GWIA and secure SSL
Can GWIA be configured to allow both SSL smtp and regular SMTP at the same time? Thanks.
* Mary Beth Yandrasitz wrote, On 01/10/2012 01:34 PM:
> Can GWIA be configured to allow both SSL smtp and regular SMTP at the same time?
> Thanks.
Duplicate, see my reply in the other thread (Secure SMTP configuration)
Uwe
Novell Knowledge Partner (NKP)
Please don't send me support related e-mail unless I ask you to do so.
Similar Messages
-
Mail Application and Secure SSL Connection
I am having a problem sending mail using Secure SMTP. Does anyone know if Mail can support using SSL over an alternate port rather than TLS? Downloading messages is fine over secure imap. Many thanks in advance. Ian
iMac G5 1.6Ghz Mac OS X (10.4.8)Mail doesn’t support SSL on non-standard ports. Check the following thread for more information on this:
Mail doesn't use SSL on non standard ports? -
Cisco ASA 5505 and comodo SSL certificate
Hey All,
I am having an issue with setting up the SSL certificate piece of the Cisco AnyConnect VPN. I purchased the certificate and installed it via the ASDM under Configuration > Remote Access VPN > Certificate Management > Identity Certificates. I also placed the CA 2 piece under the CA Certificates. I have http redirect to https and under my browser it is green.
Once the AnyConnect client installs and automatically connects i get no errors or anything. The minute I disconnect and try to reconnect again, I get the "Untrusted VPN Server Certificate!" which isn't true because the connection information is https://vpn.mydomain.com and the SSL Cert is setup as vpn.mydomain.com.
On that note it lists the IP address instead of the vpn.mydomain.com as the untrusted piece of this. Now obviously I don't have the IP address as part of the SSL cert, just the web address. On the web side I have an A record setup to go from vpn.mydomain.com to the IP address of the Cisco ASA.
What am I missing here? I can post config if anyone needs it.
(My Version of ASA Software is 9.0 (2) and ASDM Version 7.1 (2))It's AnyConnect version 3.0. I don't know about the EKU piece. I didn't know that was required. I will attach my config.
ASA Version 9.0(2)
hostname MyDomain-firewall-1
domain-name MyDomain.com
enable password omitted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd omitted
names
name 10.0.0.13.1 MyDomain-Inside description MyDomain Inside
name 10.200.0.0 MyDomain_New_IP description MyDomain_New
name 10.100.0.0 MyDomain-Old description Inside_Old
name XXX.XXX.XX.XX Provider description Provider_Wireless
name 10.0.13.2 Cisco_ASA_5505 description Cisco ASA 5505
name 192.168.204.0 Outside_Wireless description Outside Wireless for Guests
ip local pool MyDomain-Employee-Pool 192.168.208.1-192.168.208.254 mask 255.255.255.0
ip local pool MyDomain-Vendor-Pool 192.168.209.1-192.168.209.254 mask 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address Cisco_ASA_5505 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address Provider 255.255.255.252
boot system disk0:/asa902-k8.bin
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns domain-lookup inside
dns server-group DefaultDNS
name-server 10.0.3.21
domain-name MyDomain.com
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network MyDomain-Employee
subnet 192.168.208.0 255.255.255.0
description MyDomain-Employee
object-group network Inside-all
description All Networks
network-object MyDomain-Old 255.255.254.0
network-object MyDomain_New_IP 255.255.192.0
network-object host MyDomain-Inside
access-list inside_access_in extended permit ip any4 any4
access-list split-tunnel standard permit host 10.0.13.1
pager lines 24
logging enable
logging buffered errors
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-712.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static Inside-all Inside-all destination static RVP-Employee RVP-Employee no-proxy-arp route-lookup
object network obj_any
nat (inside,outside) dynamic interface
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 XXX.XXX.XX.XX 1
route inside MyDomain-Old 255.255.254.0 MyDomain-Inside 1
route inside MyDomain_New_IP 255.255.192.0 MyDomain-Inside 1
route inside Outside_Wireless 255.255.255.0 MyDomain-Inside 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
action terminate
dynamic-access-policy-record "Network Access Policy Allow VPN"
description "Must have the Network Access Policy Enabled to get VPN access"
aaa-server LDAP_Group protocol ldap
aaa-server LDAP_Group (inside) host 10.0.3.21
ldap-base-dn ou=MyDomain,dc=MyDomainnet,dc=local
ldap-group-base-dn ou=MyDomain,dc=MyDomainnet,dc=local
