Howto use SSL-2 (https) and .pfx certificate in SOAP cc - padding error!
I'm working on a rfc to soap scenario in PI 7.1, and I must connect PI to some external web services through https.
We must use a two-sided SSL connection (SSL-2), we received a .pfx certificate to achieve this.
SAP Basis installed the certificate in the (java)nwa. In the SOAP communication channel i can choose the installed ceritifcate when i set the 'Configure Certificate Authentication'. Tried this, got the "error: iaik.security.ssl.SSLException: Padding length error: 106"
Other option tried is to set the 'Select security profile'and choose Web Services Security. Then in the receiver agreement i can set the certificate for the encryption and/or decryption. Various scenario's tried, not succesful. We've seen that the pfx certificate contains two certificates (private and public one). But in the receiver agreement there is no choice between those two, we can only select the .pfx
We also added a user with transaction EXTID_DN. Still got the same error.
Does somebody have a suggestion what to do? Must we split the .pfx certificate in two separate files/certificates? Do we use the incorrect DN/CN in the EXTID_DN?
Hi,
What is your requirement ? The "2-sides" concept of SSL, what is it exactly ? Or does it simply mean that you're going to connect to a SSL target providing a SSL client certificate ?
Usually, you import the SSL target's CA chain (ie Verisign CAs, etc) into the NWA key store, provide the CA chain for your own SSL client cerificate to the target and configure channels accordingly
Rgds
Chris
Similar Messages
-
Any Problems using SSL with Safari and the move with Internet explorer to require only TLS encryption.
Hi .
Apple no longer supports Safari for Windows if that's what you are asking > Apple apparently kills Windows PC support in Safari 6.0
Microsoft has not written IE for Safari for many years. -
I cannot log into iCloud using my Apple username and password. I keep getting an error message that states "CANNOT SIGN UP - The Apple ID is valid but is not an iCloud account." How do I fix this?
You are getting this message because you are attempting to create an iCloud account on a PC. You can only create iCloud account on an iOS device (iPhone, iPad or iPod Touch) running iOS 5 or higher, or on a Mac running OS X Lion (10.7.2) or higher. After creating your account on one of these devices you will then be able to sign into the account on your PC.
-
AIR, Https and invalid certificates
If you have a flex application and access it using https and the site certificate is invalid for some reason the browser gives a warning about the site and an option to continue to the site, if you choose to continue the application loads and runs as normal.
However if you make the same application as an AIR app then you get a warning message for every call made to the site. You can click continue but as soon as it makes another connection it will again present you with the warning message.
Simply to load, our application displayed over 200 warning messages, compared to 1 warning if running the same application it the browser
Obviously in this situation the AIR application is not practicable.
Is there any workaround for this, we currently don't have an option to change the certificate.I have a valid certificate but I got an error when I tried to make a connection using httpservice because I used "www" in the url.
I removed "www" and It works. https://domainname.com
Finally, I dont recommend to use out of date or invalid certificates for corporate Air Apps.
regards.
Jhon Carrillo
@jhoncarrillo -
i used another USB cable and then also its showing error message as[ An unknown error occurred (0xE8000022)]
iPhone, iPad, iPod touch: Unknown error containing '0xE' when connecting
-
I use i-tunes on a Windows Network with pc's using Windows 7, Vista, and XP. After recent Apple updates the XP machine says i-tunes library created on a newer version of i-tunesand does not load. The Apple uppdater on the XP machine returns all software up to date. How do I get the XP machne to recognise the library?
For general library squiffiness following an upgrade or crash the easiest thing is to restore your last backup, but I guess if it were that simple you wouldn't be here.
Empty/corrupt library after upgrade/crash
Hopefully it's not been too long since you last upgraded iTunes, in fact if you get an empty/incomplete library immediately after upgrading then with the following steps you shouldn't lose a thing or need to do any further housekeeping. In the Previous iTunes Libraries folder should be a number of dated iTunes Library files. Take the most recent of these andcopy it into the iTunes folder. Rename iTunes Library.itl as iTunes Library (Corrupt).itl and then rename the restored file as iTunes Library.itl. Start iTunes. Should all be good, bar any recent additions to or deletions from your library.
See iTunes Folder Watch for a tool to catch up with any changes since the backup file was created.
