How to properly terminate SSL at Sun Proxy Server?

Hi:
Client is using Sun Proxy Server (4.0.x) as a reverse proxy to a host with Sun Application Server Enterprise Edition with Access Manager / Portal / Identity Manager deployed as J2EE apps.
For access through proxy with http, it is properly seen by AM as an http URL. But for access through proxy with https, it is seen by AM as an https URL.
My suspicion is that the Proxy Server is not properly configured to terminate SSL at the proxy. However, I do not have enough experience with Sun Proxy Server to confirm. Below is the configuration file.
Any ideas? My novice theory is that the multiple mapping rules are causing some sort of conflict. Perhaps the connect rule for port 443? All of the examples I have been able to find for mapping rules are from http to http or a local file, NOT https to http and vice-versa. Are these rules correct?
Any help is greatly appreciated!
Thanks,
Gerald
--- (start: obj.conf) --
# You can edit this file, but comments and formatting changes
# might be lost when the admin server makes changes.
Init fn="flex-init" access="$accesslog" format.access="%Ses->client.ip% - %Req->vars.auth-user% [%SYSDATE%] \"%Req->reqpb.clf-request%\" %Req->srvhdrs.clf-status% %Req->vars.p2c-cl% %Req->vars.remote-status% %Req->vars.r2p-cl% %Req->headers.content-length% %Req->vars.p2r-cl% %Req->vars.c2p-hl% %Req->vars.p2c-hl% %Req->vars.p2r-hl% %Req->vars.r2p-hl% %Req->vars.xfer-time%"
Init fn="init-proxy" timeout="300" timeout-2="15"
<Object name="default">
AuthTrans fn="match-browser" browser=".*MSIE.*" ssl-unclean-shutdown="true"
NameTrans fn="reverse-map" from="http://pcmdv2.client.net:5111/idm" to="https://offlinebusiness.client.net:25002/idm" rewrite-location="true" rewrite-content-location="true"
NameTrans fn="reverse-map" from="http://localhost:35007/deas" to="https://offlinebusiness.client.net:25002/deas" rewrite-location="true" rewrite-content-location="true"
NameTrans fn="reverse-map" from="http://pcmdv2.client.net:5111" to="https://offlinebusiness.client.net:25002" rewrite-location="true" rewrite-content-location="true"
NameTrans fn="map" from="https://offlinebusiness.client.net:25002" to="http://pcmdv2.client.net:5111" rewrite-host="true"
NameTrans fn="map" from="https://offlinebusiness.client.net:25002/deas" to="http://localhost:35007/deas" rewrite-host="true"
NameTrans fn="map" from="https://offlinebusiness.client.net:25002/idm" to="http://pcmdv2.client.net:5111/idm" rewrite-host="true"
NameTrans fn="map" from="/deas" to="http://localhost:35007/deas" rewrite-host="true"
NameTrans fn="map" from="/idm" to="http://pcmdv2.client.net:5111/idm" rewrite-host="true"
NameTrans fn="map" from="/" to="http://pcmdv2.client.net:5111" rewrite-host="true"
PathCheck fn="url-check"
ObjectType fn="forward-ip" hdr="Proxy-ip"
Service fn="deny-service"
AddLog fn="flex-log" name="access"
</Object>
<Object name="file">
PathCheck fn="unix-uri-clean"
PathCheck fn="find-index" index-names="index.html"
ObjectType fn="type-by-extension"
ObjectType fn="force-type" type="text/plain"
Service fn="send-file"
</Object>
<Object ppath="ftp://.*">
ObjectType fn="cache-enable" query-maxlen="10" log-report="off"
ObjectType fn="cache-setting" lm-factor="0.10" max-uncheck="7200"
Service fn="proxy-retrieve"
</Object>
<Object ppath="http://.*">
ObjectType fn="cache-enable" query-maxlen="10" log-report="off"
ObjectType fn="cache-setting" lm-factor="0.10" max-uncheck="7200"
Service fn="proxy-retrieve" method="*"
</Object>
<Object ppath="https://.*">
Service fn="proxy-retrieve"
</Object>
<Object ppath="gopher://.*">
ObjectType fn="cache-enable" query-maxlen="10" log-report="off"
ObjectType fn="cache-setting" lm-factor="0.10" max-uncheck="7200"
Service fn="proxy-retrieve"
</Object>
<Object ppath="connect://.*:443">
Service fn="connect" method="CONNECT"
</Object>
<Object ppath="connect://.*:563">
Service fn="connect" method="CONNECT"
</Object>
--- (end: obj.conf) --

Isn't there two overlapping rules? Perhaps that confuses the SWPS?
NameTrans fn="map" from="https://offlinebusiness.client.net:25002" to="http://pcmdv2.client.net:5111" rewrite-host="true"
NameTrans fn="reverse-map" from="http://pcmdv2.client.net:5111" to="https://offlinebusiness.client.net:25002" rewrite-location="true" rewrite-content-location="true"
and
NameTrans fn="map" from="https://offlinebusiness.client.net:25002/idm" to="http://pcmdv2.client.net:5111/idm" rewrite-host="true"
NameTrans fn="reverse-map" from="http://pcmdv2.client.net:5111/idm" to="https://offlinebusiness.client.net:25002/idm" rewrite-location="true" rewrite-content-location="true"
covers the same URLs

Similar Messages

How do you ALLOW SSL through 8080 Proxy set via the browser?

