does not have a built-in web services
  stack. WLS 7 and WLS 8.1 make this very easy.
  You might try searching back in this newsgroup using the header search
  of "5.1"
  For starters, see:
  http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.developer.interest.webservices&item=1894&utag=
  HTHs,
  Bruce
  Rafa Nocete wrote:
  >
  Hello!
  Any idea of using SOAP with SSL in weblogic 5.1.?? My webservice works properly
  when I use http, but it doesn't work with http.
  It's very important to me, to get a solution for this problem!!
  Many thanks.
  Best regards,
  Rafa.

• SOAP receiver / SSL

  Hello,
  I have the following scenario : R/3 -> XI -> SOAP with SSL.
  When accessing the target URL with a browser I don't have any problems. The SSL handshake is working correctly,I can download all certifcates from the chain and they are all valid.
  I imported the CA certficates into the keystore. But XI is unable to create the socket. In the logs I have the following message :
  "Attempting to create outgoing ssl connection without trusted certificates".
  We have other partners using the same scenario working correctly. I checked and the partners that are working correctly are using a 1024 public key and the new one that causes error is using only a 512 public key.
  Thanks,
  Bela

  Hi Bela,
  Did you ever solve the issue I'm currently facing a similar problem when trying to use SSL to call a web service

• Data Transfer Port ranges in FTPS with SSL in File Adapter

  Hi,
  I would appreciate if you could give me pointers reagrding the below issue.
  We are on XI 3.0.
  For one interface, I have to configure the FTP File adapter to pick up the files from external server.
  The connection is secure and should be FTPS with SSL.
  I have the certificate from the 3rd party and have it installed on our XI development server.
  The change has been made in our firewall to allow the connection to the host IP and port 21 which is configured at the target party as Explicit FTPS port and they have allowed access to our Server IP in their firewall.
  I have configured other FTPS connections and they worked fine but this is the only one that has been giving me so much trouble.
  The error i get today is:
  Error occurred while connecting to the FTP server "60.234.48.106:21": java.net.SocketException: Connection reset
  Yesterday, i got the below error:
  Error occurred while connecting to the FTP server "60.234.48.106:21": iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier
  The Vendor has suggested to get the firewall ports 21 and 28000:30000 (data transfer) to be opened.
  He has also provided with the certificate passphrase additionally to the user name and password needed to make the connection.
  When i tried the connection from the XI development to the vendor server, via the Telnet, it looked like it worked.
  Please advice.
  Regards,
  Archana

  >
  Archana Singhai wrote:
  > Hi,
  > I would appreciate if you could give me pointers reagrding the below issue.
  > We are on XI 3.0.
  > For one interface, I have to configure the FTP File adapter to pick up the files from external server.
  > The connection is secure and should be FTPS with SSL.
  > I have the certificate from the 3rd party and have it installed on our XI development server.
  > The change has been made in our firewall to allow the connection to the host IP and port 21 which is configured at the target party as Explicit FTPS port and they have allowed access to our Server IP in their firewall.
  > I have configured other FTPS connections and they worked fine but this is the only one that has been giving me so much trouble.
  > The error i get today is:
  > Error occurred while connecting to the FTP server "60.234.48.106:21": java.net.SocketException: Connection reset
  > Yesterday, i got the below error:
  > Error occurred while connecting to the FTP server "60.234.48.106:21": iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier
  > The Vendor has suggested to get the firewall ports 21 and 28000:30000 (data transfer) to be opened.
  > He has also provided with the certificate passphrase additionally to the user name and password needed to make the connection.
  > When i tried the connection from the XI development to the vendor server, via the Telnet, it looked like it worked.
  > Please advice.
  > Regards,
  > Archana
  1. Open the port ranges. FTPS usually requires you to open ports in the range of 65024 through 65535 for Passive FTP data
  connections
  2. Use the CA name in the certificate. it should be same as of the host name of the FTPS server