PS There is also a new iTunes build to download today, so might be worth getting that. A new iTunes should always load an older library file.
tt2 -
SSL between JNDI and AD - certificate chain
Hi,
I am trying to connect my active directory via SSL with the samples from the tutorial. Can anybody tell me, how I can export a certificate from AD (self-signed), so that I can import it with keytool? Or better, how to build that required certificate chain.
Thanks a lot
Falko BraunIf you are using AD as your Certificate Authority you can go to
http://servername/certserv
which is the web interface for certificates.
If you want the AD servers certificate, in the certificates snapin in MMC you can right click on the servers personal certificate -all tasks->export and export it.
Hope this helps.
G
Hi,
I am trying to connect my active directory via SSL
with the samples from the tutorial. Can anybody tell
me, how I can export a certificate from AD
(self-signed), so that I can import it with keytool?
Or better, how to build that required certificate
chain.
Thanks a lot
Falko Braun -
please help cannot logon to my router.
how to install custome certificate with ssh?
This is happing when certificate give me error: "This certificate has an invalid digital signature."
Why not imlement update with ease import of custome certificate?
I send many request to support but zero result.
ig you google it this problem you will see that only cisco goods have this problem and no one care about that according cisco support. why? I will never buy cisco product.I try different browsers and they all have certificate notice alert.
New IE on win8 by default not allow to enter secure page with expire certificates.
I hope that cisco will make new firmeware with functionality to add costume certificate pfx for example.
Cisco support lower encryption type. Every new windows encrase cryptograpgi that IE support by default. Look IE about to see type 64 or 128 or 256…
On xp will work good, but we are now in era of win 8 with IE that support by default 128 or 256 depending home or server version. -
Howto use on both macOSX and Windows XP?
The last ipod I owned could be plugged into the usb port of 'any' computer (well, any mac or pc)(that model was formatted for windows), but my latest 5G model asks to be reformatted if I try to run it with windows (this time I have formatted my ipod for mac) and thus cant be used with windows which is a pain because I own an imac that also runs window and would like to simply use my ipod and add the odd song on windows too! Surely the 5g ipod isnt this unflexible?
Does anyone know any solutions? any advice appreciated
Joe"i thought he was talking about music, because u cannot put music onto a windows formatted iPod on a Mac, I have tried."
You are mistaken and when you tried something else must have been wrong. I have had my 80GB iPod about 6 months or so now and it has always been formatted in Windows format and is exclusively used on my eMac running Mac OS 10.3.9.
As Chris already pointed out, Macs can read Windows formatted iPods and can certainly put songs on them. The roughly 7500 songs on my Dos formatted iPod put their by my Mac proves that.
Patrick -
AIR on Android can't connect using SSL
I'm trying to connect to a Java server using SSL, with a signed and trusted certificate, but keep getting InvalidCertificate error.
Everything is fine with the certificate, but the error happens when connecting through android AIR app.
Connection works fine when connecting without SSL, but that is not an option.
What may be wrong?More info:
Renaming the cert8.db didn't change anything.
I get into these ILO interfaces fairly often and I can say that Firefox had a problem over a year ago (or so) where it would let you in once and then say (IIRC) Invalid Cookie on subsequent attempts. Maybe deleting the cert8.db would fix that. Anyway, an update fixed that issue.
I just tested with Firefox 17 and it worked fine. Here are screen shots and the .cer file I exported. This is from a different (virgin) server at .93
https://www.dropbox.com/l/gGYGz2myJnUu9uNoPwsYxd
(Hope this works -- I'm new to DropBox)
IE says:
The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website was issued for a different website's address.
I didn't generate the certificate; the come pre-generated by HP. Anyway, I tried re-generating the certificate and I now get this error:
Secure Connection Failed
An error occurred during a connection to 10.1.20.91. You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information: Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number. (Error code: sec_error_reused_issuer_and_serial)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
I tried to attach the exported certificate, but I seem to only be allowed to upload graphical images.
IE Key Usage says: Certificate Signing, Off-line CRL Signing, CRL Signing (06) -
I am trying to invoke FinancialUtilService using HTTP proxy client. I am getting below error while i am trying to invoke this service. Using FusionServiceTester i am able to invoke service and upload file to UCM. Using oracle.ucm.fa_client_11.1.1.jar also i am able to upload file to UCM without any issue. But using HTTP proxy client i am facing below error. Can anyone please help me. PFA code i am using to invoke this service.
javax.xml.ws.soap.SOAPFaultException: InvalidSecurity : error in processing the WS-Security security header
at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:197)
at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:122)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:125)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
at $Proxy43.uploadFileToUcm(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
at $Proxy44.uploadFileToUcm(Unknown Source)
at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:299)
at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:273)
Process exited with exit code 0.