1) I installed Sun Proxy Server
2) Requested Verisign Certificate
3) Installed the Certificate
4) I enabled the Security to use the Certificate server-cert (Configure HTTP Client)
5) Set up the browser to use the proxy server and port 8080
6) I am unable to access our https:// application.
7) Now, the question is, how do I use it. The help procedures do not tell you how you use it. Using Etheral and it shows the following errors:
CONNECT w2k3-interop:8443 HTTP/1.0
Server: Sun-Java-System-Web-Proxy-Server/4.0.2
Date: Mon, 06 Mar 2006 22:46:03 GMT
Content-length: 194
Content-type: text/html
Connection: close
HTTP/1.1 403 Proxy denies fulfilling the request
Server: Sun-Java-System-Web-Proxy-Server/4.0.2
Proxy denies fulfilling the request
Your client is not allowed to access the requested object.
8) What I'm I missing?
9) What do I have to configure in order to get it working?

Try adding this line to your obj.conf.
what it does is to allow ssl traffic to 8443 port for any webserver.
<Object ppath="connect://.*:8443">
Service fn="connect" method="CONNECT"
</Object>

How to Non-ACC Client connect Sun App Server 8 with SSL

I have create a Rich Client(Non-ACC) that connect to Sun App Server 8 with IIOP(8001) and is working fine. However, when I try to connect to same server with using SSL (8002) and throw exception during lookup a Bean as below.
Please help!!
Server Configuration
================
IIOP Port(s): 8001, 8002, 8003
All listener ports are enabled
Client Coding
===========
env.put(javax.naming.Context.PROVIDER_URL, "iiop://"+url);
env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY,"com.sun.appserv.naming.S1ASCtxFactory");
System.setProperty("javax.net.ssl.keyStoreType", "jks");
System.setProperty("javax.net.ssl.keyStore", "D:\\Sun\\AppServer\\domains\\adsr\\config\\keystore.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "password");
System.setProperty("javax.net.ssl.trustStore", "D:\\Sun\\AppServer\\domains\\adsr\\config\\cacerts.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "password");
System.setProperty("com.sun.CORBA.connection.ORBSocketFactory", "com.sun.enterprise.iiop.IIOPSSLSocketFactory");
ic = new InitialContext(env);
Object objref = ic.lookup("ejb20/statelessSession/EntControllerHome");
Exception
========
[java] Mar 18, 2005 4:43:59 PM com.sun.corba.ee.spi.logging.LogWrapperBasedoLog
[java] INFO: "IOP00710299: (INTERNAL) Successfully created IIOP listener on the specified host/port: all interfaces/4645"
[java] Mar 18, 2005 4:44:00 PM com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl readFully
[java] WARNING: "IOP00410215: (COMM_FAILURE) Read of full message failed :
bytes requested = 12 bytes read = 7 max wait time = 300 total time spent waiting = 364"
[java] org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 215 completed: No
[java] at com.sun.corba.ee.impl.logging.ORBUtilSystemException.transportReadTimeoutExceeded(ORBUtilSystemException.java:2629)
[java] at com.sun.corba.ee.impl.logging.ORBUtilSystemException.transportReadTimeoutExceeded(ORBUtilSystemException.java:2655)
[java] at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.readFully(SocketOrChannelConnectionImpl.java:676)
[java] at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.read(SocketOrChannelConnectionImpl.java:545)
[java] at com.sun.corba.ee.impl.protocol.giopmsgheaders.MessageBase.readGIOPHeader(MessageBase.java:119)
[java] at com.sun.corba.ee.impl.transport.CorbaContactInfoBase.createMessageMediator(CorbaContactInfoBase.java:153)
[java] at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.readBits(SocketOrChannelConnectionImpl.java:325)
[java] at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.handleEvent(SocketOrChannelConnectionImpl.java:1175)
[java] at com.sun.corba.ee.impl.transport.SelectorImpl.run(SelectorImpl.java:275)
[java] javax.naming.CommunicationException: Can't find SerialContextProvider [Root exception is org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 208 c
ompleted: Maybe]
[java] at com.sun.enterprise.naming.SerialContext.getProvider(SerialContext.java:133)
[java] at com.sun.enterprise.naming.SerialContext.lookup(SerialContext.java:290)
[java] at javax.naming.InitialContext.lookup(InitialContext.java:347)
[java] at com.shkco.jaf.test.JAFLogonTest.connect(JAFLogonTest.java:110)
[java] at com.shkco.jaf.test.JAFLogonTest.setUp(JAFLogonTest.java:134)
[java] at junit.framework.TestCase.runBare(TestCase.java:125)
[java] at junit.framework.TestResult$1.protect(TestResult.java:106)
[java] at junit.framework.TestResult.runProtected(TestResult.java:124)