• SOAP XML corruption with SSL

  When we start Flex from an SSL url (and send messages to a
  web server with SSL on), one of our SOAP messages gets corrupted.
  It only happens with one particular call, and there is another call
  which produces almost-identical XML that doesn't encounter the
  problem.
  Using ethereal, we see that the SOAP message looks as follows
  (I've removed some parts inside the XML that are well-formed, I've
  also modified the IP address). Note that the last n characters from
  the XML string have been pasted over the start of the SOAP XML!
  If we turn SSL off in the web server (and access the Flex app
  using http), it works with no problem.
  Have you seen anything like this or know what might be
  causing this corruption?
  Thanks.
  POST /PDisp HTTP/1.1
  Host: 1.2.3.4:11080
  Accept: */*
  Referer: https://1.2.3.4/foo.swf
  x-flash-version: 9,0,16,0
  Content-Type: text/xml; charset=utf-8
  SOAPAction: ""
  Accept-Encoding: gzip, deflate
  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
  5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1)
  Cache-Control: no-cache
  Cookie: LoginSessionID=bc65dbdda75f854ab58c242982d393f6
  Max-Forwards: 10
  X-Forwarded-For: 1.2.3.4
  X-Forwarded-Host: 1.2.3.4
  X-Forwarded-Server: test1.bar.com
  Content-Length: 8294
  lanEntries>
  </facTemplate>
  </TemplateTO>
  </validateTemplate></SOAP-ENV:Body></SOAP-ENV:Envelope>
  xmlns:SOAP-ENV="
  http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:xsi="
  http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Body><validateTemplate>
  <TemplateTO>
  <id>68</id>
  <facTemplate>
  <dialPlanEntries>
  <dialPlanEntry>
  <dialedString>0</dialedString>
  <totalLength>3</totalLength>
  <callType />
  </dialPlanEntry>
  </dialPlanEntries>
  </facTemplate>
  </TemplateTO>
  </validateTemplate></SOAP-ENV:Body></SOAP-ENV:Envelope>

  There appears to be a bug where the XML is corrupted if the
  file size is too big and SSL is turned on. This happened for XML
  somewhere in the range of 8K-9K. To fix the problem, I tried
  removing single tags (tried several different ones), and that was
  enough to get it to work where there was no corruption. In the end,
  I re-named my tags with shorter names and was able to make this
  work.
  Definitely a work-around and we need to find a "real" way to
  solve this.
  Has anyone run into this?

• Anyone able to run SOAP over SSL with Weblogic 5.1 and without purchasing third party tools???  If so, how???

  Anyone able to run SOAP over SSL with Weblogic 5.1??? If so, how??? And
  without purchasing third party tools??? Thanks.
  -Freddie

  Anyone able to run SOAP over SSL with Weblogic 5.1??? If so, how??? And
  without purchasing third party tools??? Thanks.
  -Freddie