Message was edited by: Oliver Steinmeier
Removed attachmentHi Jani,
Thanks for your reply.
I am new to webservices and we are trying to do a POC on invoking FinancialUtilService using HTTP proxy client. I am following steps mentioned in attached pdf section "Invoking FinancialUtil Service using Web Service Proxy Client". I have imported certificate using below command.
keytool -import -trustcacerts -file D:\Retek\Certificate.cer -alias client -keystore D:\Retek\default-keystore.jks -storepass welcome1
Invoking
SecurityPolicyFeature[] securityFeature =
new SecurityPolicyFeature[] { new
SecurityPolicyFeature("oracle/wss11_saml_token_with_message_protection_client_policy")};
financialUtilService_Service = new FinancialUtilService_Service();
FinancialUtilService financialUtilService= financialUtilService_Service.getFinancialUtilServiceSoapHttpPort(securityFeature);
// Get the request context to set the outgoing addressing properties
WSBindingProvider wsbp = (WSBindingProvider)financialUtilService;
WSEndpointReference replyTo =
new WSEndpointReference("https://efops-rel91-patchtest-external-fin.us.oracle.com/finFunShared/FinancialUtilService", WS_ADDR_VER);
String uuid = "uuid:" + UUID.randomUUID();
wsbp.setOutboundHeaders( new StringHeader(WS_ADDR_VER.messageIDTag, uuid), replyTo.createHeader(WS_ADDR_VER.replyToTag));
wsbp.getRequestContext().put(WSBindingProvider.USERNAME_PROPERTY, "fin_user1");
wsbp.getRequestContext().put(WSBindingProvider.PASSWORD_PROPERTY, "Welcome1");
wsbp.getRequestContext().put(ClientConstants.WSSEC_RECIPIENT_KEY_ALIAS,"service");
wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_LOCATION, "D:/Retek/default-keystore.jks");
wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_PASSWORD, "welcome1" );
wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_TYPE, "JKS" );
wsbp.getRequestContext().put(ClientConstants.WSSEC_SIG_KEY_ALIAS, "client" );
wsbp.getRequestContext().put(ClientConstants.WSSEC_SIG_KEY_PASSWORD, "password" );
wsbp.getRequestContext().put(ClientConstants.WSSEC_ENC_KEY_ALIAS, "client" );
wsbp.getRequestContext().put(ClientConstants.WSSEC_ENC_KEY_PASSWORD, "password" );
SEVERE: WSM-00057 The certificate, client, is not retrieved.
SEVERE: WSM-00137 The encryption certificate, client, is not retrieved due to exception oracle.wsm.security.SecurityException: WSM-00057 : The certificate, client, is not retrieved..
SEVERE: WSM-00161 Client encryption public certificate is not configured for Async web service client
SEVERE: WSM-00005 Error in sending the request.
SEVERE: WSM-07607 Failure in execution of assertion {http://schemas.oracle.com/ws/2006/01/securitypolicy}wss11-saml-with-certificates executor class oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.
SEVERE: WSM-07602 Failure in WS-Policy Execution due to exception.
SEVERE: WSM-07501 Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.client, application=null, composite=null, modelObj=FinancialUtilService, policy=oracle/wss11_saml_token_with_message_protection_client_policy, policyVersion=null, assertionName={http://schemas.oracle.com/ws/2006/01/securitypolicy}wss11-saml-with-certificates.
oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
at oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.sendRequest(Wss11SamlWithCertsScenarioExecutor.java:173)
at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:545)
at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:608)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:335)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:282)
at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:102)
at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:915)
at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:436)
at oracle.wsm.agent.handler.WSMEngineInvoker.handleRequest(WSMEngineInvoker.java:393)
at oracle.wsm.agent.handler.wls.WSMAgentHook.handleRequest(WSMAgentHook.java:239)
at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:220)
at weblogic.wsee.jaxws.tubeline.FlowControlTube.processRequest(FlowControlTube.java:98)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
at com.sun.xml.ws.client.Stub.process(Stub.java:259)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:152)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
at $Proxy43.uploadFileToUcm(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
at $Proxy44.uploadFileToUcm(Unknown Source)
at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:111)
at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:86)
Caused by: oracle.wsm.security.SecurityException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.insertClientEncCertToWSAddressingHeader(Wss11X509TokenProcessor.java:979)
at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.build(Wss11X509TokenProcessor.java:206)
at oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.sendRequest(Wss11SamlWithCertsScenarioExecutor.java:164)
... 30 more
Caused by: oracle.wsm.security.SecurityException: WSM-00057 : The certificate, client, is not retrieved.