I don't think tomcat supports the ejb-ref portion of web.xml. If you're using ejbs your best bet is to use a web container within a J2EE implementation.
--ken

Unable to make SSL connection from Proxy Server to Directory Server

I have recently installed Directory Proxy Server 5.2 Patch 3 on Solaris 9 server. Backend directories are Sun Directory Server 5.2sp3 using Thawte signed certificates.
I can't get the Proxy Server to make a successful SSL connection to the Directory Servers. The proxy server can make the non-ssl connection without problem. When the Proxy Server attempts the SSL connection it gives SEC_ERROR_UNTRUSTED_ISSUER error. The SSL certificates on the Directory Servers are signed by Thawte and have just recently been updated. The certificate for the Proxy Server is also signed by Thawte. The CA certificate is loaded in both the Proxy Server and the Directory Server.
I also have an iPlanet Directory Access Router (iDAR) 5.0 Server that is our current production server that serves these same directories and I haven't had a problem with SSL connection with it. So, the certificates are good.
I've encluded an exerpt from the Proxy Server log below for one of SSL connection attempts.
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [STAT/CONN]    [   560
307] Connection from secured listen port. New connection is on socket 37.
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [STAT/CONN]    [   560
305] Number of open connections is 1.
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [STAT/CONN]    [   171
211] [client(         152.3.100.30, 37)] Accepting connection via dukenet-group
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE]       [   302
023] Failure with CERT_VerifyCertNow (checking signature, usage: "certUsageSSLSe
rver").
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE]       [   302
023] SEC_ERROR_BASE + 20, NSPR error: -8172 (0xffffe014). Native errno is: 11
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE]       [   385
729] Rejected certificate on socket 38
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE]       [   385
729] SEC_ERROR_BASE + 20, NSPR error: -8172 (0xffffe014). Native errno is: 11
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE]       [   385
728] Certificate rejected on socket 38
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE]       [   385
728] SEC_ERROR_BASE + 20, NSPR error: -8172 (0xffffe014). Native errno is: 11
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE]       [   385
721] Read on socket 38 failed.
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE]       [   385
721] SEC_ERROR_BASE + 20, NSPR error: -8172 (0xffffe014). Native errno is: 11
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [EXCEPTION]    [   301
006] Unexpected error on socket 38. (Error: -8172).
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE]       [   171
002] [client(         152.3.100.30, 37)] [server( 152.3.101.110+ 636, 38)] L
ost connection to server, trying to failover to another
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE]       [   302
023] Failure with CERT_VerifyCertNow (checking signature, usage: "certUsageSSLSe
rver").
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE]       [   302
023] SEC_ERROR_BASE + 20, NSPR error: -8172 (0xffffe014). Native errno is: 11
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE]       [   385
729] Rejected certificate on socket 38
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE]       [   385
729] SEC_ERROR_BASE + 20, NSPR error: -8172 (0xffffe014). Native errno is: 11
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE]       [   385
728] Certificate rejected on socket 38
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE]       [   385
728] SEC_ERROR_BASE + 20, NSPR error: -8172 (0xffffe014). Native errno is: 11
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [EXCEPTION]    [   385
717] ber_flush unexpected error on socket 38
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [EXCEPTION]    [   385
717] SEC_ERROR_BASE + 20, NSPR error: -8172 (0xffffe014). Native errno is: 11
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [EXCEPTION]    [   385
717] ber_flush unexpected error on socket 38
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [EXCEPTION]    [   385
717] NSPR error: -5938 (0xffffe8ce). Native errno is: 11
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE]       [   385
721] Read on socket 38 failed.
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE]       [   385
721] NSPR error: -5938 (0xffffe8ce). Native errno is: 11
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [EXCEPTION]    [   301
006] Unexpected error on socket 38. (Error: -5938).
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [NOTICE]       [   171
002] [client(         152.3.100.30, 37)] [server(    152.3.232.3+ 636, 38)] L
ost connection to server, trying to failover to another
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [EXCEPTION]    [   385
717] ber_flush unexpected error on socket 38
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [EXCEPTION]    [   385
717] NSPR error: -5938 (0xffffe8ce). Native errno is: 11
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [EXCEPTION]    [   190
102] [client(         152.3.100.30, 37)] Rejecting request The server is tempor
arily busy
Aug 30 2005 16:12:12 king.oit.duke.edu SunONEDPS[ 17471]: [OP/CONN]      [   170
904] [client(         152.3.100.30, 37)] [server( 152.3.101.110+ 636, 38)] C
onnection unbound by client

No, that was on 5.1. For 6.0, my classpath has just:
%JAVA_HOME%\lib\tools.jar;%WL_HOME%\lib\weblogic_sp.jar;%WL_HOME%\lib\weblogic.jar;
%CLASSPATH%
This works fine.

