Getting Server Admin to connect over SSL

Similar Messages

• Server cannot be connected over ssl

  Installed self-signed certificate on the Messaging Server. And started up the messaing server with ssl.
  "netstat " shows port 993 is idle. But seems cannot connect to it .
  The messaing server was running on a standalone machine, not network connective.
  Does ssl require connections over the network?
  Thanks!

  Installed self-signed certificate on the Messaging
  Server. And started up the messaing server with ssl."started the messaging serve with ssl". Means what?
  Did you make the configutil settings to turn any of the ssl functions on?
  Did you edit the sslpassword.conf file to add the password for the certificate database?
  Did you make a typo? The default name of the cert is "Server-Cert". "server-cert" is not the same, as it's case sensitive.
  Did you examine any of the logs and see errors on the restart?
  I don't even know what version Messaging you're running. Frankly, you've a whole bunch of homework to do before I can be much help.
  jay
  >
  >
  "netstat " shows port 993 is idle. But seems cannot
  connect to it .
  The messaing server was running on a standalone
  machine, not network connective.
  Does ssl require connections over the network?
  Thanks!

• 10g Client connections over SSL

  Hello,
  I have some lightweight applications that need to connect to our 10g server over SSL. Right now, the scripts work fine using the Instantclient (10.2). I was told that the only way to connect over SSL is to have the full Oracle client installed, which I am loathe to do simply because the intent of the scripts is that they are as "light" as possible, though they do need to be encrypted.
  I'm having a hard time believing that my only option for an encrypted connection is the full Oracle client, which is waaaaaay bigger than the scripts that need to connect.
  Can anyone help point me in the right direction?
  Thank you!
  Todd

  To my knowledge, Oracle 10g comes with SSL Required Support Files for Instant Client. But whether that is enough for SSL connection, is another question. May be you can get help form the Instant Client Forum
  Instant Client

• WLS :: Will Vista web client work with Weblogic Server 8.1.6 over SSL?

  Hello,
  I have installed 51-2 bit SSL cert on weblogic 7 and found that the secure site doesn't work on Vista web client.
  Weblogic gives error in handshaking and says algorithm is not supported.
  Vista web client uses some algorithms which were not supported by weblogic 7.
  So would like to know if would Vista web client work with Weblogic Server 8.1.6 over SSL?
  Any information in this regard would be helpful.
  Thanks in Advance.

  can you use the following debug flags in the weblogic server as java_options and paste the complete ssl handshake exception here.
  -Dweblogic.StdoutDebugEnabled=true
  -Dssl.debug=true
  thanks,
  sandeep