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn cn=Cisco VPN,ou=Special User Accounts,ou=MyDomain,dc=MyDomainNET,dc=local
server-type microsoft
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http MyDomain_New_IP 255.255.192.0 inside
http redirect outside 80
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint LOCAL-CA-SERVER
keypair LOCAL-CA-SERVER
no validation-usage
no accept-subordinates
no id-cert-issuer
crl configure
crypto ca trustpoint VPN
enrollment terminal
fqdn vpn.mydomain.com
subject-name CN=vpn.mydomain.com,OU=IT
keypair vpn.mydomain.com
crl configure
crypto ca trustpoint ASDM_TrustPoint1
enrollment terminal
crl configure
crypto ca trustpool policy
crypto ca server
shutdown
crypto ca certificate chain LOCAL-CA-SERVER
certificate ca 01
omitted
quit
crypto ca certificate chain VPN
certificate
omitted
quit
crypto ca certificate chain ASDM_TrustPoint1
certificate ca
omitted
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside client-services port 443
crypto ikev2 remote-access trustpoint VPN
telnet timeout 5
ssh MyDomain_New_IP 255.255.192.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
dynamic-filter updater-client enable
dynamic-filter use-database
dynamic-filter enable
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1 rc4-md5 des-sha1
ssl trust-point VPN outside
webvpn
enable outside
anyconnect-essentials
anyconnect image disk0:/anyconnect-macosx-i386-2.4.1012-k9.pkg 3
anyconnect image disk0:/anyconnect-linux-2.4.1012-k9.pkg 4
anyconnect image disk0:/anyconnect-win-3.1.01065-k9.pkg 5
anyconnect profiles MyDomain-employee disk0:/MyDomain-employee.xml
anyconnect enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
dns-server value 10.0.3.21
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client
default-domain value MyDomain.com
group-policy MyDomain-Employee internal
group-policy MyDomain-Employee attributes
wins-server none
dns-server value 10.0.3.21
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split-tunnel
default-domain value MyDomain.com
webvpn
anyconnect profiles value MyDomain-employee type user
username MyDomainadmin password omitted encrypted privilege 15
tunnel-group MyDomain-Employee type remote-access
tunnel-group MyDomain-Employee general-attributes
address-pool MyDomain-Employee-Pool
authentication-server-group LDAP_Group LOCAL
default-group-policy MyDomain-Employee
tunnel-group MyDomain-Employee webvpn-attributes
group-alias MyDomain-Employee enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:1c7e3d7ff324e4fd7567aa21a96a8b22
: end
asdm image disk0:/asdm-712.bin
asdm location MyDomain_New_IP 255.255.192.0 inside
asdm location MyDomain-Inside 255.255.255.255 inside
asdm location MyDomain-Old 255.255.254.0 inside
no asdm history enable -
Iaik.security.ssl.SSLCertificateException - the mother of all errors
Hi,
We're experiencing this error:
Error occurred while connecting to the FTP server "whatever:whichever": iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
when connecting to the FTPS server.
What was done by the teams:
1) Every single certification was checked, there is pretty much no way this is a certificate problem
2) Nothing was changed in the systems, this is an overnight error than kept persisting
3) We restarted both involved servers, this keeps on bugging us
4) No relevant traces are in SMICM, ST11, ST22, SM21, anywhere
5) NOTHING was changed on any of the two servers.
6) In addition, also the development PI server tries to connect to the same FTPS server and the same error appears.
This is an overnight problem that just didn't disappear whatever we did.
From my experience with this precise error which I can say it is now of more than a year is that it kept popping up in our system and it was triggered from causes as vast as some FTPs processes hanging on the FTPS server requiring restart, to filling the space on the server, not updated DNS cache on the PI server, you name it.
I'm really amazed the amount of times this error pops up in the CC monitor and the cause is everything else BUT a certification issue.
Do you have any idea worth sharing on why this might happen out of the blue?
Best regards,
GeorgeHi George,
I have a similar issue here and have tried out all the possible options.
1) Imported certificate into Trusted CA's from a server where the connectivity is working fine.
2)Restarted the Java stack.
You Mentioned about FTPS server. Can you please confirm where else do we need to import the certificate? -
File Adapter FTPS: Error - iaik.security.ssl.SSLException
I'm trying to use FTPS to communicate from XI ( SP 15 ) . FTPS system Admin provided CA Certificate and we installed same in key Storage as trusted CAs.