How to make udp datagram pass thru proxy server?

I have to make a video stream system. And I found that there are a lot of user is behind the firewall or proxy server, how should i do to make the udp streaming media pass thru the firewall or proxy????
does the https tunnel help?

Thanks for your advise, but does http tunnel only accept for the TCP problem? since my server will broadcast a stream of udp to the user, so how should i do that?

Firefox 3.6 won't load properly because of the error "Proxy server refusing connections".

I tried to download Firefox 3.6 but it wouldn't finish loading because of the message " Proxy server refusing connections". How do I over ride this problem? The last couple of days my firefox 3.5.2 has been crashing or locking up almost every time I opened it. It got so frustrating that I tried downloading 3.6 to see if it would work any better. No luck so far. Any help would be greatly appreciated. I run Windows 2000 XP.

Go to Tools --> Options --> Advanced --> Network --> Settings and choose "Do not use Proxy" to see if that helps.

ACE SSL initiation via Proxy server (squid)

Hi,
is it possible to configure ACE with SSL initiation if the connection goes via http/https proxy (squid) ?
I mean local host is requesting http://xyz.com, ACE doing SSL and requesting https://xyz.com, not directly but via http/https proxy server (squid).
Thanks

Hi Ryszard,
Yes, ACE can initiate SSL traffic and maintain SSL connection. So in SSL initiation ACE will act as a CLIENT receiving clear text HTTP traffic at the front end and sending traffic encrypted over the backend.
For more details please visit the below link and let me know if you have any questions.
http://www.cisco.com/c/en/us/td/docs/interfaces_modules/services_modules/ace/vA5_1_0/configuration/ssl/guide/sslgd/initiate.html#wp1010343
Regards,
Kanwal

How to connect my mac throgh a proxy server

Hello. At my university there is free wifi through a proxy (as i could understand but i'm not practical of those thinghs). My computer automatically connect with the wifi but then the browser doesn't automatically ( nor manually) connect to the login page but simply refer that i'm not connected at all.
I tried with safari, chrome and firefox and i tried all the possible setting. I'm quite in trouble for this hope someone could help me.
Thanks for your time

Sofia.fer,
open the Network pane of System Preferences, select Wi-Fi on the left-hand side, and then press the Advanced…button on the right-hand side. In the Wi-Fi window which appears, select the Proxies tab. Follow your university’s instructions on which protocol needs to be configured to connect to their proxy, and press the OK button.

Can somebody explain to me how JSP, servlets, ASP work within Sun's server

Ok, I'm only beginning to get a grip of how all this works. And I have a lot of questions and confusion.
1.) The server that comes with J2EE, what is that server? Is it an app server that runs only servlets and JSP, with some Web server stuff so it can output some info? Is it a stripped down version of TomCat? I am having a lot of trouble with the J2EE server (the one that comes with the SDK), and that is why I'm asking, maybe I don't need it. But I really want to learn JSP's, JScripts, and Beans. How else can I go about doing that, other than all out Tomcat.
2.) Also can I run Servlets on Microsft's IIS on a Windows 2000 machine? Do I need a special API to run servlets, or JSPs?
So how I see it, and again, I am a newbie at this. Machines that host a website, above all needs a web server. let's say most people use Apache, and they want to run it in Linux, becuase they want to be hackers. So then do they also run Tomcat, or IIS, or Coldfusion, or a million other servers in tandem on the same machine, so that they can handle ASP, JSPs, servlets, .cmf, etc.? or do they separate the app server from the webserver and then do some sort of linking? if somebody can direct me to how all this stuff works, I would greatly greatly appreciate it.

Sounds like you need to read the J2EE spec as well as
the servlet and JSP specs. It helps to glance through
sections you are interested in.
Ok, I'm only beginning to get a grip of how all this
works. And I have a lot of questions and confusion.
I think for a newbie, deploying your jsp's and servlets
to a J2EE compliant app server can be quite a headache.
You might want to concentrate on tomcat, which does servlet
and jsp.
Some app servers provide a http connector for most common web servers.
I think tomcat has a IIS connector. In this case IIS would serve static html as well as its own stuff, other things like servlets and jsp go to tomcat. I am unsure about this as I mostly use tomcat in standalone mode. You can run tomcat on windows, as it is written in java.
>
2.) Also can I run Servlets on Microsft's IIS on a
Windows 2000 machine? Do I need a special API to run
servlets, or JSPs?