• Weblogic app server wsdl web service call with SSL Validation error = 16

  Weblogic app server wsdl web service call with SSL Validation error = 16
  I need to make wsdl web service call in my weblogic app server. The web service is provided by a 3rd party vendor. I keep getting error
  Cannot complete the certificate chain: No trusted cert found
  Certificate chain received from ws-eq.demo.xxx.com - xx.xxx.xxx.156 was not trusted causing SSL handshake failure
  Validation error = 16
  From the SSL debug log, I can see 3 verisign hierarchy certs are correctly loaded (see 3 lines in the log message starting with “adding as trusted cert”). But somehow after first handshake, I got error “Cannot complete the certificate chain: No trusted cert found”.
  Here is how I load trustStore and keyStore in my java program:
       System.setProperty("javax.net.ssl.trustStore",”cacerts”);
       System.setProperty("javax.net.ssl.trustStorePassword", trustKeyPasswd);
       System.setProperty("javax.net.ssl.trustStoreType","JKS");
  System.setProperty("javax.net.ssl.keyStoreType","JKS");
  System.setProperty("javax.net.ssl.keyStore", keyStoreName);
       System.setProperty("javax.net.ssl.keyStorePassword",clientCertPwd);      System.setProperty("com.sun.xml.ws.transport.http.client.HttpTransportPipe.dump","true");
  Here is how I create cacerts using verisign hierarchy certs (in this order)
  1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignClass3G5PCA3Root.txt -alias "Verisign Class3 G5P CA3 Root"
  1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignC3G5IntermediatePrimary.txt -alias "Verisign C3 G5 Intermediate Primary"
  1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignC3G5IntermediateSecondary.txt -alias "Verisign C3 G5 Intermediate Secondary"
  Because my program is a weblogic app server, when I start the program, I have java command line options set as:
  -Dweblogic.security.SSL.trustedCAKeyStore=SSLTrust.jks
  -Dweblogic.security.SSL.ignoreHostnameVerification=true
  -Dweblogic.security.SSL.enforceConstraints=strong
  That SSLTrust.jks is the trust certificate from our web server which sits on a different box. In our config.xml file, we also refer to the SSLTrust.jks file when we bring up the weblogic app server.
  In addition, we have working logic to use some other wsdl web services from the same vendor on the same SOAP server. In the working web service call flows, we use clientgen to create client stub, and use SSLContext and WLSSLAdapter to load trustStore and keyStore, and then bind the SSLContext and WLSSLAdapter objects to the webSerive client object and make the webservie call. For the new wsdl file, I am told to use wsimport to create client stub. In the client code created, I don’t see any way that I can bind SSLContext and WLSSLAdapter objects to the client object, so I have to load certs by settting system pramaters. Here I attached the the wsdl file.
  I have read many articles. It seems as long as I can install the verisign certs correctly to web logic server, I should have fixed the problem. Now the questions are:
  1.     Do I create “cacerts” the correct order with right keeltool options?
  2.     Since command line option “-Dweblogic.security.SSL.trustedCAKeyStore” is used for web server jks certificate, will that cause any problem for me?
  3.     Is it possible to use wsimport to generate client stub that I can bind SSLContext and WLSSLAdapter objects to it?
  4.     Do I need to put the “cacerts” to some specific weblogic directory?
  ---------------------------------wsdl file
  <wsdl:definitions name="TokenServices" targetNamespace="http://tempuri.org/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:tns="http://tempuri.org/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
       <wsp:Policy wsu:Id="TokenServices_policy">
            <wsp:ExactlyOne>
                 <wsp:All>
                      <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                           <wsp:Policy>
                                <sp:TransportToken>
                                     <wsp:Policy>
                                          <sp:HttpsToken RequireClientCertificate="true"/>
                                     </wsp:Policy>
                                </sp:TransportToken>
                                <sp:AlgorithmSuite>
                                     <wsp:Policy>
                                          <sp:Basic256/>
                                     </wsp:Policy>
                                </sp:AlgorithmSuite>
                                <sp:Layout>
                                     <wsp:Policy>
                                          <sp:Strict/>
                                     </wsp:Policy>
                                </sp:Layout>
                           </wsp:Policy>
                      </sp:TransportBinding>
                      <wsaw:UsingAddressing/>
                 </wsp:All>
            </wsp:ExactlyOne>
       </wsp:Policy>
       <wsdl:types>
            <xsd:schema targetNamespace="http://tempuri.org/Imports">
                 <xsd:import schemaLocation="xsd0.xsd" namespace="http://tempuri.org/"/>
                 <xsd:import schemaLocation="xsd1.xsd" namespace="http://schemas.microsoft.com/2003/10/Serialization/"/>
            </xsd:schema>
       </wsdl:types>
       <wsdl:message name="ITokenServices_GetUserToken_InputMessage">
            <wsdl:part name="parameters" element="tns:GetUserToken"/>
       </wsdl:message>
       <wsdl:message name="ITokenServices_GetUserToken_OutputMessage">
            <wsdl:part name="parameters" element="tns:GetUserTokenResponse"/>
       </wsdl:message>
       <wsdl:message name="ITokenServices_GetSSOUserToken_InputMessage">