However when I try to send file It was throwing message " Error: Message processing failed: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: illegal parameter " In the Adapter Monitoring .
However same Certificates installed on recent versions of XI ( PI 7.0) works just fine.
Any ideas will be appreciated.Hi S T,
Check these..
Details for 'Is Web service security available?'
HTTPS Error
All the best!
cheers,
Prashanth
P.S Please mark helpful answers -
Error:iaik.security.ssl.SSLCertificateException: Peer certificate rejected
Hi,
I am getting error com.sap.engine.interfaces.messaging.api.exception.MessagingException:
iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
When i test for digital signing and encryption using soap receiver CC
we passed all the values for soap CC
Created key store view and in that view I have generated private certificate and generated CSR using SAP CA(test ssl for 8 weeks) for the private key and also imported public key for encryption given by reciver
When i test i get the error message
I check certificates validity dates
I restarted java engine and ICM
I added the public key in trusted CA in NWA
I re created the view and added the certifcates
still the same error
how and where to check to check IAIK in NWA and how to deploy it in java engine using NWA, we are using PI7.11 (no VA)
any suggestions?Hi,
The main causes for this kind of problem are:
1. The correct server certificate could not be present in the TrustedCA keystore view of NWA. Please ensure you have done all the steps described in the URL below:
Security Configuration at Message Level
http://help.sap.com/saphelp_nwpi71/helpdata/EN/ea/c91141e109ef6fe1000000
0a1550b0/frameset.htm
2. The server certificate chain contains expired certificate. Check for it and if it's the case renew it or extend the validation.
3. The certificate chain was not in correct order. Basically the server certificate chain should be in order
Own->Intermedite->Root. To explain in detail, if your server certificate is A which is issued by an intermediate CA B and then B's certificate is issued by the C which is the root CA (having a self signed certificate).
Then your certificate chain contains 3 elements A->B->C. So you need to have the right order of certificate in the chain. If the order is B first followed by A followed by C, then the IAIK library used by PI cannot verify the server as trusted. Generate the certificate in the right order and then import this certificate in the TrustedCA keystore view and try again.
4. If the end point of the SOAP Call(Server) is configured to accept a client certificate(mandatory), then make sure that it is configured correctly in the SOAP channel and it is also within validity period.
(This certificate is the one which is sent to Server for Client authentication)
As a resource, you may need to create a new SSL Server key.
The requirement from SAP SSL client side is that the requested site has to have certificate with CN equal to the requested site. I mean if I request URL X then the CN must be CN=X.
In other words, the CN of the certificate has to be equal to the URL in the ftp request. This can be the IP address or the full name of the host.
Request the url with the IP of the SSL Server and the certificate to be with CN = IP of the server.
In any other case the SSL communication will not work.
Regards,
Caio Cagnani -
Hello
i have a little question about the jax rpc and security stuff
i have a webservice running
once over http://localhost:8080/appl/service
and over ssl too http://localhost:8443/appl/service
i am starting the server and then the client is generating static stubs over the ...8080/appl/ws/service?WSDL
is it possible to let the client application generate the stubs over the https port?
or do i have to secure the files on port 8080 via authentication then let the ClientDeveloper download the wsdl-files and let him then create the stubs with a local copy of the wsdls?
Any sugestions?
Thx for any Ideas
Michael / AdrawMichael / Adraw,
Sorry for piggybacking on your request but I see you have your web service running on over SSL. When I tried that with the jwsdp 1.3 I am unable to browse pages over SSL with netscape and I can not connect with a client web services application (written in java).
Are you able to do this with jwsdp 1.3??
Brian Mason
[email protected] -
Weblogic.security.SSL.ignoreHostnameVerification
Hello,
I'm trying to do a jaxws client from a webservice over https, but I'm getting this error:
javax.xml.ws.WebServiceException: javax.net.ssl.SSLKeyException: [Security:090504]Certificate chain received from www.tjrs.jus.br - 200.198.149.50 failed hostname verification check. Certificate contained www.tjrs.jus.br but check expected www.tjrs.jus.br
My first question is: why would "www.tjrs.jus.br" be different that "www.tjrs.jus.br"? :)
I know I can set weblogic.security.SSL.ignoreHostnameVerification=true to avoid error above and here comes my second question: is it safe doing this for a production environment?