How to properly setup virtual hosts on leopard server

I am not just new to leopard server but new to “server” as a whole. I have bought a 10-client leopard server and installed it on my old macbook couple of days ago because of the gui and seemingly ease-of-setup of a leopard server. I have watched and followed a tutorial on Lynda.com to install my server. Unfortunately, that tutorial focuses mainly on running a single web server. My main purpose of setting up the leopard server is to run multiple virtual hosts. Now my server (which has its own public ip address and I shall refer to it as just IP) is up and running but I seem not to be able to get virtual hostings to work properly. Below is a summary of what I have setup and I hope somebody from the community can take a look and point out what I have done wrong (thanks in advance):
- server setup as advanced
- dns settings:
o I am not sure whether a different zones should be setup for each domain, so I have opted to define 1 primary zone only and then define the other domain as a machine. For simplicity sake, I have only used two domains in the example below. I actually need to setup at least half a dozen.
o primary zone
• my1stdomain.com. is the primary zone name
• ns.my1stdomain.com. is the only nameserver
• mail.my1stdomain.com. is the only mail exchanger
• www.my1stdomain.com. as machine and IP as value
• www.my2nddomain.com. as machine and IP as value
• mail.my1stdomain.com. as machine and IP as value
• server.my1stdomain.com. as machine and IP as value
• ns.my1stdomain.com. as machine and IP as value
o reverse zone
• ip reverse mapping ns.my1stdomain.com.
- web settings:
o sites:
• I have defined the following 2 sites and point each of them to a different folder:
• my1stdomain.com
• my2nddomain.com
- I have setup dns at my domain registrar to reference ns.my1stdomain.com for both my1stdomain.com and my2nddomain.com,
I have no problem accessing www.my1stdomain.com but I couldn’t reach www.my2nddomain.com. and I have a hunch it has to do with my dns settings.

It sounds like there are two compounding errors here.
• www.my1stdomain.com. as machine and IP as value
• www.my2nddomain.com. as machine and IP as value
By definition, www.my2nddomain.com cannot be a record in my1stdomain.com's zone.
You MUST have one zone for my1stdomain.com (that contains my1stdomain.com's NS, MX, mail, www etc. records) and a SECOND, separate zone for my2nddomain.com that contain's its records.
Now the records in my2nddomain.com's zone may contain the same data (e.g. the same A record), or even reference my1stdomain.com (e.g. 'www.my2nddomain.com is a CNAME to www.my1stdomain.com), but they are separate zones.
Secondly.
I have defined the following 2 sites and point each of them to a different folder:
• my1stdomain.com
• my2nddomain.com
If you want to access the site via 'www.my1stdomain.com' (or 'www.my2nddomain.com') then your site needs to be setup for www.my1stdomain.com, not my1stdomain.com
As far as the web server is concerned, 'my1stdomain.com' is a completely different address (and therefore a different site) from 'www.my1stdomain.com. While most poeple set them to the same it is entirely appropriate and valid for them to be two different sites as far as the web server is concerned.
Therefore you need to change your sites' configuration to reference the 'www' version of its hostname.
If you want to run both 'my1stdomain.com' and 'www.my1stdomain.com' as the same site then add the other hostname under Aliases (this tells Apache what hostnames should map to this virtual host).
Try fixing those two elements and try again.
Finally, it's often far easier for others to debug this kind of problem when you talk in real names, not dummy ones. Telling us what the domains in question are, for example, would allow others to query DNS to see what values you're actually publishing, and would go a long way to answering the question for sure, as opposed to just speculation.

How to dynamically connect Extend client to proxy server?

Hi,
Is it possible to do programmatically? My client should decide at run time to which node it will connect.
Thanks, Denis.

Hi Denis,
Yes you can do this, you need to write an implementation of com.tangosol.net.AddressProvider which provides your client with the InetSocketAddress it should connect to. Your implementation of AddressProvider can then work out the end-point however it likes. You configure your remote-cache-scheme or remote-invocation-scheme to use the Addressprovider instead of putting in socket-address entries.
E.G. instead of this...
<tcp-initiator>
<remote-addresses>
    <socket-address>
      <address>192.456.789</address>
      <port>10000</port>
    </socket-address>
</remote-addresses>
</tcp-initiator>you do this...
<tcp-initiator>
<remote-addresses>
    <address-provider>
      <class-name>com.jk.MyAddressProvider<class-name>
    <address-provider>
</remote-addresses>
</tcp-initiator>If you need to parameterise your AddressProvider you can add init-param entries to the config in the usual way.
JK

How to properly setup LB probe for ADFS 3.0 servers

We are facing a problem during ADFS 3.0 (Windows Server 2012 R2), because we do not find a suitable URL for hardware Load Balancer probe to test ADFS nodes.
When tried with IE browser, the URL
https://sts.adfs1.ad/adfs/ls/IdpInitiatedSignon.aspx properly results in ADFS login page but, when tried the same URL with HW LB probe, the probe gets no answer from ADFS server at all.
We compared incoming traffic with network monitor in that ADFS server node (https temporary changed to http to see the traffic), a somewhat similar HTTP GET query did exist:
GET /adfs/ls/IdpInitiatedSignon.aspx HTTP/1.1..Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*..Accept-Language: fi-FI..User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows
NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)..Accept-Encoding: gzip, deflate..Host: sts.adfs1.ad
.PV??ìà_¹«.ç..E..ð'@.ÿ.%Æ¬..ü¬..Lî¢.PL?Ëf\Mæ?...?Ä.......f;[.4..GET /adfs/ls/IdpInitiatedSignon.aspx HTTP/1.1..Connection: Close..Host: sts.adfs1.ad
How to properly monitor the ADFS 3.0 server nodes?
Br, Kari Oikkonen
MCITP/2008
Fujitsu Finland

