Http client------ XI (via HTTP with SSL),

hi forum,
we have a http client that sends a http erquest to XI, by using sap/xi/adapter_plain
service, i mean plain http adapter
but for scurity reasons i need HTTPS communication,
can u tell me how to enable HTTPS (HTTP with SSL) communiaction in the same scenario,
http client------>XI (via HTTP with SSL)

hi sudeep,
u need to create a comm ch of adapter type http n set the security level there.
refer this for help:
http://help.sap.com/saphelp_nw04/helpdata/en/14/80243b4a66ae0ce10000000a11402f/frameset.htm
[reward if helpful]
regards,
latika.

Similar Messages

Error in scenario "FILE to HTTP(with SSL)" - HTTP client code 110 reason.

Hi friends,
Our scenario is as follows:
We are trying to send XML file from our SAP-XI to external tool "COMMunix XC" (a multi-protocol EDI platform tool).
We have configured " FILE TO HTTP(with SSL)" scenario (trying to connect HTTPS/port)
1. We have created RFC destination of type G and refered the same RFC in Communication channel (Adapter type: HTTP)
2. We have send the SSL Server certificate to other party and ensure that they have imported at thier end.
3. We have included the certificates from other party in our SAP XI STRUST under SSL Client (Standard) node.
4. We have tried " CONNECTION TEST " in the RFC destination created in type G (in STEP 1) and it shows the GREEN TICK at bottom, no other message nor any error message
When we trigger the communication we recieve the error: HTTP client code 110 reason in SXMB_MONI.
Please let us know if we have missed out some step.
What does error message indicate,
Regards,
Rehan

Hi Rehan,
I see that the PROCTIMEOUT was already at a very high value.
Does this occur for messages of a particularly large size? If yes, you could increase the parameter
icm/HTTP/max_request_size_KB = 2097152
This would need to be done in the sender/receiver system as well as XI.
Otherwise you could try reproducing the issue and checking the dev_icm log in the work directory, or go to SMICM -> Goto -> Display trace file
check for errors like NIECONN_REFUSED or "no service for protocol HTTPS" which can often be related to this type of issue.
Kind regards,
Sarah

SOAP Sender with HTTP(with SSL)=HTTPS with Client Authentication config

Hi All,
I have a Web-service-XI-Proxy scenario where we use SOAP Sender Adapter with HTTPs. Double authentication (client- server) sertificate shall be used.
Testing simple HTTP and XI user name/password works fine.
Now I installed requred sertificates in TrustedCA and ssl-provider in VIsualadmin.
But i can't see how i can configure certificates in SOAP sender Adapter. I've just did SOAP receiver for another scenario and there I could give keystore entry.
I also doesn't know how to disable asking for name/password. I am using XI 7.0.
Please advise.
Thanks,
Nataliya

Hi Nataliya,
Go to SOAP Adapter> Inbound Security Checks-> HTTP Security Level--> Here you can specify option "HTTP with Client Authentication.
One more thing HTTP Security level option is always available in Sender Adapter.
For more clarity about HTTPS find below link.
http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/content.htm
To enable the TrustedCA in SOAP Sender adapter. Go SOAP Sender> Security Parameter> Security Profile--> Web Service
security. Then go to sender agreement there you need to give key store entry.

How to pass client IP address via CSS with SSL offload?

Hello,
We use Cisco CSS 11501S to do the SSL offload of web servers in one-armed mode. So we have to SNAT client IP in order to guaranty correct return path via the CSS. In this case web server can see only the IP address of the VIP used for SNAT. If there is a way to pass customer?s IP to the web server - i.e insert customized HTTP HEADER something like HTTP_REMOTEADDRESS:<IP address of the client> - similar to what is possible with BIG IP device for instance?
Second question if there is a way to get from the CSS access log data similar to what we have in Apache access.log file to be used by Webalizer or similar application to analyze web traffic.

Scott,
if you're not doing src nat, the css will spoof the client ip and therefore, there is no need to save the client ip in the http header.
Gilles.

