Howto use SSL-2 (https) and .pfx certificate in SOAP cc - padding error!

Similar Messages

• Any Problems using SSL with Safari and the move with Internet explorer to require only TLS encryption.

  Any Problems using SSL with Safari and the move with Internet explorer to require only TLS encryption.

  Hi .
  Apple no longer supports Safari for Windows if that's what you are asking >  Apple apparently kills Windows PC support in Safari 6.0
  Microsoft has not written IE for Safari for many years.

• HT204053 I cannot log into iCloud using my Apple username and password.  I keep getting an error message that states "CANNOT SIGN UP - The Apple ID is valid but is not an iCloud account."  How do I fix this?

  I cannot log into iCloud using my Apple username and password.  I keep getting an error message that states "CANNOT SIGN UP - The Apple ID is valid but is not an iCloud account."  How do I fix this?

  You are getting this message because you are attempting to create an iCloud account on a PC.  You can only create iCloud account on an iOS device (iPhone, iPad or iPod Touch) running iOS 5 or higher, or on a Mac running OS X Lion (10.7.2) or higher.  After creating your account on one of these devices you will then be able to sign into the account on your PC.

• AIR, Https and invalid certificates

  If you have a flex application and access it using https and the site certificate is invalid for some reason the browser gives a warning about the site and an option to continue to the site, if you choose to continue the application loads and runs as normal.
  However if you make the same application as an AIR app then you get a warning message for every call made to the site. You can click continue but as soon as it makes another connection it will again present you with the warning message.
  Simply to load, our application displayed over 200 warning messages, compared to 1 warning if running the same application it the browser
  Obviously in this situation the AIR application is not practicable.
  Is there any workaround for this, we currently don't have an option to change the certificate.

  I have a valid certificate but I got an error when I tried to make a connection using httpservice because I used "www" in the url.
  I removed "www" and It works. https://domainname.com
  Finally, I dont recommend to use out of date or invalid certificates for corporate Air Apps.
  regards.
  Jhon Carrillo
  @jhoncarrillo

• TS3221 using ipod touch 3g and trying to connect to itunes this error message appeared,An unknown error occurred (0xE8000022) any advice please?

  i used another USB cable and then also its showing error message as[ An unknown error occurred (0xE8000022)]

  iPhone, iPad, iPod touch: Unknown error containing '0xE' when connecting

• I use i-tunes on Windows network using Windows 7, Vista, and XP. I now get an error on the XP machine the library was created on a newer version of I tunes, yet apple update on that machine say all up to date.

  I use i-tunes on a Windows Network with pc's using Windows 7, Vista, and XP. After recent Apple updates the XP machine says i-tunes library created on a newer version of i-tunesand does not load. The Apple uppdater on the XP machine returns all software up to date. How do I get the XP machne to recognise the library?

  For general library squiffiness following an upgrade or crash the easiest thing is to restore your last backup, but I guess if it were that simple you wouldn't be here.
  Empty/corrupt library after upgrade/crash
  Hopefully it's not been too long since you last upgraded iTunes, in fact if you get an empty/incomplete library immediately after upgrading then with the following steps you shouldn't lose a thing or need to do any further housekeeping. In the Previous iTunes Libraries folder should be a number of dated iTunes Library files. Take the most recent of these andcopy it into the iTunes folder. Rename iTunes Library.itl as iTunes Library (Corrupt).itl and then rename the restored file as iTunes Library.itl. Start iTunes. Should all be good, bar any recent additions to or deletions from your library.
  See iTunes Folder Watch for a tool to catch up with any changes since the backup file was created.
  PS There is also a new iTunes build to download today, so might be worth getting that. A new iTunes should always load an older library file.
  tt2

• SSL between JNDI and AD - certificate chain

  Hi,
  I am trying to connect my active directory via SSL with the samples from the tutorial. Can anybody tell me, how I can export a certificate from AD (self-signed), so that I can import it with keytool? Or better, how to build that required certificate chain.
  Thanks a lot
  Falko Braun