I appreciate any help.
Thanks,
Mauricio1st question:
This sounds very similar:
http://improbablecode.blogspot.com/2010/01/security090504-weblogic-hostname.html
2nd question:
It will always increase your security risk if you disable hostname verification. Depends on whether you're comfortable with not being able to detect host name mismatches -
Unexpected Exception Error :Netbeans remote project on dev using secure SSL
I created the remote project for the Dev envirnment to debug the workflow activity,
I can set the identity manager external instance for this dev envirnment even while doing that
need to click the check box for secure connection other wise will get the error for connection,
Now when connection is set, and I tried to start the debuger on dev, I am getting the unexpected exception error,
Is this error is because of Dev envirnment is secure SSL, Can I still run the debugger on this dev envirment.
Thanks,Don't multipost and don't use the browser's back button to edit your posts as that creates multiple postings. I've removed the other thread you started with the same questio.
Also, don't post to long dead threads. I've blocked your post and locked the thread you resurrected.
db -
Bug in weblogic 8.1 SP6 at weblogic.security.SSL.SSLCertificate.verify()
Hi, I got an java.lang.NullPointerException
at weblogic.security.SSL.SSLCertificate.verify(SSLCertificate.java:235)
at weblogic.security.SSL.SSLCertificate.input(SSLCertificate.java:116)
at weblogic.security.SSL.Handshake.input(Handshake.java:121)
at weblogic.security.SSL.SSLSocket.getHandshake(SSLSocket.java:1117)
at weblogic.security.SSL.SSLSocket.clientInit(SSLSocket.java:432)
at weblogic.security.SSL.SSLSocket.initialize(SSLSocket.java:276)
at weblogic.security.SSL.SSLSocket.<init>(SSLSocket.java:222)
at weblogic.security.SSL.SSLSocketFactory.createSocket(SSLSocketFactory.java:213)
at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:238)
at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:389)
at weblogic.net.http.HttpsClient.<init>(HttpsClient.java:209)
at weblogic.net.http.HttpClient.New(HttpClient.java:228)
at weblogic.net.http.HttpsURLConnection.getHttpClient(HttpsURLConnection.java:246)
at weblogic.net.http.HttpsURLConnection.connect(HttpsURLConnection.java:217)
at weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:189)
when a small piece of code running in weblogic 8.1 SP6 and trying to make url connection to a https server.
I have verified that the runtime environment has the cacerts file including the CA ( issuer for the server certificate for the server the code was trying to connect to ).
I wonder that anybody has the same problem. Or you can give a hint how to fix it.
Thank you.Sorry, i saw the forum about your problem in BEA 8.1 SP 6 about a
weblogic.security.SSL.SSLCertificate.verify(SSLCertificate.java:235)
error and you said that bea sent a path named CR295205_810sp6.jar.
I have the same problem
Do you have this patch?
Could you send it to me?
my email address is
[email protected] -
What -Dweblogic.security.SSL.nojce parameter does?
Hello,
I had some issue regarding Cipher initialization :
java.security.InvalidKeyException: Illegal key size
at javax.crypto.Cipher.a(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at com.certicom.tls.provider.Cipher.init(Unknown Source)
at com.certicom.tls.ciphersuite.SecurityParameters.createWriteCipher(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.changeCipherSpec(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at java.io.FilterOutputStream.flush(Unknown Source)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:947)
and it seem that the solution is to start weblogic using "-Dweblogic.security.SSL.nojce = true ".
I've tried to find out what this parameter exactly does, but I couldn't find any relevant documentation.
Can you please try to explain what exactly does and what is the impact on my application if I use "-Dweblogic.security.SSL.nojce parameter = true "? From my understanding it disables default jdk jce , but what is using instead? Some weblogic security provider?
Thanks in advance
Edited by: 871158 on Jul 8, 2011 12:08 AMapart from the official documentation
http://download.oracle.com/docs/cd/E14571_01/web.1111/e13707/ssl.htm
I found the nojce parameter mentioned here
http://ofmwsoa11g.blogspot.com/p/securing-weblogic-with-ssl.html
"When starting a WebLogic Server instance, you can specify the command line argument -Dweblogic.security.SSL.nojce=true to use a FIPS-compliant (FIPS 140-2) crypto module in the server's SSL implementation. FIPS 140-2 is a standard that describes U.S. Federal government requirements for sensitive, but unclassified use."
but definitely you need a Security Specialist (I am just a GP, general practitioner) on this one.... -
After installing the notified update I am unable to send e-mails (using Outlook Express on Windows XP) as my system is now thought to be Unsecure. (I receive a message saying "... Secure(SSL): No, Error Number: 0x800CCC0F") Everything was working fine immediately before I installed the update. Can anyone (pleeeease) tell me where Flash has changed my security settings as I have looked at the setup, but everything looks okay. Thankyou!