Config Manager 2012 client upgrade (via package with batch commands)

Hello all,
I would like to kindly ask for your help with my question regarding a SCCM 2012 R2 client upgrade (from RTM to R2)
Recently, we have upgraded from RTM version of SCCM2012 to R2 (with the PXE hotfix applied)
During the process, I have choose not to upgrade clients when the SP1 was applied and go straight for the R2, which is not a problem I believe.
My question is regarding the pre-created packages, that are showing up in the console. I believe, that they are the easiest way to upgrade clients via packages in SCCM. (we can't push the installation due network policy)
This hotfix is stored here: \\"FQDN_site_server"\SMS_TSP\hotfix\KB2905002\Client\x64 (in case of x64 version, x86 is the same but x86 in the end)
The executed file from this path is this with this command following:
msiexec.exe /p configmgr2012ac-r2-kb2905002-x64.msp /L*v %TEMP%\configmgr2012ac-r2-kb2905002-x64.msp.LOG /q REINSTALL=ALL REINSTALLMODE=mous
Anyway, when we install the clients when we deploy it for the first on a machine, that has no client or we reinstall it, we do it with help of this batch command:
set curdir=%~dp0
%curdir%ccmsetup.exe SMSSITECODE=TSP /NoCRLCheck /UsePKIcert /forceinstall SMSMP=HTTPS://CML.LTSPRAGUE.CZ CCMHOSTNAME=CML.LTSPRAGUE.CZ
I just need to know, if I can use the prepared package from the console in our case and if it will keep the settings when the package is deployed.
I belive I have found a similar questin here on the forums:
http://social.technet.microsoft.com/Forums/en-US/c9b40687-1843-44c7-b61b-fd26d53ab90b/cumulative-update-3-and-agent-upgrade?forum=configmanagerdeployment
The second answer might the answer I'm looking for, but can you explain that to me like I'm five years old? :)
Please, let me know.
The IT guys from LukOIL

I'm not sure, because of my short time at the company, but there are historical security reasons for setting the push installation off.
Second reason are strict firewall rules used here. SCCM Agent may contact site server through HTTPS - that is a one way communication, so push installation isn't possible.
Don't mix "client push" and "automatic client update". See
http://blogs.technet.com/b/configmgr_geek_speak/archive/2013/09/09/using-configuration-manager-automatic-client-upgrade-to-upgrade-to-the-latest-system-center-endpoint-protection-client.aspx for further details. (And yes, the article talks about SCEP, but
it also tells details about the entire process)
Torsten Meringer | http://www.mssccmfaq.de
Thank you for the article and your, but I find it easier to deploy packages right now.
I have found out, that there is a folder named "ClientUpgrade" in ConfigMgr installation folder.
I used this and made a package out of it. Deployment went fine as well as the installation of the upgrade for the client, but there is a problem now, that I don't see any software in the "Software Center" in "Available Software" - and there should be, since
I have may SW pointed to me and the list was populated before I have done the upgrade to the new version.
This may be a simple problem, but I really don't know what's wrong.
The IT guys from LukOIL

Lync 2013 client deployment via SCCM with silent uninstall of Communicator / Live Meeting / Plugin

Hi
We are rolling out Lync 2013 across our org to many remote sites and are wondering the best approach for this.
We hope to leverage our SCCM, but so far we've only been installing Lync manually in our local test group.
I noticed that when installing Lync, it doesn't remove Communicator, Live Meeting, or the Live Meeting plugin for Outlook though.
Ideally, we would want to be able to push Lync 2013 client (standalone version, not Office 2013 Suite) via SCCM as well as uninstall Communicator 2007 R2, Live Meeting 2007 and Conferencing Add-in for Microsoft Office Outlook, all silently. Whether this
can be done while the user is logged in and using Outlook/Communicator, I am unsure (probably not), so doing this overnight with users logged off but machines on would probably work best.
Is there any documentation / guides from MS or other blog sites that have gone through this same process? From the searching I've done, it doesn't seem to be too common for a large deployment / jump from OCS 2007 to Lync 2013 on-premise.