            <wsdl:part name="parameters" element="tns:GetSSOUserToken"/>
       </wsdl:message>
       <wsdl:message name="ITokenServices_GetSSOUserToken_OutputMessage">
            <wsdl:part name="parameters" element="tns:GetSSOUserTokenResponse"/>
       </wsdl:message>
       <wsdl:portType name="ITokenServices">
            <wsdl:operation name="GetUserToken">
                 <wsdl:input wsaw:Action="http://tempuri.org/ITokenServices/GetUserToken" message="tns:ITokenServices_GetUserToken_InputMessage"/>
                 <wsdl:output wsaw:Action="http://tempuri.org/ITokenServices/GetUserTokenResponse" message="tns:ITokenServices_GetUserToken_OutputMessage"/>
            </wsdl:operation>
            <wsdl:operation name="GetSSOUserToken">
                 <wsdl:input wsaw:Action="http://tempuri.org/ITokenServices/GetSSOUserToken" message="tns:ITokenServices_GetSSOUserToken_InputMessage"/>
                 <wsdl:output wsaw:Action="http://tempuri.org/ITokenServices/GetSSOUserTokenResponse" message="tns:ITokenServices_GetSSOUserToken_OutputMessage"/>
            </wsdl:operation>
       </wsdl:portType>
       <wsdl:binding name="TokenServices" type="tns:ITokenServices">
            <wsp:PolicyReference URI="#TokenServices_policy"/>
            <soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>
            <wsdl:operation name="GetUserToken">
                 <soap12:operation soapAction="http://tempuri.org/ITokenServices/GetUserToken" style="document"/>
                 <wsdl:input>
                      <soap12:body use="literal"/>
                 </wsdl:input>
                 <wsdl:output>
                      <soap12:body use="literal"/>
                 </wsdl:output>
            </wsdl:operation>
            <wsdl:operation name="GetSSOUserToken">
                 <soap12:operation soapAction="http://tempuri.org/ITokenServices/GetSSOUserToken" style="document"/>
                 <wsdl:input>
                      <soap12:body use="literal"/>
                 </wsdl:input>
                 <wsdl:output>
                      <soap12:body use="literal"/>
                 </wsdl:output>
            </wsdl:operation>
       </wsdl:binding>
       <wsdl:service name="TokenServices">
            <wsdl:port name="TokenServices" binding="tns:TokenServices">
                 <soap12:address location="https://ws-eq.demo.i-deal.com/PhxEquity/TokenServices.svc"/>
                 <wsa10:EndpointReference>
                      <wsa10:Address>https://ws-eq.demo.xxx.com/PhxEquity/TokenServices.svc</wsa10:Address>
                 </wsa10:EndpointReference>
            </wsdl:port>
       </wsdl:service>
  </wsdl:definitions>
  ----------------------------------application log
  adding as trusted cert:
  Subject: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x641be820ce020813f32d4d2d95d67e67
  Valid from Sun Feb 07 19:00:00 EST 2010 until Fri Feb 07 18:59:59 EST 2020
  adding as trusted cert:
  Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be
  Valid from Sun Jan 28 19:00:00 EST 1996 until Wed Aug 02 19:59:59 EDT 2028
  adding as trusted cert:
  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x250ce8e030612e9f2b89f7054d7cf8fd
  Valid from Tue Nov 07 19:00:00 EST 2006 until Sun Nov 07 18:59:59 EST 2021
  <Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm DESede/CBC/NoPadding>
  <Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm DESede>
  <Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 28395435>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 115>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <25779276 SSL3/TLS MAC>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <25779276 received HANDSHAKE>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 2400410601231772600606506698552332774
  Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
  Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
  Not Valid Before:Tue Dec 18 19:00:00 EST 2012
  Not Valid After:Wed Jan 07 18:59:59 EST 2015
  Signature Algorithm:SHA1withRSA
  >
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 133067699711757643302127248541276864103
  Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
  Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
  Not Valid Before:Sun Feb 07 19:00:00 EST 2010
  Not Valid After:Fri Feb 07 18:59:59 EST 2020
  Signature Algorithm:SHA1withRSA
  >
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 2400410601231772600606506698552332774
  Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
  Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
  Not Valid Before:Tue Dec 18 19:00:00 EST 2012
  Not Valid After:Wed Jan 07 18:59:59 EST 2015
  Signature Algorithm:SHA1withRSA
  >
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 133067699711757643302127248541276864103
  Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
  Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
  Not Valid Before:Sun Feb 07 19:00:00 EST 2010
  Not Valid After:Fri Feb 07 18:59:59 EST 2020
  Signature Algorithm:SHA1withRSA
  >
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
  <Mar 7, 2013 6:59:22 PM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from ws-eq.demo.xxx.com - xx.xxx.xxx.156 was not trusted causing SSL handshake failure.>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
  java.lang.Exception: New alert stack
       at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
       at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
       at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
       at com.certicom.tls.record.WriteHandler.write(Unknown Source)
       at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
       at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
       at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