• Netscape Directory Server closes LDAPS connection during SSL handshake

  I'm trying to bind to a NDS 6.2 LDAP server over SSL using the 1.4.2_03 JNDI LDAP provider,
  but I can't get past the initial TSL handshake: it throws a "Remote host closed connection
  during handshake" exception. The JSSE FAQ mentions this as likely a problem with
  protocol incompatibilities (e.g. SSL3 vs. TLS1), but I can't seem to force the LDAP provider
  to use an older protocol to investigate this further.
  Here are the environment parameters I'm passing
    java.naming.provider.url=ldap://ldaphost:636/o=foo,ou=bar 
    java.naming.security.principal=cn=foobar
    java.naming.security.credentials=password
    java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
    java.naming.security.authentication=simple
    java.naming.security.protocol=ssland the associated JSSE debug trace follows.
  Any ideas? Do I need to create some custom socket factory to mess with protocols?
  pch
  ================
  keyStore is :
  keyStore type is : jks
  init keystore
  init keymanager of type SunX509
  trustStore is: C:\tools\jdk1.4.2\jre\lib\security\jssecacerts
  trustStore type is : jks
  init truststore
  adding as trusted cert:
    Subject: [email protected], CN=Petes Bait and Tackle Class Z CA, O=Petes Bait and Tackle, L=Falls Church, ST=Virginia, C=US
    Issuer:  [email protected], CN=Petes Bait and Tackle Class Z CA, O=Petes Bait and Tackle, L=Falls Church, ST=Virginia, C=US
    Algorithm: RSA; Serial number: 0x0
    Valid from Thu Jun 24 13:24:27 EDT 2004 until Fri Jun 24 13:24:27 EDT 2005
  init context
  trigger seeding of SecureRandom
  done seeding SecureRandom
  %% No cached client session
  *** ClientHello, TLSv1
  RandomCookie:  GMT: 1071325469 bytes = { 1, 25, 191, 168, 187, 165, 118, 46, 45, 64, 183, 165, 131, 120, 155, 107, 208, 170, 19, 80, 74, 234, 177, 118, 51, 83, 194, 158 }
  Session ID:  {}
  Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
  Compression Methods:  { 0 }
  [write] MD5 and SHA1 hashes:  len = 73
  0000: 01 00 00 45 03 01 40 DB   21 1D 01 19 BF A8 BB A5  ...E..@.!.......
  0010: 76 2E 2D 40 B7 A5 83 78   9B 6B D0 AA 13 50 4A EA  [email protected].
  0020: B1 76 33 53 C2 9E 00 00   1E 00 04 00 05 00 2F 00  .v3S........../.
  0030: 33 00 32 00 0A 00 16 00   13 00 09 00 15 00 12 00  3.2.............
  0040: 03 00 08 00 14 00 11 01   00                       .........
  main, WRITE: TLSv1 Handshake, length = 73
  [write] MD5 and SHA1 hashes:  len = 98
  0000: 01 03 01 00 39 00 00 00   20 00 00 04 01 00 80 00  ....9... .......
  0010: 00 05 00 00 2F 00 00 33   00 00 32 00 00 0A 07 00  ..../..3..2.....
  0020: C0 00 00 16 00 00 13 00   00 09 06 00 40 00 00 15  ............@...
  0030: 00 00 12 00 00 03 02 00   80 00 00 08 00 00 14 00  ................
  0040: 00 11 40 DB 21 1D 01 19   BF A8 BB A5 76 2E 2D 40  ..@.!.......v.-@
  0050: B7 A5 83 78 9B 6B D0 AA   13 50 4A EA B1 76 33 53  ...x.k...PJ..v3S
  0060: C2 9E                                              ..
  main, WRITE: SSLv2 client hello message, length = 98
  main, received EOFException: error
  main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
  main, SEND TLSv1 ALERT:  fatal, description = handshake_failure
  main, WRITE: TLSv1 Alert, length = 2
  main, called closeSocket()

  My first suggestion is to find an log on de NDS server (maybe it states a reason for the closing the connection)
  Otherwise use Ethereal to examen the trafic between the to machines. Maybe that helps.
  Or check if the NDS wants 2-way authentication and is trying to get your certificate as wel.

• Server Admin: VPN Connection Window all blank entries

  Using Server Admin, when I goto..
  VPN: Connections
  It says I have 41 PPTP Connections, but they are all blanked out. There is no username, IP, Internal IP, Protocol, or Connected For. I wish I could attach a picture to show it. Only thing that keeps showing up in the error log is:
  Fri Apr 9 00:59:23 2010 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x3f1892c2> <pcomp> <accomp>]
  Fri Apr 9 00:59:23 2010 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xde8e1a6d> <pcomp> <accomp>]
  Fri Apr 9 00:59:23 2010 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x33103b8e> <pcomp> <accomp>]
  Fri Apr 9 00:59:25 2010 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x45de7e2a> <pcomp> <accomp>]
  Fri Apr 9 00:59:26 2010 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x3f1892c2> <pcomp> <accomp>]
  Fri Apr 9 00:59:26 2010 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xde8e1a6d> <pcomp> <accomp>]
  Fri Apr 9 00:59:26 2010 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x33103b8e> <pcomp> <accomp>]
  Any chance it's a firewall issue?