Hi,
refer to this article it might help
http://social.technet.microsoft.com/Forums/lync/en-US/cf9ca58c-b9e8-465c-afb4-ed3992092f81/lync-2013-client-silent-installation
also did you try using Group Policy?
http://blogs.technet.com/b/mir/archive/2011/06/04/how-to-automate-lync-client-2010-deployment-in-multi-architect-environment-using-active-directory-group-policy.aspx
hope this help
If you find this helpful
please click "Vote as Helpful" if it answered your question please click "Mark as Answer"
Mostafa Eltohamy
Blog: http://Lyncdude.com Twitter:
LinkedIn:
XING:

Certificate Exception - applet client to java server with SSL

Hi,
I'm having some trouble getting SSL working and hope
someone can shed some light. I've been plowing through
these forums for a couple of days - seems lots of folks
have had this problem but I can't find a clear solution.
I've written a server in java. The client is an applet.
This is an internet app so I have no control over
configuring clients. I'm trying to prove SSL communication from the applet to my server. This is
commercial software so the customer would put their own
keys on the machine and resign the applet before deploying.
I've created a keystore with keytool. Then I self-
signed it. Then I signed my applet jarfile. I've even tried exporting the certificate and importing using the java plug-in control panel
(obviously not something I can do in the real world but
just wanted to see if that was it). I start up my server
and navigate to a web page to start the applet. For
development purposes, I'm doing this all on one machine. I'm running jdk 1.4.1_02. We're requiring the
Sun plug-in as our client java VM.
Once the client starts to connect, I get this error in
the plug-in console:
java.security.cert.CertificateException: Couldn't find trusted certificate
On my server, I get:
Wed May 14 16:27:46 EDT 2003 [EXCEPTION]: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
     at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
     at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(DashoA6275)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
     at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
     at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:406)
     at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:446)
     at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:180)
     at java.io.InputStreamReader.read(InputStreamReader.java:167)
     at java.io.BufferedReader.fill(BufferedReader.java:136)
     at java.io.BufferedReader.readLine(BufferedReader.java:299)
     at java.io.BufferedReader.readLine(BufferedReader.java:362)
     at com.pactolus.webBroker.psWebLegClientThread.run(psWebLegClientThread.java:130)
     at java.lang.Thread.run(Thread.java:536)
The client code is pretty simple:
SSLSocketFactory factory = (SSLSocketFactory)
    SSLSocketFactory.getDefault();
tcpSocket = (SSLSocket) factory.createSocket(addr,
                                             iPortNbr);
tcpSocket.setUseClientMode(true);
tcpSocket.startHandshake();followed by a thread kick-off which will listen on the
socket for incoming messages.
The server code is:
SSLContext sslCtxt = SSLContext.getInstance("SSL");
KeyManagerFactory kmf = KeyManagerFactory.getInstance
   ("SunX509");
KeyStore ks = KeyStore.getInstance("JKS");
char[] password = keyPassword.toCharArray();
ks.load(new FileInputStream(keyFile), password);
kmf.init(ks, password);
sslCtxt.init(kmf.getKeyManagers(), null, null);
SSLServerSocketFactory factory =
    sslCtxt.getServerSocketFactory();
secureTCPSocket = (SSLServerSocket)
    factory.createServerSocket(port);
secureTCPSocket.setNeedClientAuth(false);followed by a thread kick-off which will listen for
connections and spin-off other threads to manage each
client socket.
I'm pretty much at my wits end. As I said, seems lots of
folks have had this problem but I haven't yet seen a
firm answer.
If anyone can shed some light on this so I can get my
proof of conecept going, I would really appreciate it -and buy you a couple of beers!
Thanks,
Scott Johnson