Please note that using dns name in the url opens the metadata OK, but using IP address fails, not opposite as you mentioned.
The netsh http show sslcert lists the following:
SSL Certificate bindings:
    Hostname:port                : sts.mydomain.com:443
    Certificate Hash             : 12b510eead093f8d29db950a42ecf4940c933533
    Application ID               : {5d89a20c-beab-4389-9447-324788eb944a}
    Certificate Store Name       : MY
    Verify Client Certificate Revocation : Enabled
    Verify Revocation Using Cached Client Certificate Only : Disabled
    Usage Check                  : Enabled
    Revocation Freshness Time    : 0
    URL Retrieval Timeout        : 0
    Ctl Identifier               : (null)
    Ctl Store Name               : AdfsTrustedDevices
    DS Mapper Usage              : Disabled
    Negotiate Client Certificate : Disabled
    Hostname:port                : localhost:443
    Certificate Hash             : 12b510eead093f8d29db950a42ecf4940c933533
    Application ID               : {5d89a20c-beab-4389-9447-324788eb944a}
    Certificate Store Name       : MY
    Verify Client Certificate Revocation : Enabled
    Verify Revocation Using Cached Client Certificate Only : Disabled
    Usage Check                  : Enabled
    Revocation Freshness Time    : 0
    URL Retrieval Timeout        : 0
    Ctl Identifier               : (null)
    Ctl Store Name               : AdfsTrustedDevices
    DS Mapper Usage              : Disabled
    Negotiate Client Certificate : Disabled
    Hostname:port                : sts.mydomain.com:49443
    Certificate Hash             : 12b510eead093f8d29db950a42ecf4940c933533
    Application ID               : {5d89a20c-beab-4389-9447-324788eb944a}
    Certificate Store Name       : MY
    Verify Client Certificate Revocation : Enabled
    Verify Revocation Using Cached Client Certificate Only : Disabled
    Usage Check                  : Enabled
    Revocation Freshness Time    : 0
    URL Retrieval Timeout        : 0
    Ctl Identifier               : (null)
    Ctl Store Name               : (null)
    DS Mapper Usage              : Disabled
    Negotiate Client Certificate : Enabled
The netsh http show urlacl shows the following:
URL Reservations:
    Reserved URL            :
http://+:80/Temporary_Listen_Addresses/
        User: \Everyone
            Listen: Yes
            Delegate: No
            SDDL: D:(A;;GX;;;WD)
    Reserved URL            :
https://+:5986/wsman/
        User: NT SERVICE\WinRM
            Listen: Yes
            Delegate: No
        User: NT SERVICE\Wecsvc
            Listen: Yes
            Delegate: No
            SDDL: D:(A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147-412116970)(A;;GX;;;S-1-5-80-4059739203-877974739-1245631912-527174227-2996563517)
    Reserved URL            :
http://+:5985/wsman/
        User: NT SERVICE\WinRM
            Listen: Yes
            Delegate: No
        User: NT SERVICE\Wecsvc
            Listen: Yes
            Delegate: No
            SDDL: D:(A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147-412116970)(A;;GX;;;S-1-5-80-4059739203-877974739-1245631912-527174227-2996563517)
    Reserved URL            :
http://+:47001/wsman/
        User: NT SERVICE\WinRM
            Listen: Yes
            Delegate: No
        User: NT SERVICE\Wecsvc
            Listen: Yes
            Delegate: No
            SDDL: D:(A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147-412116970)(A;;GX;;;S-1-5-80-4059739203-877974739-1245631912-527174227-2996563517)
    Reserved URL            :
http://*:2869/
        User: NT AUTHORITY\LOCAL SERVICE
            Listen: Yes
            Delegate: No
            SDDL: D:(A;;GX;;;LS)
    Reserved URL            :
http://*:5357/
        User: BUILTIN\Users
            Listen: Yes
            Delegate: No
        User: NT AUTHORITY\LOCAL SERVICE
            Listen: Yes
            Delegate: No
            SDDL: D:(A;;GX;;;BU)(A;;GX;;;LS)
    Reserved URL            :
https://*:5358/
        User: BUILTIN\Users
            Listen: Yes
            Delegate: No
        User: NT AUTHORITY\LOCAL SERVICE
            Listen: Yes
            Delegate: No
            SDDL: D:(A;;GX;;;BU)(A;;GX;;;LS)
    Reserved URL            :
https://+:443/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/
        User: NT SERVICE\SstpSvc
            Listen: Yes
            Delegate: Yes
        User: BUILTIN\Administrators
            Listen: No
            Delegate: No
        User: NT AUTHORITY\SYSTEM
            Listen: Yes
            Delegate: Yes
            SDDL: D:(A;;GA;;;S-1-5-80-3435701886-799518250-3791383489-3228296122-2938884314)(A;;GR;;;BA)(A;;GA;;;SY)
    Reserved URL            :
http://+:80/adfs/
        User: NT SERVICE\adfssrv
            Listen: Yes
            Delegate: Yes
            SDDL: D:(A;;GA;;;S-1-5-80-2246541699-21809830-3603976364-117610243-975697593)
    Reserved URL            :
https://+:443/adfs/
        User: NT SERVICE\adfssrv
            Listen: Yes
            Delegate: Yes
            SDDL: D:(A;;GA;;;S-1-5-80-2246541699-21809830-3603976364-117610243-975697593)
    Reserved URL            :
https://+:49443/adfs/
        User: NT SERVICE\adfssrv
            Listen: Yes
            Delegate: Yes
            SDDL: D:(A;;GA;;;S-1-5-80-2246541699-21809830-3603976364-117610243-975697593)
    Reserved URL            :
https://+:443/FederationMetadata/2007-06/
        User: NT SERVICE\adfssrv
            Listen: Yes
            Delegate: Yes
            SDDL: D:(A;;GA;;;S-1-5-80-2246541699-21809830-3603976364-117610243-975697593)
Any idea of how to build a probe rule with IP address?