  Does nobody from Apple read this list?
  My server still isn't working properly, and it's deeply frustrating.
  Having done a lot of investigating I discovered that servermgrd is based on Apache, and I discovered where all it's files live. I've also discovered how to enable the debug menu in Server Admin.
  If I try to access the "servermgr_info" command that I am seeing errors from in my servermgrderrorlog file via the command line (using sudo, so it executes as root, just as it should through servermgrd) then it works just fine with no complaints about access. The PasswordServer logs seem to imply that access gets granted when I run up Server Admin.
  This seems to point towards servermgrd going wrong somehow and deciding for itself that access cannot be granted. Its configuration had not been changed in any way. Since these errors started all I have done to it has been to increase the logging, which had no effect.
  The error message I get from Server Admin is as follows:
  The login information is incomplete for this server or is not valid.
  One or more services failed to accept the login information you provided for <myserver>. Check the Name and Password and try to log on again or contact your network administrator.
  The error in the servermgrderrorlog file on a connection attempt is as I gave in my first message.
  Curiously Server Monitor, which also uses servermgrd, is functioning perfectly, with apparently no authentication problems.
  I've been very happy with my XServe until this problem came up. Just at the wrong time too - I'm about to expand our infrastructure, and suddenly my Mac server has become harder to administer than my Linux servers. Not very impressive, and the support I'm getting at the moment is far worse than I can get for Linux. Adding new XServe's had been my favoured option, but Linux's star is rising here at the momment.

• Server Admin not connecting to Leopard Server when accessing via VPN

  Hi everyone,
  Recently, as the title suggests, Server Admin (or Server Preferences, for that matter) would not connect to my remote server via VPN. I'm quite sure that the server is working nicely, as the users (both of them lovely young ladies with considerable charms, which makes on-site support quite interesting, if distracting) didn't call me to complain, and I can login via SSH with no problems.
  The server is a Mac Mini, connected to an Airport Extreme (gigabit N), which in turn connects to our ADSL modem, if that helps any.
  Now, I did tinker around a bit with the settings before this happened, so I think it's probably my fault (well, I started my "career" of administering this server a week ago, what do you expect), so I suppose I may have inadvertently limited access to a service required for Server Admin and Server Preferences to function.
  If anyone could tell me which services are absolutely necessary for Server Admin to function, or at least where to start looking, I'd be immensely grateful. I didn't yet go on site to try and wrestle the whole thing from there, as the travel costs are non-trivial, so I'd rather do it remotely, if at all possible.

  This is exactly the difficulty I am having with a 10.5.4 Intel xserve. I have established a VPN connection that connects me to my business LAN, and I know it has carried out the connection because there are a number of things I can access properly that are not available on the public internet. For instance, my LOM ports are restricted to my business LAN, and when I connect to the server via VPN I can access teh LOM ports and using server monitor. However, when I try to use Server Admin, nothing works. It won't connect. I too am confused. All traffic to the xserve is allowed via the business LAN. I thought all traffic was supposed to be routed to the VPN server when connected via a VPN. If this is the case, shouldn't Server Admin work? When I go on site and connect my computer directly to the business LAN, I have no difficulty using Server Admin.

• Server Admin - 10 Connections or Unlimited?

  I'm helping a client re-initialize a 10.4 G5 Server.
  They obviously need more than 10 concurrent connections, so I ask what type of license they have (max of 10 or unlimited). They have the registration code, but are not really sure if it's unlimited or not.
  I go into Server Admin and check the Settings tab for the server. Sure enough, there's the registration code (the same as they provided me) and beneath it states: Unlimited Connections. Never expires.
  So, I take the box to my site, nuke it, reinitialize it. When I enter the registration code, it says: 10 Client license. Never expires.
  So, which is it?

  in all of my G5 licenses, the third set of characters is always 010 for 10 client licenses, and 000 for unlimiteds.
  eg. XXXX-XXX-010-... for a 10 and XXXX-XXX-000-... for unlimited.
  I've noticed that the server needs to be rebooted for the change to take place, even though the Server Admin may report the correct number of allowed clients.

• Can't get the proxy authentication work over SSL from weblogic 8.1

  I'm trying to make a HTTPS connection through proxy server, and I get a 407 proxy authentication exception. I can succesfully connect from a stand-alone program, but I can't do it from a web application deployed on weblogic 8.1.
  I implemented weblogic.common.ProxyAuthenticator, and here's my implementation methods-
  public void init(String host, int port, String auth,
  String loginPrompt) {
  public String[] getLoginAndPassword() {
  String[] login = new String[2];
  login[0] = "test";
  login[1] = "test123";
  return login;
  And, in my code where I make the connection, I'm setting the following-
  System.setProperty(
  "weblogic.net.proxyAuthenticatorClassName",
  "test.client.MyProxyAuthenticator");
  Can anyone help, what the problem could be? I provided dummy implementation for init() method and I'm not sure what to provide there.
  Thanks in advance<pre></pre>

  I moved the system property setting into startWeblogic.sh (using -D...) and it works.