       at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
       at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
       at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
       at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
       at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
       at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
       at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
       at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
       at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
       at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:296)
       at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
       at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
       at javax.xml.ws.Service.<init>(Service.java:56)
       at ideal.ws2j.eqtoken.TokenServices.<init>(TokenServices.java:64)
       at com.citi.ilrouter.util.IpreoEQSSOClient.invokeRpcPortalToken(IpreoEQSSOClient.java:165)
       at com.citi.ilrouter.servlets.T3LinkServlet.doPost(T3LinkServlet.java:168)
       at com.citi.ilrouter.servlets.T3LinkServlet.doGet(T3LinkServlet.java:206)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(Unknown Source)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(Unknown Source)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(Unknown Source)
       at weblogic.servlet.internal.WebAppServletContext.execute(Unknown Source)
       at weblogic.servlet.internal.ServletRequestImpl.run(Unknown Source)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  >
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 6457753>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 6457753>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 22803607>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 14640403>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 115>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <23376797 SSL3/TLS MAC>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <23376797 received HANDSHAKE>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 2400410601231772600606506698552332774
  Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
  Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
  Not Valid Before:Tue Dec 18 19:00:00 EST 2012
  Not Valid After:Wed Jan 07 18:59:59 EST 2015
  Signature Algorithm:SHA1withRSA
  >
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 133067699711757643302127248541276864103
  Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
  Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
  Not Valid Before:Sun Feb 07 19:00:00 EST 2010
  Not Valid After:Fri Feb 07 18:59:59 EST 2020
  Signature Algorithm:SHA1withRSA
  >
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 2400410601231772600606506698552332774
  Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
  Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
  Not Valid Before:Tue Dec 18 19:00:00 EST 2012
  Not Valid After:Wed Jan 07 18:59:59 EST 2015
  Signature Algorithm:SHA1withRSA
  >
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 133067699711757643302127248541276864103
  Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
  Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
  Not Valid Before:Sun Feb 07 19:00:00 EST 2010
  Not Valid After:Fri Feb 07 18:59:59 EST 2020
  Signature Algorithm:SHA1withRSA
  >
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
  <Mar 7, 2013 6:59:22 PM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from ws-eq.demo.xxx.com - 12.29.210.156 was not trusted causing SSL handshake failure.>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
  java.lang.Exception: New alert stack
       at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
       at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
       at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
       at com.certicom.tls.record.WriteHandler.write(Unknown Source)
       at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
       at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
       at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
       at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
       at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
       at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
       at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
       at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
       at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
       at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
       at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
       at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
       at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:296)
       at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
       at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
       at javax.xml.ws.Service.<init>(Service.java:56)
       at ideal.ws2j.eqtoken.TokenServices.<init>(TokenServices.java:64)
       at com.citi.ilrouter.util.IpreoEQSSOClient.invokeRpcPortalToken(IpreoEQSSOClient.java:165)
       at com.citi.ilrouter.servlets.T3LinkServlet.doPost(T3LinkServlet.java:168)
       at com.citi.ilrouter.servlets.T3LinkServlet.doGet(T3LinkServlet.java:206)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(Unknown Source)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(Unknown Source)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(Unknown Source)
       at weblogic.servlet.internal.WebAppServletContext.execute(Unknown Source)
       at weblogic.servlet.internal.ServletRequestImpl.run(Unknown Source)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  >
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 16189141>