Problem resolved! It was the certificate. I can get it working in a test scenario by using the test certs file
provided with the jdk on the client and server sides.
So, does this mean that I MUST use a certificate from
one of the known authorities as delivered with the JDK?
My applet will be used by internet clients. I'm requiring
the sun plug-in. Is it true there is no way to get
a certificate I've created to be presented to the client
so it can choose to add it to it's trusted authorities?
I am required to use, say, a Verisign certificate?
I can get my sample working but only if I place a
jssecacerts (a copy of the samplecacerts) where both the client and server can get at it. In the real world, I can't do that on the client.
Presumably the client will only have the cacerts that was delivered with the Sun plug-in. I'm restricted, then, to using a server key file signed with a certificate from
one of the providers found in the cacerts file? Or, can
I present to the client a certificate which it can
choose to accept as trusted and place in it's cacerts file? Any info would be appreciated - I've already
committed those duke bucks!
Scott
Hi,
I'm having some trouble getting SSL working and hope
someone can shed some light. I've been plowing
through
these forums for a couple of days - seems lots of
folks
have had this problem but I can't find a clear
solution.
I've written a server in java. The client is an
applet.
This is an internet app so I have no control over
configuring clients. I'm trying to prove SSL
communication from the applet to my server. This is
commercial software so the customer would put their
own
keys on the machine and resign the applet before
deploying.
I've created a keystore with keytool. Then I self-
signed it. Then I signed my applet jarfile. I've
even tried exporting the certificate and importing
using the java plug-in control panel
(obviously not something I can do in the real world
but
just wanted to see if that was it). I start up my
server
and navigate to a web page to start the applet. For
development purposes, I'm doing this all on one
machine. I'm running jdk 1.4.1_02. We're requiring
the
Sun plug-in as our client java VM.
Once the client starts to connect, I get this error
in
the plug-in console:
java.security.cert.CertificateException: Couldn't find
trusted certificate
On my server, I get:
Wed May 14 16:27:46 EDT 2003 [EXCEPTION]:
javax.net.ssl.SSLHandshakeException: Received fatal
alert: certificate_unknown
javax.net.ssl.SSLHandshakeException: Received fatal
alert: certificate_unknown
at
com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(Dasho
6275)
at
com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(Dasho
6275)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA627
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA627
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA627
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA627
at
com.sun.net.ssl.internal.ssl.AppInputStream.read(Dasho
6275)
at
sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDec
der.java:406)
at
sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDeco
er.java:446)
at
sun.nio.cs.StreamDecoder.read(StreamDecoder.java:180)
at
java.io.InputStreamReader.read(InputStreamReader.java:
67)
at
java.io.BufferedReader.fill(BufferedReader.java:136)
at
java.io.BufferedReader.readLine(BufferedReader.java:29
at
java.io.BufferedReader.readLine(BufferedReader.java:36
at
com.pactolus.webBroker.psWebLegClientThread.run(psWebL
gClientThread.java:130)
     at java.lang.Thread.run(Thread.java:536)
The client code is pretty simple:
SSLSocketFactory factory = (SSLSocketFactory)
SSLSocketFactory.getDefault();
tcpSocket = (SSLSocket) factory.createSocket(addr,
iPortNbr);
tcpSocket.setUseClientMode(true);
tcpSocket.startHandshake();followed by a thread kick-off which will listen on
the
socket for incoming messages.
The server code is:
SSLContext sslCtxt = SSLContext.getInstance("SSL");
KeyManagerFactory kmf = KeyManagerFactory.getInstance
("SunX509");
KeyStore ks = KeyStore.getInstance("JKS");
char[] password = keyPassword.toCharArray();
ks.load(new FileInputStream(keyFile), password);
kmf.init(ks, password);
sslCtxt.init(kmf.getKeyManagers(), null, null);
SSLServerSocketFactory factory =
sslCtxt.getServerSocketFactory();
secureTCPSocket = (SSLServerSocket)
factory.createServerSocket(port);
secureTCPSocket.setNeedClientAuth(false);followed by a thread kick-off which will listen for
connections and spin-off other threads to manage each
client socket.
I'm pretty much at my wits end. As I said, seems lots
of
folks have had this problem but I haven't yet seen a
firm answer.
If anyone can shed some light on this so I can get my
proof of conecept going, I would really appreciate it
-and buy you a couple of beers!
Thanks,
Scott Johnson