Branching this to a new discussion as it appear you are facing difficulties with the installation or running the programs you have been downloading and installing.
-
WLS81sp6 and webservices ssl issues ?
Hi,
We have a simple webservice(via clientgen) that makes calls to a third party ssl based webservice. Under WLS8.1sp4+CRs it worked. We upgraded to 8.1sp6 and it has stopped working. The http portion works, the https portion takes a real long time. We have opened a ticket(70892) with BEA, but have not gotten any solutions. Our only choice is to roll back to 8.1sp4 or switch to JBoss 3.2.3
Is the log we see the following...
HANDSHAKEMESSAGE: Certificate>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Cannot complete the certificate chain: No trusted cert found>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHelloDone>
We have the following options added:
-Dweblogic.webservice.client.ssl.strictcertchecking=false
-Dweblogic.security.SSL.enforceConstraints=false
-Dweblogic.security.SSL.ignoreHostnameVerification=true
-Dweblogic.security.SSL.verbose=true
-Dweblogic.StdoutDebugEnabled=true
-Dssl.debug=true
The JDK we use is in c:\bea\jdk142_11\
Here is the full log
start - weblogic
<Mar 19, 2007 8:52:21 PM EDT> <Debug> <TLS> <000000> <SSL/Domestic license found>
<Mar 19, 2007 8:52:22 PM EDT> <Debug> <TLS> <000000> <Not in server, Certicom SSL license found>
<Mar 19, 2007 8:52:22 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacSHA1>
<Mar 19, 2007 8:52:22 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacSHA1>
<Mar 19, 2007 8:52:22 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacMD5>
<Mar 19, 2007 8:52:22 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacMD5>
<Mar 19, 2007 8:52:22 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE KeyAgreement: SunJCE version 1.42 for algorithm DiffieHellman>
<Mar 19, 2007 8:52:22 PM EDT> <Debug> <TLS> <000000> <Will use default KeyAgreement for algorithm DiffieHellman>
<Mar 19, 2007 8:52:22 PM EDT> <Debug> <TLS> <000000> <Will use default KeyAgreement for algorithm ECDH>
<Mar 19, 2007 8:52:22 PM EDT> <Debug> <TLS> <000000> <Using JCE Cipher: SunJCE version 1.42 for algorithm DESede/CBC/NoPadding>
<Mar 19, 2007 8:52:22 PM EDT> <Debug> <TLS> <000000> <Using JCE Cipher: SunJCE version 1.42 for algorithm DES/CBC/NoPadding>
<Mar 19, 2007 8:52:22 PM EDT> <Debug> <TLS> <000000> <Using JCE Cipher: SunJCE version 1.42 for algorithm AES/CBC/NoPadding>
<Mar 19, 2007 8:52:22 PM EDT> <Debug> <TLS> <000000> <Will use default Cipher for algorithm RC4>
<Mar 19, 2007 8:52:22 PM EDT> <Debug> <TLS> <000000> <Will use default Cipher for algorithm RSA/ECB/PKCS1Padding>
<Mar 19, 2007 8:52:23 PM EDT> <Debug> <TLS> <000000> <Will use default Cipher for algorithm RSA/ECB/NoPadding>
<Mar 19, 2007 8:52:23 PM EDT> <Debug> <TLS> <000000> <SSL Session TTL :90000>
<Mar 19, 2007 8:52:23 PM EDT> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
<Mar 19, 2007 8:52:23 PM EDT> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 20983130>
<Mar 19, 2007 8:52:23 PM EDT> <Debug> <TLS> <000000> <SSLSocket will NOT be Muxing>
<Mar 19, 2007 8:52:23 PM EDT> <Debug> <TLS> <000000> <write SSL_20_RECORD>
<Mar 19, 2007 8:52:23 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:23 PM EDT> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 19, 2007 8:52:23 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <798740 SSL3/TLS MAC>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <798740 received HANDSHAKE>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHello>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Certificate>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Cannot complete the certificate chain: No trusted cert found>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHelloDone>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm MD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Cipher for algorithm RC4>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Cipher for algorithm RSA/ECB/PKCS1Padding>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 134>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Cipher for algorithm RC4>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HMACMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HMACMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 16>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <798740 SSL3/TLS MAC>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <798740 received CHANGE_CIPHER_SPEC>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Cipher for algorithm RC4>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HMACMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HMACMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <798740 SSL3/TLS MAC>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <798740 received HANDSHAKE>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Finished>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 38>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 26>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 37>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 62>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 