at oracle.wsm.security.jps.WsmKeyStore.getJavaCertificate(WsmKeyStore.java:534)
at oracle.wsm.security.jps.WsmKeyStore.getCryptCert(WsmKeyStore.java:570)
at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.insertClientEncCertToWSAddressingHeader(Wss11X509TokenProcessor.java:977)
... 32 more
SEVERE: WSMAgentHook: An Exception is thrown: WSM-00161 : Client encryption public certificate is not configured for Async web service client
File upload failed
javax.xml.ws.WebServiceException: javax.xml.rpc.JAXRPCException: oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:231)
at weblogic.wsee.jaxws.tubeline.FlowControlTube.processRequest(FlowControlTube.java:98)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
at com.sun.xml.ws.client.Stub.process(Stub.java:259)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:152)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
at $Proxy43.uploadFileToUcm(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
at $Proxy44.uploadFileToUcm(Unknown Source)
at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:111)
at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:86)
Caused by: javax.xml.rpc.JAXRPCException: oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
at oracle.wsm.agent.handler.wls.WSMAgentHook.handleException(WSMAgentHook.java:395)
at oracle.wsm.agent.handler.wls.WSMAgentHook.handleRequest(WSMAgentHook.java:248)
at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:220)
... 19 more -
Hi,
I want to consume a Java Web service from Dotnet based client Application. The service require one Certificate("abc.PFX") for Two Way SSL purpose and another certificate("xyz.pfx") for WS security purpose to be passed from client Application(Dotnet
Console based). I tried configuring the App.config of Client application to pass both the certs but getting Error says:
Could not establish secure channel for SSL/TLS with authority "******aaaa.com"
Please suggest how to pass both the certs from client Application..Hi,
This problem can be due to an Untrusted certificate. So you need just full permissions to certificates.
And for more information, you could refer to:
http://contractnamespace.blogspot.jp/2014/12/could-not-create-secure-channel-fix.html
Regards -
HTTPS using SOAP and sharing certificates
Hi Experts,
We have been able to activate HTTPS port in our PI system and created a scenario with SOAP sender with option -- >> HTTPS without client authentication.
Now, we generated the URL from sender agreement -- >> https:<host>:<port>:XISOAPAdapter/MessageServlet?........
When we try to test this from SOAPUI, an error message is received that - Client Certificate is required.
Now in NWA, under Security - >> SSL, we could find Private key and have uploaded the same in SOAPUI Keystore... But the error persists.
Just to emphasie we are just using self-generated certificate which is not signed by any CA.
Now questions or rather confusions:
1. If PI is hosting a service ( SOAP Sender ), exactly what kind of certificate should be exported and imported into SOAPUI or third party ? Private key PK8, PK12 or simply Certificate ?? Where exactly is the Public key ?
2. In case third party hosts the service and PI needs to consume it, I assume third party will share their certificates. Will they share public or private key ? Shall we simply upload it in our key store and it will work ?
3. In case PI and Third Party both are hosting the services so do we need 2 Set of certificates for scenarios to work ? ( One generated at each server ?)
I have read blogs, discussions but have seen varying opinions and hence wanted to clarify.
Thanks..
regards,
Omkar.Please go through this link - HTTP and SSL - SAP NetWeaver Process Integration Security Guide - SAP Library
"A general prerequisite for using HTTPS in both SAP NetWeaver Application Server (AS) ABAP and Java is that the SAP Cryptographic Library is installed on the AS. In addition, the certificates (for example an X.509 certificate) used must have been issued by a company-internal Certification Authority (CA), or by an external trusted CA such as Thawte, Verisign, or TC Trustcenter." -
HTTP adapter, SSL and wildcard certificate
Hi,
I am developing a B2B integration solution using BizTalk Server. The protocol used to communicate with the partner’s server is HTTPS and so it uses SSL.
The certificate the partner is using to establish SSL connections is provided by GeoTrust but it is a wildcard certificate, issued to *.*.*.company.com
The server I am trying to contact to is on a domain of the form: a.b.c.company.com (which seems to match the wildcard).