HTTPS with SOAP adapter

Hi
Can someone clarify something for me:
HTTP with SSL without client authentication -> Is the information still encrypted the same way as with certificates? Do I need to set up something on the SAP/XI side when not using certificates?
If information still is encrypted, why are we using HTTPS with client authentication (certificates). What is the advantage of using certificates compared to user authentication?
Thanks. Your're the best!
regards Marianne

Hi,
HTTP with SSL without client authentication -> Is the information still encrypted the same way as with certificates? Do I need to set up something on the SAP/XI side when not using certificates?
-->Encryption is differnt from Certificates, Encryption is done to the data that we are passing and Certificates are used for authentication to particular server,so there is no point that information will be encrypted while using certificates. so even we use certifacates we need to encrypt the data.
If information still is encrypted, why are we using HTTPS with client authentication (certificates).
-->we use HTTPS/SOAP for secure data transfer, client authentication is same for HTTP,HTTPS or SOAP.
What is the advantage of using certificates compared to user authentication?
--->Traditionally, users receive access to resources from an application or system based on their user name and password. You can further augment system security by using digital certificates (instead of user names and passwords) to authenticate and authorize sessions between many server applications and users. Also, you can use Digital Certificate Manager (DCM) to associate a user's certificate with that user's iSeries user profile. The certificate then has the same authorizations and permissions as the associated profile.
A digital certificate acts as an electronic credential and verifies that the person presenting it is truly who she claims to be. In this respect, a certificate is similar to a passport. Both establish an individual's identity, contain a unique number for identification purposes, and have a recognizable issuing authority that verifies the credential as authentic. In the case of a certificate, a Certificate Authority (CA) functions as the trusted, third party that issues the certificate and verifies it as an authentic credential.
For authentication purposes, certificates make use of a public key and a related private key. The issuing CA binds these keys, along with other information about the certificate owner, to the certificate itself for identification purposes.
Regards,
Chirumamilla.sukarna

ICal managed client with SSL

Hi folks,
I already crawled the forum, inet and other sources but I still got no solution nor feasible workaround for a managed client to use iCal with SSL.
My mac mini is on SL server 10.6.7 and I configure iCal in server admin to use SSL on port 8443 with a self-signed certificate.
For address book this approach is working fine unfortunately it doesn't help with iCal.
My managed client is setup after binding to the server with address book on SSL and iCal without SSL on port 8008.
What the heck do I need to configure in order to get my managed clients setup automatically to iCal SSL?
Please help me. I'm really desperate.
Thanks,
Manolo

Can someone provide me with a hint?
Always if I connect my network account to the SL server iCal is setup to use http on port 8008.
thanks

Enabling HTTPS with Client Authentication for Sender SOAP Adapter on PI7.1

Hello All,
We are currently building up a HTTPS message exchange with an external client.
Our PI 7.1 recieved over HTTPS messages on an already configured Sender SOAP Adapter.
The HTTPS (SSL) connectivity works fine and was completely configured on the ABAP Stack at Trust Manager (TC=STRUSTSSO2)
Login to Message Servlet "com.sap.aii.adapter.soap.web.MessageServlet is required and works fine with user ID and password.
Now we have to configure the addtional Client Authentication.
At SOAP Adapter (Sender Communication Channel) under "HTTP Security Level"you are able to configure "HTTPS with Client Authentication".
But what are the next steps to get this scenario successfully in place?
Many thanks in advance!
Jochen