Issue with using Sun Java Proxy Server

We are trying to access the WebService using the Sun Proxy Server.
When I access the WebService through proxy ,I find the error message in proxy error log as
[18/Oct/2005:19:10:40] failure ( 1288): for host 127.0.0.1 trying to POST http://localhost:1080/yodsoap/services/CobrandLogin, service-http reports: HTTP7760: error reading request body (Client closed connection)
and the access log is as follows:
POST http://localhost:1080/yodsoap/services/CobrandLogin HTTP/1.1" 400 147
But when i see the WebServer access log for the same WebService POST /yodsoap/services/CobrandLogin HTTP/1.1" 200 1783 "-" "Axis/1.1RC1"
This case is happening when the request is compressed for the webservice. and the request headers are as follows:
POST /yodsoap/services/CobrandLogin HTTP/1.1
Content-Type: text/xml; charset=utf-8
Accept: application/soap+xml, application/dime, multipart/related, text/*
User-Agent: Axis/1.1RC1
Host: 127.0.0.1
Cache-Control: no-cache
Pragma: no-cache
SOAPAction: "loginCobrand"
Content-Length: 1412
Connection: close
Content-Encoding: gzip
And the response headers are as follows:
HTTP/1.1 200 OK
Server: Resin/3.0.8
Content-Type: text/xml; charset=utf-8
Transfer-Encoding: chunked
Date: Tue, 18 Oct 2005 13:41:50 GMT
So ,we found out that if we dont use the proxy server,then the WebService is working properly,but if we start using the proxy server,we are encountering HTTP400 error.
Any ideas will help out to solve this problem..???
Thankz in advance.
Regards,
Somendra

This is what I see in the error message:
ProxyFactory initialized in SOAP_CLIENT_MODE
System property : com.yodlee.soap.client.log4j.config not found. Using the default config resource : com.yodlee.util.soap.log4j
ProxyFactory initialized in SOAP_CLIENT_MODE
System property : com.yodlee.soap.client.log4j.config not found. Using the default config resource : com.yodlee.util.soap.log4j
HTTP Header name and value is HTTP/1.1 400 Bad request
HTTP Header name and value is Server Sun-Java-System-Web-Proxy-Server/4.0
HTTP Header name and value is Date Tue, 18 Oct 2005 14:56:21 GMT
HTTP Header name and value is Connection close
com.yodlee.core.CoreRemoteException: org.xml.sax.SAXException: Bad envelope tag: HTML
     at com.yodlee.soap.core.login.CobrandLoginSoapClientProxy.loginCobrand(CobrandLoginSoapClientProxy.java:132)
     at SoapClient.main(SoapClient.java:45)
Caused by: org.xml.sax.SAXException: Bad envelope tag: HTML
     at org.apache.axis.AxisFault.makeFault(AxisFault.java:129)
     at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:543)
     at org.apache.axis.Message.getSOAPEnvelope(Message.java:376)
     at org.apache.axis.client.Call.invokeEngine(Call.java:2511)
     at org.apache.axis.client.Call.invoke(Call.java:2481)
     at org.apache.axis.client.Call.invoke(Call.java:2176)
     at org.apache.axis.client.Call.invoke(Call.java:2099)
     at org.apache.axis.client.Call.invoke(Call.java:1622)
     at com.yodlee.soap.core.login.CobrandLoginSoapBindingStub.loginCobrand(CobrandLoginSoapBindingStub.java:225)
     at com.yodlee.soap.core.login.CobrandLoginSoapClientProxy.loginCobrand(CobrandLoginSoapClientProxy.java:119)
     ... 1 more
Caused by: org.xml.sax.SAXException: Bad envelope tag: HTML
     at org.apache.axis.message.EnvelopeBuilder.startElement(EnvelopeBuilder.java:107)
     at org.apache.axis.encoding.DeserializationContextImpl.startElement(DeserializationContextImpl.java:934)
     at org.apache.crimson.parser.Parser2.maybeElement(Parser2.java:1635)
     at org.apache.crimson.parser.Parser2.parseInternal(Parser2.java:634)
     at org.apache.crimson.parser.Parser2.parse(Parser2.java:333)
     at org.apache.crimson.parser.XMLReaderImpl.parse(XMLReaderImpl.java:448)
     at javax.xml.parsers.SAXParser.parse(SAXParser.java:345)
     at org.apache.axis.encoding.DeserializationContextImpl.parse(DeserializationContextImpl.java:230)
     at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:538)
     ... 9 more