• FTP over SSL connectivity in File Adapter

  Hi All,
    I request your suggestion on my problem.  I have a scenario idoc to file where I am connecting to my vendor server throught SFTP (Ftp over SSL).  In this my vendor specifically told that to obtain secure FTP connectivity to their server they require a pre-approved Secure FTP client be used to access the service.
  So as per this requirement first our XI server need to coneect to the pre-approved client and the connectivity will happen to the vender server.  He list the pre-approved client as below
  *Cleo Lexicom 2.1
  *TrailBlazer ZMOD FTP Client V3R1 PTF Level PFT3100034
  *QualEDI for Windows, 32-bit version
  *Ascential DataStage TX, Release 7.5
  *Future 3 - Advanced Communication Module Plus (ACM Plus)
  *eBridge FTPS Communicator for GXS version 5.3
  *Ipswitch Inc's WS_FTP Professional version 8.02.
  ·Robo-FTP version 3.2
  Please let me know will this be possible from our file adapter.  Currently as per this requirement we open up the port of XI server for SFTP connecvity but through this we can have host to host connection over SFTP and not sure whether we can connect to client software and from their to vendor sever.
  Kindly needful your suggestion/solution on this.
  Regards,
  Dhill

  Hi,
    Thank you,  Yes I have used FTPS only please find the below details given in the communication channel.
  <b>FTP Connection Parameters</b>
  Server: ServerName
  Port : 6366 (specified by vendor)
  Data connection : Passive
  Timeout(secs) : 65
  Connection Security: FTPS (FTP Using SSL/TLS) for Control and Data Connection
  Command Order: AUTH TLS, USER, PASS, PBSZ, PROT
  Keystore: service_ssl
  X-509 Certificate and Private Key: ssl-credentials
  User Name : Vendor user name
  Password: Vendor given password
  Connect Mode: Permanantly
  Transfer Mode: Text
  Maximum Concurrency: 1
  and also as per he list given by vendeor we can use *Ipswitch Inc's WS_FTP Professional version 8.02.
  <b>Note:</b> We have Deploying the SAP Java Cryptographic Toolkit and also CA certificate used to sign the server certificate added to the TrustedCAs keystore view.
  So If possible i request you to kindly provide the details how we need to specify the client software between our XI server and Vender server as you mentioned in your solution.
  Please let me know your mail id, i will forward the screenshot of my communication channel.
  Kindly appreciate your help on this.
  Regards,
  Dhill.

• Server admin could not connect to localhost

  Hi,
  the Problem I have is that I could not connect to the server at localhost. Server admin shows connection error.
  Maybe it is a problem with my certificate state. I have deleted the default one and have to recertificate my own one.
  Any ideas?

  Others have posted in the past that the SA or WGM has 'issues' when the default cert is blown away.
  Have you considered doing a clean install on another volume, then move the default from that install back into your current one? Just an idea before I've had my first coffee.

• AD Password Sync connector 9.1.1 With OIM 11g R2 - ERROR OVER SSL

  I have set up AD password sync with from AD to OIM 11G R2
  The password syncs from AD to OIM 11G R2 on non ssl port 389.
  But if fails on SSL Port 636.
  Errors in OIMMain.Log:_
  Debug [10/11/2012 10:49:34 AM] Inside ConnectToADSI
  Debug [10/11/2012 10:49:34 AM]
  ldap_connect failed with
  Debug [10/11/2012 10:49:34 AM] Server Down
  Debug [10/11/2012 10:49:34 AM]
  Steps Carried Out thus far:_
  AD is up and running.
  Configured AD Password Sync Connector on 636 and selected ssl.
  Created Certificate on OIM host, configured custom identity key store on weblogic. Restarted Weblogic.
  Imported Certificate to AD. After this, restarted the AD
  I can Telnet port 636 from OIM Box and also connect to AD through LDAP Browser on 636 and view OU and CN, so this seems fine.
  Provisioning from OIM through Connector Server to AD works over SSL and this works fine.
  Help would be appreciated.
  Many Thanks