Hi Colleagues,
following Steps still have to be done:
- Mapping public key to technical user at Java Stack
As preparation you have to activate value "ume.logon.allow.cert" with true under "com.sap.security.core.ume.service" under Config Tool. At NWA under Identity Management at for repecively technical user the public key certificate
- Be sure CA root certivicate at Database under STRUSTSSO2
- Import intermediate Certificate under Certificate List at Trast Manager for the Respecive Server Note
- use Login Module "client_cert" which you have to configure under NWA\Configuration Management\Authentication for Components "sap.com/com.sap.aii.adapter.soap.app*XISOAPAdapter".
Many thanks to all for support!
Regards,
Jochen

HTTPS With Client Authentication

Hi,
I've created a simple Web Service in PI 7.11 SP 4 when trying to connect to the Web Service from Soap UI I get the following error:
java.security.AccessControlException: client certificate required
In the the transaction scim the following can be seen:
[Thr 5061] <<- SapSSLSessionInit()==SAP_O_K
[Thr 5061]      in: args = "role=2 (SERVER), auth_type=1 (ASK_CLIENT_CERT)"
[Thr 5061]     out: sssl_hdl = 1117534b0
[Thr 5061] <<- SapSSLSetSessionCredHdl(sssl_hdl=1117534b0)==SAP_O_K
[Thr 5061]      in: sssl_hdl = 1117534b0
[Thr 5061]      in: cred_hdl = 116cfc110
[Thr 5061] NiIBlockMode: set blockmode for hdl 271 TRUE
[Thr 5061]   SSL NI-sock: local=XX.XX.XX.XX:50001 peer=XX.XX.XX.XX:2310
[Thr 5061] <<- SapSSLSetNiHdl(sssl_hdl=1117534b0, ni_hdl=271)==SAP_O_K
[Thr 5061] <<- SapSSLSessionStart(sssl_hdl=1117534b0)==SAP_O_K
[Thr 5061]          status = "resumed SSL session, NO client cert"
The fault is not at the Soap UI end as I've fired the request at a Tomcat server and confirmed that a certificate is sent when requested.
Sender Communication Channel,
Transport Protocol: HTTP,
Message Protocol: Soap 1.1,
Adapter Engine: Central Adepter Engine,
HTTPS with Client Authentication,
Keep Headers
Any ideas?
Kind regards,
John

Hi Peter,
If memory serves we did not find a solution to this problem. I think, and a quick check of the configuration suggests I'm right, that we're handling the HTTPS connection on an IIS box and passing it through to a non encrypted HTTP sender on PI.
It may be that Soap UI is not configured correctly, however when I was getting the 'client certificate required', as mentioned in the original post, I'd confirmed that soap UI was correctly configured by connecting to an alternative Web Service. I also used Wireshark to see whether or not a certificate was being requested, or sent. It's invaluable if you're using Soap UI.
All the best,
John

Does Flex HttpService support https with client authentication

Hi,
We have a set of backend services available over https with client auth (cert based). We need to use mxml HttpService to access these backend services. Does HttpService support ssl with client auth?
Another question is, for Https does flex share the browser keystore and certstore or uses its own?
Thanks,
Debashis

Yes , a flex HTTPService can access services on https://. But if I remember correctly , to use an https:// service , the swf has to be served on an https. Example ,
Served from https:// ... --> Can access https:// ...
Served from https:// ... --> Can acess https:// ...
Served from https:// ... --> CANNOT access https:// ...
Served from https:// ... --> CANNOT access https:// ...
Since Flex has the browser do the connecting , the browser handles the keystore stuff , not Flex. I think.

WCF service fronted with SSL enabled NGINX load balancer shows HTTP based WSDL url instead of HTTPS

Hi,
I have WCF service hosted using IIS 8.5 on application server. And application servers are fronted with NGINX load balancer with SSL enabled. Backend communication protocol between NGINX to application server is http.
When customer visits public domain url (https://xxx.com/service.svc), they can see the WSDL url with http://xxx.com/service.svc?wsdl.
What change should I make so that WSDL url will have https instead of http ?
This is service side configuration.
<system.serviceModel>
<services>
<service name="Service.IService">
<endpoint address="" binding="basicHttpBinding" bindingNamespace="http://xyz.com/Service" name="Service_Endpoint" contract="Service.IService" />
</service>
</services>
<bindings>
<basicHttpBinding />
</bindings>
<client />
<behaviors>
<serviceBehaviors>
<behavior>
<serviceThrottling maxConcurrentCalls="5000" maxConcurrentInstances="2147483647" maxConcurrentSessions="5000" />
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
Thanks in advance !!