2>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read(offset=0, length=2048)>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <798740 SSL3/TLS MAC>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <798740 received APPLICATION_DATA: databufferLen 0, contentLength 16384>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read databufferLen 16384>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read B returns 2048>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <avalable(): 17818297 : 14336 + 2495 = 16831>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read(offset=1798, length=6394)>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read databufferLen 14336>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read B returns 6394>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read(offset=0, length=8192)>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read databufferLen 7942>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read A returns 7942>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <avalable(): 17818297 : 0 + 4210 = 4210>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read(offset=0, length=2048)>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <798740 SSL3/TLS MAC>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <798740 received APPLICATION_DATA: databufferLen 0, contentLength 4189>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read databufferLen 4189>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read B returns 2048>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <avalable(): 17818297 : 2141 + 0 = 2141>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read(offset=1798, length=6394)>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read databufferLen 2141>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read A returns 2141>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <avalable(): 17818297 : 0 + 0 = 0>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <NEW ALERT with Severity: WARNING, Type: 0
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)
at com.certicom.net.ssl.internal.HttpClient.closeServer(Unknown Source)
at com.certicom.net.ssl.internal.HttpURLConnection.disconnect(Unknown Source)
at weblogic.webservice.client.https.HttpsURLConnection.disconnect(HttpsURLConnection.java:213)
at weblogic.webservice.tools.wsdlp.DefinitionFactory.cleanUpConnection(DefinitionFactory.java:313)
at weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(DefinitionFactory.java:183)
at weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:76)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:108)
at weblogic.webservice.core.rpc.ServiceImpl.<init>(ServiceImpl.java:91)
at com.mckesson.hef.webservice.cardiology.weblogic.GetUrlService_Impl.<init>(GetUrlService_Impl.java:22)
at com.mckesson.hef.webservice.cardiology.weblogic.Demo.main(Demo.java:29)
>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write ALERT, offset = 0, length = 2>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read(offset=0, length=1)>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLIOContextTable.removeContext(ctx): 20983130>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 readRecord returned -1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLIOContextTable.removeContext(ctx): 20983130>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 23664622>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLSocket will NOT be Muxing>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write SSL_20_RECORD>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <30708295 SSL3/TLS MAC>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <30708295 received HANDSHAKE>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHello>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Certificate>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Cannot complete the certificate chain: No trusted cert found>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHelloDone>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm MD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Cipher for algorithm RC4>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Cipher for algorithm RSA/ECB/PKCS1Padding>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 134>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Cipher for algorithm RC4>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HMACMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HMACMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 16>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <30708295 SSL3/TLS MAC>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <30708295 received CHANGE_CIPHER_SPEC>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Cipher for algorithm RC4>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HMACMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HMACMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <30708295 SSL3/TLS MAC>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <30708295 received HANDSHAKE>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Finished>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 214>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 407>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <30463067 read(offset=0, length=256)>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:25 PM EDT> <Debug> <TLS> <000000> <30708295 SSL3/TLS MAC>