When I try to open an HTTPS connection to the server (either through Internet Explorer, a .Net Windows Application or BizTalk), the connection cannot be established because the certificate is said to not be trusted. For example, Internet Explorer shows a pop-up message saying that:
- The certificate is issued from a valid CA
- The certificate date is valid
- The name of the certificate is NOT matching the name of the site. This means that the certificate is issued for a domain different that the one we are accessing to. So it seems that the wildcard system is not working for this certificate? Is that possible if they aquire a wrong type of certificate by mistake? or is multipart wildcard certificate (*.*.*) not supported?
Anyway even if their certificate is not 100% valid, they refuse to change it as their other partners work with that and they won't change to a proper certificate just for us...
In .Net 2.0 code, it is easy to circumvent any certificate validation by setting the delegate ServicePointManager.ServerCertificateValidationCallback to a callback method with something like:
ServicePointManager.ServerCertificateValidationCallback = delegate(Object obj, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors) { return true; };
Nevertheless, I need to achieve this sort of circumvention with BizTalk Server 2006 and I would like to know if anyone ever did that.
I am aware that I can write my own custom HTTP Adapter but I need this urgently so I thought of asking this forum's community first. Maybe someone as a quicker way than writing a custom adapter such as some "hack" (registry keys, custom class... ) or knows of an existing custom adapter already doing the job.
Thanks in advance,
Best regards,
Francois MalgreveThe certificate needs to be installed as a explicitly trusted certificate in the store under the computer a/c on the BzTalk machine and then it'll work. Refer
https://thinkintegration.wordpress.com/2011/12/02/biztalk-https-adapter-and-certificate-configurations/ for the steps.
Regards. -
Both http and https on struts in tomcat using SSL
I want to apply both http and https as need, on a single web application on struts. My server is tomcat. I need a complete documentation. Some help me please.
If you are terminating SSL on ACE then there is no way to do it with one policy because of ssl-proxy command. However it is possible to use same serverfarms with two VIP like this:
access-list ACL line 10 extended permit ip any any
rserver host TEST
ip address 20.20.2.11
inservice
serverfarm host TEST
rserver TEST
inservice
ssl-proxy service SSL_SERVER
key KEY12.PEM
cert CERT12.PEM
class-map match-any SSL
2 match virtual-address 10.10.2.101 tcp eq https
class-map match-any HTTP
2 match virtual-address 10.10.2.101 tcp eq http
policy-map type loadbalance first-match L7_POL
class class-default
serverfarm TEST
policy-map multi-match L7
class SSL
loadbalance vip inservice
loadbalance policy L7_POL
loadbalance vip icmp-reply
ssl-proxy server SSL_SERVER
class HTTP
loadbalance vip inservice
loadbalance policy L7_POL
loadbalance vip icmp-reply
interface vlan 210
ip address 10.10.2.1 255.255.255.0
service-policy input L7
access-group input ACL
no shutdown
interface vlan 220
ip address 20.20.2.1 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 10.90.15.1
However, if you are not doing SSL termination on ACE and you are just doing L4 load-balancing, you will most likely need to configure SSL stickiness, which again leads to having separate policies because of the sticky serverfarms which need separate loadbalance policy lines.
Maybe you are looking for
-
Can't update or uninstall Air 3.0 on Mac OS 10.7.2
Whenever I try to update Air, or uninstall with the Adobe Uninstaller I always get the same error message. An error occurred while installing Adobe AIR. Installation may not be allowed by your administrator. Please contact your administrator. Of cour
-
Re: skype to go number is not working
It doesn't recognize ANY registered number, but sure KEEP EATING MY MONEY in the process of trying to fix it.It is so frustrating...Maybe it's time to change to Google voice!
-
Email from Ipad...
I sent this morining an email with my new ipad from my gmail account. The receiver said that the message presents some strange "transfer encoded" characters. This is an example... Buongiorno Annina! Stamattina ero gi=C3=A0 sveglio alle 7:30....un po'
-
im new here, Need help...!!
-
Re : Powershell does NOT return errorcode to CMD file thats invoking PS
Hello there, I am trying to return the exit code from PS back to CMD file that invokes the PS. Funny thing is PS does print exit code as 1 but CMD files still shows errorlevel as 0..... not sure what is causing it. The catch block in PS , I attempted