  If you are using AD as your Certificate Authority you can go to
  http://servername/certserv
  which is the web interface for certificates.
  If you want the AD servers certificate, in the certificates snapin in MMC you can right click on the servers personal certificate -all tasks->export and export it.
  Hope this helps.
  G
  Hi,
  I am trying to connect my active directory via SSL
  with the samples from the tutorial. Can anybody tell
  me, how I can export a certificate from AD
  (self-signed), so that I can import it with keytool?
  Or better, how to build that required certificate
  chain.
  Thanks a lot
  Falko Braun

• Linksys Routers not accessable via HTTPS and This certificate has an invalid digital signature.

  please help cannot logon to my router.
  how to install custome certificate with ssh?
  This is happing when certificate give me error: "This certificate has an invalid digital signature."
  Why not imlement update with ease import of custome certificate?
  I send many request to support but zero result.
  ig you google it this problem you will see that only cisco goods have this problem and no one care about that according cisco support. why? I will never buy cisco product. 

  I try different browsers and they all have certificate notice alert.
  New IE on win8 by default not allow to enter secure page with expire certificates.
  I hope that cisco will make new firmeware with functionality to add costume certificate pfx for example.
  Cisco support lower encryption type. Every new windows encrase cryptograpgi that IE support by default. Look IE about to see type 64 or 128 or 256…
  On xp will work good, but we are now in era of win 8 with IE that support by default 128 or 256 depending home or server version.

• Howto use on both macOSX and Windows XP?

  The last ipod I owned could be plugged into the usb port of 'any' computer (well, any mac or pc)(that model was formatted for windows), but my latest 5G model asks to be reformatted if I try to run it with windows (this time I have formatted my ipod for mac) and thus cant be used with windows which is a pain because I own an imac that also runs window and would like to simply use my ipod and add the odd song on windows too! Surely the 5g ipod isnt this unflexible?
  Does anyone know any solutions? any advice appreciated
  Joe

  "i thought he was talking about music, because u cannot put music onto a windows formatted iPod on a Mac, I have tried."
  You are mistaken and when you tried something else must have been wrong. I have had my 80GB iPod about 6 months or so now and it has always been formatted in Windows format and is exclusively used on my eMac running Mac OS 10.3.9.
  As Chris already pointed out, Macs can read Windows formatted iPods and can certainly put songs on them. The roughly 7500 songs on my Dos formatted iPod put their by my Mac proves that.
  Patrick

• AIR on Android can't connect using SSL

  I'm trying to connect to a Java server using SSL, with a signed and trusted certificate, but keep getting InvalidCertificate error.
  Everything is fine with the certificate, but the error happens when connecting through android AIR app.
  Connection works fine when connecting without SSL, but that is not an option.
  What may be wrong?

  More info:
  Renaming the cert8.db didn't change anything.
  I get into these ILO interfaces fairly often and I can say that Firefox had a problem over a year ago (or so) where it would let you in once and then say (IIRC) Invalid Cookie on subsequent attempts. Maybe deleting the cert8.db would fix that. Anyway, an update fixed that issue.
  I just tested with Firefox 17 and it worked fine. Here are screen shots and the .cer file I exported. This is from a different (virgin) server at .93
  https://www.dropbox.com/l/gGYGz2myJnUu9uNoPwsYxd
  (Hope this works -- I'm new to DropBox)
  IE says:
  The security certificate presented by this website was not issued by a trusted certificate authority.
  The security certificate presented by this website was issued for a different website's address.
  I didn't generate the certificate; the come pre-generated by HP. Anyway, I tried re-generating the certificate and I now get this error:
  Secure Connection Failed
  An error occurred during a connection to 10.1.20.91. You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information: Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number. (Error code: sec_error_reused_issuer_and_serial)
  The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
  Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
  I tried to attach the exported certificate, but I seem to only be allowed to upload graphical images.
  IE Key Usage says: Certificate Signing, Off-line CRL Signing, CRL Signing (06)

• Javax.xml.ws.soap.SOAPFaultException: InvalidSecurity : error in processing the WS-Security security header error while invoking FinancialUtilService using HTTP proxy client