  I received a workaround by an internal message.
  The how to guide is :
  -Download the wsdl file (with bindings, not the one from ESR)
  -Correct it in order that the schema corresponds to the answer (remove minOccurs or other things like this)
  -Deploy the wsdl file on you a server (java web project for exemple). you can deploy on your local
  -Create a new logicial destination that point to the wsdl file modified
  -Change the metadata destination in your web dynpro project for the corresponding model and keep the execution desitnation as before.
  Then the received data is check by the metadata logical destination but the data is retrieved from the correct server.

• Issue with SSL in web service.

  Hi All,
  We are having synchronous web service to proxy scenario in XI. We are trying to send a binary data using the SOAP web service to SAP via XI. Initially, we were posting large binary data using HTTP connection via XI from the SOAP client. The scenario was working without any issues.
  Since the data is sensitive changed the web service from HTTP to HTTPS.The interface works without issues when we test it using the SOAP client for testing. When the data is sent using the Dot Net application (the end application) using the same webservice, URL (HTTPS connection) the message errors out. The connection is borken and the message fails. In this scenario, XI does not even receive the message which I can make out looking into the SOAP adapter communication channel.
  The interesting fact here is the same  Dot Net application is able to connect and send smaller binary data using HTTPS connection.
  Could you please let us know if this could be the issue with HTTPS connection on XI side? I doubt it to be an issue on XI side because the adapter does not even receive any message when the scenario fails. But we used some HTTPS monitoring tools and found that the Dot Net Application receives some encrypted response from the server which the application is not able to decrypt and the handshake breaks.
  Could you please throw some inputs into this issue.
  Thanks,
  Manohar.

  Hi Manohar
  You have posted the same question with two different subject text
  anyway follow these SAP notes your problem will be short out
  Note 856597 - FAQ: XI 3.0 / PI 7.0 / PI 7.1 SOAP Adapter
  https://websmp102.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=856597&_NLANG=E
  Note 856599 - FAQ: XI 3.0 / PI 7.0 / PI 7.1 Mail Adapter
  https://websmp102.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=856599&_NLANG=E
  Note 870845 - XI 3.0 SOAP adapter SSL client certificate problem
  https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=916664&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
  https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=870845&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
  check the OSS Note 554174 & see if it helps
  Note 645357 - SAPHTTP: SSL error
  https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=645357&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
  https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1150980&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
  one alternative may be Restart ICM (Internet Communication Manager) .This will solve your HTTP issue
  Cheers!!!!
  Regards
  sandeep
  if helpful kindly reward points

• ESB: inbound file and outbound ftp adapter with multiple directories

  Basically I want to scan directories and write new files ftp directories. I could figure out how to do that for one directory. However I need to scan multiple directories and ftp upload files contained in those directories to corresponding ftp directories. Number of directories and their names are only known at run time. All directories are under one parent directory, both locally and the remote ftp site. We can assume all ftp directories exist.
  I could not figure out how to this. Is this possible at all? Directory names seem to be only specified at design time, for both inbound file adapters and outbound ftp adapters.
  Pranab

  Chris, I am not really sure this is the right place to ask this question. But hopefully you might have something in your armour to help me out.
  My requirement is to configure an inbound File/FTP adapter to read from a Directory which can be known only at runtime. A webservice call returns the file name and network path of the file to be read, but that happens only during the run time. I guess one way possible is, you configure a File/FTP Adapter with a logical name for directory and set the physical directory path using the endpoint property. But in that case, I should know the Physical directory @ deployment time.
  I would like to know whether it is possible to manipulate the Endpoint property of an ESB Service (SOAP Service/Routing Service/Adapter Service) during runtime.
  So is there any way to get the enpoint property configured during runtime??? Otherwise dO you recommend some other solution for this use case???
  Any help would be appreciated.
  -Sudheer

• Problem with SSL Activated on SSO Login

  Hi Guys,
  One of my applications has recently hit a few problems when SSL was activated on several environments. My application requires you to login using a SSO username and password before you can use the application. Before SSL was implemented, when you pressed the main menu button the page would redirect to the login server and the SSO login would remember your details and log you in again and then take you to the 1st page with a new session id. However, with SSL implemented, when the main menu button is pressed it redirects you to the login server but this time it asks you to enter your username and password. This is a problem as every time authentication is required on my application, it will keep telling you to login even if you have already done so before.
  For extra information, the main menu button (which is a navigation bar entry) redirects you to a piece of javascript which is used to take you back to the 1st page depending on what page you are on.
  I am also using the latest version of APEX.
  Any help is much appreciated as I am not sure where to go with this problem.
  Also is it a problem with the SSL setup or my application?
  Thanks
  -Mark