  This question is now been fixed.
  Instead of explicitly stating 636 for SSL,
  Use the same port 389 for ssl and also configured oim port to be 140001 which is the ssl port for oim in the configuration of OIM Password Sync.
  Export Certificates from AD to java security keystore and to weblogic keystore
  Export .pem certificate created on OIM host machine to AD.
  Restart weblogic, oim and AD
  Everything would work fine.
  For all the other information, refer to doc.
  Thanks

• Server admin doesn't display info

  I'm experiencing slow network logons for our 10.6.8 Mac Mini server (circa 2009). 
  I can't get server admin to display any info - the fields are blank - both logged on locally and remotely. 
  I looked in some logs, but don't know which ones are useful as a starting point for this issue.
  Can you help point me in the right direction?
  Thanks

  Do you get any errors or indications that changes are required when issuing the following (non-destructive, informational) Terminal.app command?
  sudo changeip -checkhostname
  Is the domain a real and registered domain, or is it a ".local" domain?
  Is the configured server at a static IP address?  (Either a static address on a private LAN, or a public static address.)
  Is there exactly one DNS server or one pool of DNS servers, and is that DNS server or pool local?  (Are there any references to other non-local-LAN DNS servers?)
  Logs?  Assuming the server isn't all that busy when you test, launch Console.app, start your connection test with the Server Tools, and look at the aggregate log display for errors.  (If it's busier box and can't be quiesced for testing, then yes, you can have to drill down into individual logs, or grep -R the /var/log directory for server or such...)  But without knowing what (else) is wrong, it's difficult to predict.

• "Settings" has disappeared in Server Admin

  After upgrading both of my Xserve G4's from OS X Server 10.4.8 to 10.4.9, I noticed when Server Admin is connected to one of the servers, the "Settings" button when you select the server does not appear. I also don't get information back about the system version, computer name, system start time, etc. The rest of Server Admin appears to work correctly, though. I was wondering if anyone else had this problem.
  Regardless of which system I run Server Admin from, when I select the "working" server in Server Admin I see tabs for Overview / Logs / System / Graphs / Update / Settings, for the "unhealthy" server I only see tabs for Overview / Logs / System / Graphs / Update. In addition, no valid information is shown in the Overview tab (as shown below).
  Luckily, I do have a workaround. Although the Server Admin GUI doesn't appear to be functioning correctly, the serveradmin CLI tool works fine. I'm wondering what the 10.4.9 update might have clobbered. Disk Verify / Repair Permissions haven't turned up any problems.
  HEALTHY Overview:
  System Version: Mac OS X 10.4.9 (Build 8P135)
  Server Version: Mac OS X Server 10.4.9 (Build 8P135)
  Computer Name: xxxx
  Local Hostname: xxxx.local
  Default AppleTalk Zone: Unspecified
  License Type: Unlimited-client license
  System Start Time: Sunday April 1, 2007 9:51:12 AM America/Phoenix
  UNHEALTHY Overview:
  System Version: Not available
  Server Version: Not available
  Computer Name: Not available
  Local Hostname: Not available
  Default AppleTalk Zone: Not available
  License Type: Not available
  System Start Time: Date and time not available

  Yes, in many cases you can still use commands via the Terminal, see Apple's Command-Line Administration guide
  http://www.apple.com/server/documentation/
  I would look through your logs. If you launch /Applications/Utilities/Console , it should open the last log written to.
  See about enabling the debugging menu in Server Admin. Quit out of SA, and in the Terminal enter:
  defaults write com.apple.serveradmin UseDebugMenu YES

• Active AFP Connections over CLI

  Hi All,
  I'm trying to query our OS X 10.6 server for currently connected AFP users using the CLI and I'm unsure of how to go about it.
  I would like a response similar to the list in the Server Admin --> AFP --> Connections GUI
  Thanks for any information
  Stewart

  I have solved this myself and used egrep to get the output I desired:
  serveradmin command afp:command = getConnectedUsers | egrep '(name)' | cut -d '"' -f 2
  Hope this helps
  Stewart