  I am trying to invoke FinancialUtilService using HTTP proxy client. I am getting below error while i am trying to invoke this service. Using FusionServiceTester i am able to invoke service and upload file to UCM. Using oracle.ucm.fa_client_11.1.1.jar also i am able to upload file to UCM without any issue. But using HTTP proxy client i am facing below error. Can anyone please help me. PFA code i am using to invoke this service.
  javax.xml.ws.soap.SOAPFaultException: InvalidSecurity : error in processing the WS-Security security header
    at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:197)
    at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:122)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:125)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
    at $Proxy43.uploadFileToUcm(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
    at $Proxy44.uploadFileToUcm(Unknown Source)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:299)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:273)
  Process exited with exit code 0.
  Message was edited by: Oliver Steinmeier
  Removed attachment

  Hi Jani,
  Thanks for your reply.
  I am new to webservices and we are trying to do a POC on invoking FinancialUtilService using HTTP proxy client. I am following steps mentioned in attached pdf section "Invoking FinancialUtil Service using Web Service Proxy Client". I have imported certificate using below command. 
       keytool -import -trustcacerts -file D:\Retek\Certificate.cer -alias client -keystore D:\Retek\default-keystore.jks -storepass welcome1
  Invoking
      SecurityPolicyFeature[] securityFeature =
      new SecurityPolicyFeature[] { new
      SecurityPolicyFeature("oracle/wss11_saml_token_with_message_protection_client_policy")};
      financialUtilService_Service = new FinancialUtilService_Service();
      FinancialUtilService financialUtilService= financialUtilService_Service.getFinancialUtilServiceSoapHttpPort(securityFeature);
      // Get the request context to set the outgoing addressing properties
      WSBindingProvider wsbp = (WSBindingProvider)financialUtilService;
      WSEndpointReference replyTo =
        new WSEndpointReference("https://efops-rel91-patchtest-external-fin.us.oracle.com/finFunShared/FinancialUtilService", WS_ADDR_VER);
      String uuid = "uuid:" + UUID.randomUUID();
      wsbp.setOutboundHeaders( new StringHeader(WS_ADDR_VER.messageIDTag, uuid), replyTo.createHeader(WS_ADDR_VER.replyToTag));
      wsbp.getRequestContext().put(WSBindingProvider.USERNAME_PROPERTY, "fin_user1");
      wsbp.getRequestContext().put(WSBindingProvider.PASSWORD_PROPERTY,  "Welcome1");
      wsbp.getRequestContext().put(ClientConstants.WSSEC_RECIPIENT_KEY_ALIAS,"service");
      wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_LOCATION, "D:/Retek/default-keystore.jks");
      wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_PASSWORD, "welcome1" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_TYPE, "JKS" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_SIG_KEY_ALIAS, "client" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_SIG_KEY_PASSWORD, "password" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_ENC_KEY_ALIAS, "client" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_ENC_KEY_PASSWORD, "password" );
  SEVERE: WSM-00057 The certificate, client, is not retrieved.
  SEVERE: WSM-00137 The encryption certificate, client, is not retrieved due to exception oracle.wsm.security.SecurityException: WSM-00057 : The certificate, client, is not retrieved..
  SEVERE: WSM-00161 Client encryption public certificate is not configured for Async web service client
  SEVERE: WSM-00005 Error in sending the request.
  SEVERE: WSM-07607 Failure in execution of assertion {http://schemas.oracle.com/ws/2006/01/securitypolicy}wss11-saml-with-certificates executor class oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.
  SEVERE: WSM-07602 Failure in WS-Policy Execution due to exception.
  SEVERE: WSM-07501 Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.client, application=null, composite=null, modelObj=FinancialUtilService, policy=oracle/wss11_saml_token_with_message_protection_client_policy, policyVersion=null, assertionName={http://schemas.oracle.com/ws/2006/01/securitypolicy}wss11-saml-with-certificates.
  oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
    at oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.sendRequest(Wss11SamlWithCertsScenarioExecutor.java:173)
    at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:545)
    at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
    at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:608)
    at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:335)
    at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:282)
    at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:102)
    at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:915)
    at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:436)
    at oracle.wsm.agent.handler.WSMEngineInvoker.handleRequest(WSMEngineInvoker.java:393)
    at oracle.wsm.agent.handler.wls.WSMAgentHook.handleRequest(WSMAgentHook.java:239)
    at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:220)
    at weblogic.wsee.jaxws.tubeline.FlowControlTube.processRequest(FlowControlTube.java:98)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
    at com.sun.xml.ws.client.Stub.process(Stub.java:259)
    at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:152)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
    at $Proxy43.uploadFileToUcm(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
    at $Proxy44.uploadFileToUcm(Unknown Source)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:111)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:86)
  Caused by: oracle.wsm.security.SecurityException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
    at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.insertClientEncCertToWSAddressingHeader(Wss11X509TokenProcessor.java:979)
    at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.build(Wss11X509TokenProcessor.java:206)
    at oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.sendRequest(Wss11SamlWithCertsScenarioExecutor.java:164)
    ... 30 more
  Caused by: oracle.wsm.security.SecurityException: WSM-00057 : The certificate, client, is not retrieved.
    at oracle.wsm.security.jps.WsmKeyStore.getJavaCertificate(WsmKeyStore.java:534)
    at oracle.wsm.security.jps.WsmKeyStore.getCryptCert(WsmKeyStore.java:570)
    at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.insertClientEncCertToWSAddressingHeader(Wss11X509TokenProcessor.java:977)
    ... 32 more
  SEVERE: WSMAgentHook: An Exception is thrown: WSM-00161 : Client encryption public certificate is not configured for Async web service client
  File upload failed
  javax.xml.ws.WebServiceException: javax.xml.rpc.JAXRPCException: oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
    at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:231)
    at weblogic.wsee.jaxws.tubeline.FlowControlTube.processRequest(FlowControlTube.java:98)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
    at com.sun.xml.ws.client.Stub.process(Stub.java:259)
    at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:152)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
    at $Proxy43.uploadFileToUcm(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
    at $Proxy44.uploadFileToUcm(Unknown Source)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:111)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:86)
  Caused by: javax.xml.rpc.JAXRPCException: oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
    at oracle.wsm.agent.handler.wls.WSMAgentHook.handleException(WSMAgentHook.java:395)
    at oracle.wsm.agent.handler.wls.WSMAgentHook.handleRequest(WSMAgentHook.java:248)
    at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:220)
    ... 19 more