  I have tried to pass the cookie through the URL to the login server but this does nothing.I can't imagine what you mean by that or what exactly you did.
  it just takes me to the login page and resets the session id after i have logged in again!What do you mean by "reset"?
  How can I make cookies be accepted by SSL?Have you constructed an experiment to prove that this is the problem?
  Is there something i can put in the application itself?Definitely not.
  Scott

• Cannot access to any site with ssl connection and fail to open safari and keychain, unless restart computer and login in with Guest account.

  when Update to 10.7.2 ,I cannot access to any site with ssl connection and fail to open safari and keychain, unless restart computer and login in with Guest account.
  OS:10.7.2
  Macbook Pro 2010-mid 13inch

  I also have the same problem, however if I use Firefox or Opera sites with ssl connection work fine. Still, I can't use Google Chrome (ssl), Safari (ssl), the Mac app store (generally), or the iTunes store (generally). Both the iTunes store, Safari and the app store won't respond, and Chrome displays this error: (net::ERR_TIMED_OUT). The problem persists regardless of what network I'm using. Also, when trying to access the keychain or iCloud, the process will not start (will hang). I didn't have these problems at all before updating to 10.7.2.
  Sometimes rebooting helps, and sometimes not. If the problem disappears by rebooting, then it only lasts a few minutes before it reappears. It is very frustrating, especially since there doesn't seem to be any obvious or consistent way of which to fix it.
  I'm also using a Macbook Pro 13-inch mid 2010.

• Crystal Reports export and print fails with SSL / https but works with http

  Windows 2008 Server, 32-bit (IIS7)
  ASP.NET 2.0
  Ajax 1.0
  Crystal Reports version 10.5.3700.0
  http:  printing works, export works
  https:  printing not working, only export to MS Excel and MS Word work.
  I am able to generate reports using both http and https, and the toolbar icons are all showing.  However, I am unable to print or export properly with SSL.
  Printing prompts me with a select printer window, and then a window 'Retrieving Page 1' follow by two messages from Crystal Print Control both stating:
  A communication error occured.  Printing will be stopped.
  Exporting generates various errors depending on which export method is being selected (however Excel and Word work over https).
  I've found the same problem on this site and other forums, but never a resolution to get exporting and printing to work with SSL.  Will someone please provide me assistance or possibly relay what settings they're using if they have Crystal Reports export or printing working over SSL in IIS7?  Everything works fine when I change the address from https to http.
  Please let me know if I can help by providing further information.  We've gone through a great deal of possible solutions with code and I'm currently looking in to IIS settings again.
  Thank you.

  Thanks Ludek. I got it by searching KB number.
  Unfortunately, it didn’t fix my problem even my IE (IE8 and IE 9) has correct setting.  I double check my version. PrintControl.CAB is version 10.2.0.1146. we use VS 2005 Crystal report and VB .NET. It works fine on HTTP. But when we use HTTPS (SSL Certificate from go daddy).
  1: Crystal report export
              Export to MS Excel, Word: pop us “File download”, then click “Save”. It says “Internet Explorer cannot download ReportView.aspx from my site. Internet Explorer was not able to open this internet site. the requested site is either unavailable or cannot be found. Please try it again later”
              Export to RPt, Rich text format: It says “Internet Explorer cannot download ReportView.aspx from my site. Internet Explorer was not able to open this internet site. the requested site is either unavailable or cannot be found. Please try it again later”
              Export to PDF : nothing happened.
  2: Print:
              Pop up dialog to select printer, click “Print” “. Shows windows “Crystal Report Viewer” and pop us error message box. Title is “Crystal Print Control”. Message is “An communication error occurred. Printing will be stopped”. Click “OK” and pop up error message box again.
  Please advise.
  Thank you very much!