<Mar 19, 2007 8:52:25 PM EDT> <Debug> <TLS> <000000> <30708295 received APPLICATION_DATA: databufferLen 0, contentLength 695>
<Mar 19, 2007 8:52:25 PM EDT> <Debug> <TLS> <000000> <30463067 read databufferLen 695>
<Mar 19, 2007 8:52:25 PM EDT> <Debug> <TLS> <000000> <30463067 read B returns 256>
<Mar 19, 2007 8:52:25 PM EDT> <Debug> <TLS> <000000> <avalable(): 30463067 : 439 + 0 = 439>
<Mar 19, 2007 8:52:25 PM EDT> <Debug> <TLS> <000000> <30463067 read(offset=256, length=439)>
<Mar 19, 2007 8:52:25 PM EDT> <Debug> <TLS> <000000> <30463067 read databufferLen 439>
<Mar 19, 2007 8:52:25 PM EDT> <Debug> <TLS> <000000> <30463067 read B returns 439>
<Mar 19, 2007 8:52:25 PM EDT> <Debug> <TLS> <000000> <NEW ALERT with Severity: WARNING, Type: 0
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)
at weblogic.webservice.binding.https.HttpsBindingInfo.closeSharedSocket(HttpsBindingInfo.java:145)
at weblogic.webservice.binding.https.HttpsClientBinding.releaseSocket(HttpsClientBinding.java:75)
at weblogic.webservice.binding.soap.HttpClientBinding.receive(HttpClientBinding.java:295)
at weblogic.webservice.core.handler.ClientHandler.handleResponse(ClientHandler.java:63)
at weblogic.webservice.core.HandlerChainImpl.handleResponse(HandlerChainImpl.java:237)
at weblogic.webservice.core.ClientDispatcher.receive(ClientDispatcher.java:243)
at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:144)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:471)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:457)
at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:303)
at com.mckesson.hef.webservice.cardiology.weblogic.GetUrlServiceSoap_Stub.DoesPatientHaveStudiesWithImages(GetUrlServiceSoap_Stub.java:140)
at com.mckesson.hef.webservice.cardiology.weblogic.GetUrlServiceSoap_Stub.DoesPatientHaveStudiesWithImages(GetUrlServiceSoap_Stub.java:161)
at com.mckesson.hef.webservice.cardiology.weblogic.Demo.main(Demo.java:34)
>
<Mar 19, 2007 8:52:25 PM EDT> <Debug> <TLS> <000000> <write ALERT, offset = 0, length = 2>
<Mar 19, 2007 8:52:25 PM EDT> <Debug> <TLS> <000000> <30463067 read(offset=0, length=1)>
<Mar 19, 2007 8:52:25 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:25 PM EDT> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 19, 2007 8:52:25 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
Any suggestions ?Hi,
I am having an issue after our weblogic has been upgraded to SP6 from SP3. It's giving parse error saying it does not find the an attribute called "AdminPassword" in META-INF/application-config.xml file although it's available in this this file. Any idea if there is any limitation in SP6 which is causing this error while parsing this XML file?
Please let us know.
Here is the log:
<May 4, 2007 4:58:01 AM EDT> <Error> <Management> <BEA-400400> <Error while pars
ing Application businessinfo Configuration file META-INF/application-config.xml.
weblogic.management.configuration.ConfigurationException: Unknown MBean attribut
e while parsing META-INF/application-config.xml: MCNEILPORTAL:Application=busine
ssinfo,ApplicationConfiguration=businessinfo,Name=ConsumerSecurity,Type=Consumer
Security does not have attribute "AdminPassword".
at com.bea.p13n.management.internal.lifecycle.ConfigurationParser$Config
urationHandler.parseMBeanAttributes(ConfigurationParser.java:445)
at com.bea.p13n.management.internal.lifecycle.ConfigurationParser$Config
urationHandler.startElement(ConfigurationParser.java:275)
at weblogic.apache.xerces.parsers.AbstractSAXParser.startElement(Abstrac
tSAXParser.java:419)
at weblogic.apache.xerces.parsers.AbstractXMLDocumentParser.emptyElement
(AbstractXMLDocumentParser.java:221)
at weblogic.apache.xerces.impl.XMLNamespaceBinder.handleStartElement(XML
NamespaceBinder.java:874)
at weblogic.apache.xerces.impl.XMLNamespaceBinder.emptyElement(XMLNamesp
aceBinder.java:591)
at weblogic.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanStartE
lement(XMLDocumentFragmentScannerImpl.java:747)
at weblogic.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentCo
ntentDispatcher.dispatch(XMLDocumentFragmentScannerImpl.java:1477)
at weblogic.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocume
nt(XMLDocumentFragmentScannerImpl.java:329)
at weblogic.apache.xerces.parsers.DTDConfiguration.parse(DTDConfiguratio
n.java:525)
at weblogic.apache.xerces.parsers.DTDConfiguration.parse(DTDConfiguratio
n.java:581)
at weblogic.apache.xerces.parsers.XMLParser.parse(XMLParser.java:152)
at weblogic.apache.xerces.parsers.AbstractSAXParser.parse(AbstractSAXPar
ser.java:1175)
at com.bea.p13n.management.internal.lifecycle.ConfigurationParser.parse(
ConfigurationParser.java:124)
at weblogic.management.mbeans.custom.ApplicationConfiguration.doLoad(App
licationConfiguration.java:567)
Thanks
Regrads,
Ratan Das -
I am likely to begin working on a large e-commerce site soon and would like to get everything straight before I begin.