• How to Use a Certificate for Two Way SSL and another certificate for WS Security Header at Client Console Application(C# Dotnet)

  Hi,
  I want to consume a Java Web service from Dotnet based client Application. The service require one Certificate("abc.PFX") for Two Way SSL purpose and another certificate("xyz.pfx") for WS security purpose to be passed from client Application(Dotnet
  Console based). I tried configuring the App.config of Client application to pass both the certs but getting Error says:
  Could not establish secure channel for SSL/TLS with authority "******aaaa.com"
  Please suggest how to pass both the certs from client Application..

  Hi,
  This problem can be due to an Untrusted certificate. So you need just full permissions to certificates.
  And for more information, you could refer to:
  http://contractnamespace.blogspot.jp/2014/12/could-not-create-secure-channel-fix.html
  Regards

• HTTPS using SOAP and sharing certificates

  Hi Experts,
  We have been able to activate HTTPS port in our PI system and created a scenario with SOAP sender with option -- >> HTTPS without client authentication.
  Now, we generated the URL from sender agreement -- >> https:<host>:<port>:XISOAPAdapter/MessageServlet?........
  When we try to test this from SOAPUI, an error message is received that - Client Certificate is required.
  Now in NWA, under Security - >> SSL, we could find Private key and have uploaded the same in SOAPUI Keystore... But the error persists.
  Just to emphasie we are just using self-generated certificate which is not signed by any CA.
  Now questions or rather confusions:
  1. If PI is hosting a service ( SOAP Sender ), exactly what kind of certificate should be exported and imported into SOAPUI or third party ? Private key PK8, PK12 or simply Certificate ?? Where exactly is the Public key ?
  2. In case third party hosts the service and PI needs to consume it, I assume third party will share their certificates. Will they share public or private key ? Shall we simply upload it in our key store and it will work ?
  3. In case PI and Third Party both are hosting the services so do we need 2 Set of certificates for scenarios to work ? ( One generated at each server ?)
  I have read blogs, discussions but have seen varying opinions and hence wanted to clarify.
  Thanks..
  regards,
  Omkar.