Hi,
For this scenario, you could just enable SSL in IIS to get HTTPS endpoints. If your service is exposed at https then you configure the same using “httpsGetEnabled”:
<behaviors>
<serviceBehaviors>
<behavior
name="MyServiceTypeBehaviors"
>
<serviceMetadata
httpGetEnabled="true"
/>
</behavior>
</serviceBehaviors>
</behaviors>
For more information, you could refer to:
http://www.codeproject.com/Articles/327260/What-s-new-in-WCF-Automatic-HTTPS-endpoint-for
http://blogs.msdn.com/b/brajens/archive/2007/04/26/accessing-description-metadata-wsdl-of-wcf-web-service.aspx
Regards

CSM HTTP Redirect with SSL

Problem we are having:
A client opens an HTTPS connection to a CSM with SSL offload to SSL module. The decrypted clear HTTP request hits the IIS server and is redirected (301).
The client gets an HTTP redirect and not an HTTPS redirect.
The reason for the 301 redirect is the IIS server does not have a physical resource but rather a virtual directory so it issues a 301 and adds a /. eg https://www.cisco.com/tech is redirected to https://www.cisco.com/tech/ in a working situation.

look for the urlrewrite command in order to change HTTP into HTTPS.
Regards,
Gilles.

Crystal Reports export and print fails with SSL / https but works with http

Windows 2008 Server, 32-bit (IIS7)
ASP.NET 2.0
Ajax 1.0
Crystal Reports version 10.5.3700.0
http: printing works, export works
https: printing not working, only export to MS Excel and MS Word work.
I am able to generate reports using both http and https, and the toolbar icons are all showing. However, I am unable to print or export properly with SSL.
Printing prompts me with a select printer window, and then a window 'Retrieving Page 1' follow by two messages from Crystal Print Control both stating:
A communication error occured. Printing will be stopped.
Exporting generates various errors depending on which export method is being selected (however Excel and Word work over https).
I've found the same problem on this site and other forums, but never a resolution to get exporting and printing to work with SSL. Will someone please provide me assistance or possibly relay what settings they're using if they have Crystal Reports export or printing working over SSL in IIS7? Everything works fine when I change the address from https to http.
Please let me know if I can help by providing further information. We've gone through a great deal of possible solutions with code and I'm currently looking in to IIS settings again.
Thank you.

Thanks Ludek. I got it by searching KB number.
Unfortunately, it didn’t fix my problem even my IE (IE8 and IE 9) has correct setting. I double check my version. PrintControl.CAB is version 10.2.0.1146. we use VS 2005 Crystal report and VB .NET. It works fine on HTTP. But when we use HTTPS (SSL Certificate from go daddy).
1: Crystal report export
            Export to MS Excel, Word: pop us “File download”, then click “Save”. It says “Internet Explorer cannot download ReportView.aspx from my site. Internet Explorer was not able to open this internet site. the requested site is either unavailable or cannot be found. Please try it again later”
            Export to RPt, Rich text format: It says “Internet Explorer cannot download ReportView.aspx from my site. Internet Explorer was not able to open this internet site. the requested site is either unavailable or cannot be found. Please try it again later”
            Export to PDF : nothing happened.
2: Print:
            Pop up dialog to select printer, click “Print” “. Shows windows “Crystal Report Viewer” and pop us error message box. Title is “Crystal Print Control”. Message is “An communication error occurred. Printing will be stopped”. Click “OK” and pop up error message box again.
Please advise.
Thank you very much!

Http client------ XI (via HTTP with SSL),

Similar Messages

Maybe you are looking for