I have a reseller account on a virtual dedicated server at the hosting provider everyone loves to hate. Generally my modus operandi is to create a folder and point a subdomain to that folder so the client can see the site. Unless there are serious security issues or the need for a huge amount of server space, I leave the site in that folder and point to domain name to it when it is completed.
Does an e-commerce site need to be on a dedicated server as a matter of prinicple? If I use Cartweaver or VirtueMart and a payment gateway such as Paypal or Authorize.net, does it matter if the site is on a dedicated server behind SSL? Or can I simply leave it on my hosting account and put the Paypal Verified graphic on the site?
Or could I create a new virtual dedicated reseller account just for e-commerce sites? Or would an economy account suffice?
The issue of testing in one account and then moving to another is one I don't like. Do you have a way of testing and cloning the site?Hello Peavo,
A shared host is fine for e-commerce... But let me qualify this by adding - a shared host that KNOWS e-commerce and how to help you attain PCI certification, and - this is really an important one - offers very good, quick, support! If your revenue generating site is down you want help NOW, not a "call back" or an email a day or two from now. I echo the statement that you should avoid GoDaddy, more like run screaming in the other direction. They, and many cheap, super high volume hosts, are fine for run of the mill HTML sites or even the occasional WordPress blog, but for the complexities of and security required by an e-commerce site they are woefully inadequate.
All that being said, there are literally thousands of Cartweaver , and other e-commerce sites happily motoring along on quality shared hosts. So with some caution and having your homework done, there's no worries there. I can recommend GoWestHosing.com - very good smaller host that specializes in dynamic and e-commerce sites and knows all the ins and outs of PCI compliance.
If you expect to have an extremely high volume site, then looking into a VPS is not a bad idea, but truthfully, for most average shopping cart sites a quality shared hosting account will do, and cost significantly less. You could start out with a hosted account, then always migrate to a VPS if need be.
Here's a blog post about PCI that you may find helpful.
http://blog.cartweaver.com/?s=PCI
Hope this helps!
Lawrence Cramer - *Adobe Community Professional*
http://www.Cartweaver.com
PHP & ColdFusion Shopping Cart for Adobe Dreamweaver
Stay updated:
http://www.facebook.com/cartweaver
http://www.twitter.com/cartweaver
http://blog.cartweaver.com -
hi, I don't remember the answers for my security questions and I don't have "send an email to your rescue email address to reset your security questions and answers" when I select "Password and security" on my apple ID. What should I do?
Hi Roy,
Contact iTunes support:
https://getsupport.apple.com/GetproductgroupList.action
Select your country, complete the prompts.
Or you can contact them by email:
https://ssl.apple.com/emea/support/itunes/contact.html
They usually will get back to you via your regular email within 24 hours.
Cheers,
GB
Maybe you are looking for
-
Ive been struggling to get my trusty old HP Photosmart 1215 printer to work on my two Leopard machines. Ive tried every piece of hackery to get this thing to work, up until the point that I just gave up. I have reconciled with the fact that HP is not
-
Can I backup two iPhones to the same laptop and iTunes account?
Is it possible to backup and sync an iPhone 4 and an iPhone 3Gs to the same laptop and iTunes account? My wife and I both have iPhones. Her laptop just crashed, so we only have one laptop to use as a back up / sync now.
-
How do I unmute my mac book pro? I have been listening to netflix via head phones and that works fine. When I now try to listen without the head phones plugged in there is no sound. I look at the lower screen audio symble and it is not muted but the
-
The biggest annoying drawback of ZEN Nano P
I'm very disappointed after few months of using ZEN Nano Plus player. is that it don't display artist from ID3 tag, but only title from each track. I'm sure that this bug, is not a such big problem to fix in the firmware by the Creative Developers. B
-
Frequency Analysis on Adobe Audition CS5.5 for bioacoustics research
Hi everyone, In need of some help. I research whale/dolphin sounds, and have previously used Raven Pro for analysis. Ive found Adobe Audition produces a much better spectrogram (think it must be the FFT algorithm) and allows me to visualize a lot of