  Please go through this link - HTTP and SSL - SAP NetWeaver Process Integration Security Guide - SAP Library
  "A general prerequisite for using HTTPS in both SAP NetWeaver Application Server (AS) ABAP and Java is that the SAP Cryptographic Library is installed on the AS. In addition, the certificates (for example an X.509 certificate) used must have been issued by a company-internal Certification Authority (CA), or by an external trusted CA such as Thawte, Verisign, or TC Trustcenter."

• HTTP adapter, SSL and wildcard certificate

  Hi,
  I am developing a B2B integration solution using BizTalk Server. The protocol used to communicate with the partner’s server is HTTPS and so it uses SSL.
  The certificate the partner is using to establish SSL connections is provided by GeoTrust but it is a wildcard certificate, issued to *.*.*.company.com
  The server I am trying to contact to is on a domain of the form: a.b.c.company.com (which seems to match the wildcard).
  When I try to open an HTTPS connection to the server (either through Internet Explorer, a .Net Windows Application or BizTalk), the connection cannot be established because the certificate is said to not be trusted. For example, Internet Explorer shows a pop-up message saying that:
  - The certificate is issued from a valid CA
  - The certificate date is valid
  - The name of the certificate is NOT matching the name of the site. This means that the certificate is issued for a domain different that the one we are accessing to. So it seems that the wildcard system is not working for this certificate? Is that possible if they aquire a wrong type of certificate by mistake? or is multipart wildcard certificate (*.*.*) not supported?
  Anyway even if their certificate is not 100% valid, they refuse to change it as their other partners work with that and they won't change to a proper certificate just for us...
  In .Net 2.0 code, it is easy to circumvent any certificate validation by setting the delegate ServicePointManager.ServerCertificateValidationCallback to a callback method with something like:
  ServicePointManager.ServerCertificateValidationCallback = delegate(Object obj, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)  { return true; };
  Nevertheless, I need to achieve this sort of circumvention with BizTalk Server 2006 and I would like to know if anyone ever did that.
  I am aware that I can write my own custom HTTP Adapter but I need this urgently so I thought of asking this forum's community first. Maybe someone as a quicker way than writing a custom adapter such as some "hack" (registry keys, custom class... ) or knows of an existing custom adapter already doing the job.
  Thanks in advance,
  Best regards,
  Francois Malgreve

  The certificate needs to be installed as a explicitly trusted certificate in the store under the computer a/c on the BzTalk machine and then it'll work. Refer
  https://thinkintegration.wordpress.com/2011/12/02/biztalk-https-adapter-and-certificate-configurations/ for the steps.
  Regards.

• Both http and https on struts in tomcat using SSL

  I want to apply both http and https as need, on a single web application on struts. My server is tomcat. I need a complete documentation. Some help me please.

  If you are terminating SSL on ACE then there is no way to do it with one policy because of ssl-proxy command. However it is possible to use same serverfarms with two VIP like this:
  access-list ACL line 10 extended permit ip any any
  rserver host TEST
    ip address 20.20.2.11
    inservice
  serverfarm host TEST
    rserver TEST
      inservice
  ssl-proxy service SSL_SERVER
    key KEY12.PEM
    cert CERT12.PEM
  class-map match-any SSL
    2 match virtual-address 10.10.2.101 tcp eq https
  class-map match-any HTTP
    2 match virtual-address 10.10.2.101 tcp eq http
  policy-map type loadbalance first-match L7_POL
     class class-default
       serverfarm TEST
  policy-map multi-match L7
     class SSL
       loadbalance vip inservice
       loadbalance policy L7_POL
       loadbalance vip icmp-reply
       ssl-proxy server SSL_SERVER
      class HTTP
      loadbalance vip inservice
      loadbalance policy L7_POL
      loadbalance vip icmp-reply
  interface vlan 210
     ip address 10.10.2.1 255.255.255.0
     service-policy input L7
     access-group input ACL
     no shutdown
  interface vlan 220
     ip address 20.20.2.1 255.255.255.0
     no shutdown
  ip route 0.0.0.0 0.0.0.0 10.90.15.1
  However, if you are not doing SSL termination on ACE and you are just doing L4 load-balancing, you will most likely need to configure SSL stickiness, which again leads to having separate policies because of the sticky serverfarms which need separate loadbalance policy lines.