How to Setup SSL on Oracle Application Server 10g Release 2 (10.1..2)

Hi All,
Can anybody tell me How to setup the SSL on Oracle Application Server 10g Release 2 (10.1.2).
I have all the required documents like
1. Oracle Application Server Portal Server Configuration Guide.
2. Oracle Application Server Web Cache Configuration Guide.
3. Oracle Application Server SSO Administration Guide.
I tried to follow all this documents but still i am not able to set SSL for Oracle Portal Server.

The Portal Configuration Guide, available on OTN at http://www.oracle.com/technology/documentation/appserver1012.html does provide some very specific information on how to set up OracleAS Portal.
Section 6.3.2.1 Configuring SSL for OracleAS Portal describes various configurations, such as:
SSL to OracleAS Single Sign-On
SSL to OracleAS Web Cache
SSL Throughout OracleAS Portal
External SSL with Non-SSL Within Oracle Application Server
For larger enterprise configurations, you can refer to the Enterprise Deployment Guide.
Can you give a bit more background on what you are trying to set up? Which scenario, what sort of hardware, software versions, and so on.
Regards,
Pete

Exchange 2010: How to renew an SSL certificate?

Hi all. I have done some reading but it seems I can't find just a simple step-by-step on how to renew an SSL certificate issued by a 3rd party CA for Exchange 2010. I really don't want to mess this one up by cobbling together partial answers
from various forums and end up omitting something, then being stuck unable to figure out why I broke email while the CEO flips out.
This is a standard GoDaddy 5-domain UCC certificate. There is only one Exchange server, SP3 (I don't think I have Rollup 6 on yet). The existing certificate expires in a month or so.
I have some specific questions but perhaps these would be answered via what I hope will be a step by step instruction set in your reply :) Sorry to appear lazy by asking for the full instructions just that so far no single forum post nor MS TechNet article
has addressed all my concerns, or in some cases information conflicts. So my concerns for example are: can you do a renewal for a certificate before the old one expires? It is actually a renewal, or are you adding a 2nd certificate?
Do you have to do anything in IIS or does EMC or EMS do all that for you?
Thank you.

-->Can you do a renewal for a certificate before the old one expires?
Yes. Normally 3rd party CA allows you to renew certificate before the current one expires.
-->It is actually a renewal, or are you adding a 2nd certificate?
You have to renew the certificate and a new/second certificate will be added to your server certificate store. Please check below for detailed step of Godaddy renewal. http://stevehardie.com/2013/10/how-to-renew-a-godaddy-exchange-2010-ssl-certificate/
-->Do you have to do anything in IIS or does EMC or EMS do all that for you?
You will have to do it from MMC or EMS. No need to do anything from IIS.
Follow the steps below to make your work easy or follow the video in this site site.http://www.netometer.com/video/tutorials/Exchange-2010-how-to-renew-SSL-certificate/
1. Run this command from EMS to generate CSR. You can see the CSR named "newcsr.txt" in C:\CSR
folder
Set-Content -path "C:\CSR\newcsr.txt" -Value (New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "c=US, s=WA, l=Bellavue, o=Contoso, cn=commonname.domain.com" -DomainName autodiscover.domain.com -PrivateKeyExportable $True)
2. Renew the certificate from Godaddy (from Godaddy portal) using the new CSR (i.e. newcsr.txt). Download the certificate from Godaddy after renewal.
3. Open Exchange MMC. Go to Server configuration. Right click on the pending request. Click on complete pending request and browse to the newly downloaded certificate. Make sure you have internet when doing this.
4. Assign services using the steps in the below site. Make sure you have selected the new certificate. You will see the thumbprint just before completion http://exchangeserverpro.com/how-to-assign-an-ssl-certificate-to-exchange-server-2010-services/
5.Delete the old one certificate from MMC.
From EMS use this command
Remove-ExchangeCertificate -Thumbprint <old cert thumprint>
You can see the the certificate thumprints using Get-ExchangeCertificate command
MAS. Please dont forget to mark as answer if it helped.

How to properly terminate SSL at Sun Proxy Server?

Similar Messages

Maybe you are looking for