Http security/webservice security

Similar Messages

• How to stop HTTP Security warning message in transactional iview

  When I am trying to access ECC through transactional iview then I am getting HTTP security warning message i.e. This page contains both secure and nonsecure items. Do you want to display the nonsecure items?
  I think it is because portal is accessable using HTTPS protocol and when we access ECC then it uses HTTP Protocol.
  Pl help to resolve.

  Hi AshuGrover_in,
  First, welcome on SDN!
  > I think it is because portal is accessable using HTTPS protocol and when we access ECC then it uses HTTP Protocol.
  > Pl help to resolve.
  This might very well be the root cause of the issue, and if it is, you know the resolution - make all systems accessible via https.
  Anyhow, to examine the exact cause creating this message you could use tools like HttpWatch or something similar and record the client accesses to the server. If you originally have a GET to a https address, the first http request caused by the original request will throw this message.
  Theoretically, on client side, you can switch off this message: Search for "switch off http https warning" on google and you will get all possible instructions for the different clients. Anyhow, a clean landscape design with complete https connections is the aim you should have.
  Hope it helps
  Detlev
  PS: On SDN, if something helps, you might reward the answer, check it out.

• JAX-WS support https enabled WebServices

  Hi All,
  Can anyone confirm if JAX-WS WebServices support https enabled WebServices.If it supports can a link be given to generate the WebServices and invoke the secure WebServices from soapUI client.
  Thanks and Regards

  Yes, of course it supports https.
  If the web app listener the web service is deployed in is listening on https, then a client can send the request using https, and it will be handled that way.
  To learn more about it, go to [http://edocs.bea.com/wls/docs103/pdf.html] and read the books in the "Programming" section with titles starting with "WebLogic Web Services" (at the end of the Programming section).

• REG:http to webservice

  Hi ,
  Iam new to XI and had developed a http to webservice scenario.when I send the request through http adapter Ian getting the response as an error
  <SAP:Error><SAP:Category>XIAdapterFramework</SAP:Category><SAP:Code>MESSAGE.GENERAL</SAP:Code><SAP:AdditionalText>com.sap.aii.af.ra.ms.api.DeliveryException: Connection refused: connect</SAP:AdditionalText></SAP:Error>
  Could any one help me out.
  Thanks & Regards,
  Gangadhar.S

  Hi Rao,
              One of the solution could be restart your Java Engine in the Transaction "SMICM"...
  And also test the host wether it is reachable or not in the transaction
  SM49----->Ping--
  >Additinal Parameters (give u r host name here and excute)
  Hope this wil solve u r problem
  Reward with points if helpful
  Regards
  Sai Ganesh

• Https With WebServices In NetWeaver

  hi,
  how to use https instead of http with webservices.
  regards
  Guru

  Hello:
  I just wanted to find out if there is a way directly to integrate Web Services with  BW's front end tools i.e. Bex/ Web, without loading the data in InfoCubes/ODS
  The Requirement is to extract and display data on Bex/Web, from a legacy system using Web services.
  Again we are not planning to load data  in the Info cubes or ODS.
  Any input will be highly appreciated.

• Can only connect to HTTPS (secure) sites and can't connect to HTTP sites

  In short I CAN ONLY connect to HTTPS sites, meaning secure.
  I've narrowed this down to an issue regrading my mac book pro and the wireless router.
  Router:
  - not sure of the make model
  - other computers CAN connect to this router and go online
  My Mac:
  - Mac Book Pro
  - OS X 10.6
  - I can connect to other wireless networks just fine
  - I can surf the web for about 10 minutes or so then it blocks ALL http traffic
  and i'm only allowed to https sites
  going to a http site results in a "page is taking to long to respond"
  please anything?

  The router is a Verizon MI424WR
  hope that helps, but i doubt it will...
  just to also clairfy http sites either go really slow then time out only never to come back, https are blazing fast

• Youtube (https)security certificate issue

  Hi
  I'm using latest firefox version with and recently I'm facing this strange issue ... everytime I try to visit youtube, to be specific, when not logged in on any google accounts .. I can visit http://www.youtube.com but when I try to login, in which case it redirects to https:// and It shows the following error(check image url):
  https://imageshack.com/i/ezbe0c53j
  And if I try to add exception, it shows this screen(check image url):
  https://imageshack.com/i/hj41802cj
  (PS: Couldn't find upload option here so I had to use otherimage hosts)
  Also I tried changing windows time, adding auto time sync from windows site and also tried changing profile, disabling add on and testing and also tried removing cache/cookies from both google.com and youtube.com and so far nothing worked ... I can't seem to access youtube while logged in (https)
  Also its only youtube, no other website shows this security certificate error!
  please provide a solution to this asap, thanks!

  When you click Add Exception, you get a Google error page instead of a pop-up dialog? Or are you saying that after you added the exception, YouTube's home page won't load. That's mildly suspicious...
  If you return to the Add Exception dialog and use the View button, how does the certificate compare with the attached screen shot?

• Flash & https: Security Warning

  Hi,
  We are implementing a small flash site.
  This flash site is placed on a secure server environment (HTTPS)
  when the site is launched it shows up a security warning message saying
  "This webpage contains content that will not be delivered using secure HTTPS connection, which could compromise security of the entire webpage."
  The site accessed elements like xmls/images/swf.
  We have used all the assets using relative path as they are present in the main folder where the index.html resides.
  Can you please guide me as how to resolve this issue and stop the popup coming.
  thanks,
  pravin g

  Hi,
  Thanks for your interest and extremly sorry for my late reply.
  Unfortunately I cannot share the URL.
  But we found that the problem was in the domain implemention side. Due to some confussion some files were kept on http server while some where on https.
  now that we moved evrything on https server it is working fine.
  Greetings,
  pravin g

• Trouble Connecting To *Certain* HTTPS (Secure) Sites

  I hope I get all the relevant info in here b/c, as will become apparent in a moment, it's a bear for me to get on here if I have to log in.
  The problems is this -- I can't get into *certain* secure sites.  I first noticed the problem a few weeks ago when I couldn't check out at Amazon, the log-in page would not come up.  Neither would any page on Amazon that is secure, i.e., requiring the entry of my password.  I can't even talk to customer service to tell them about the problem b/c I can't log in to ask my question!
  The problem has grown.  Most recently I couldn't get into Bank Of America, now I can't get into gmail.  The real kick is I couldn't get in HERE!!  (But I *can* get into my bank account, I *can* get into Chase and I *can* get into Citi, no problems.)
  The problem is occurring on both Safari and Firefox, so it's apparently not a browser issue.
  My ISP is Hughesnet, the satellite ISP.  I suspect it's a Hughes issue, but they have been no help and refuse to acknowledge the problem is theirs.
  Now, how did I get in here and why do I suspect Hughes?  Because I have a back-up dial-up ISP, Juno, and I got in here using Juno and have gotten into all of the other sites I just mentioned using Juno.  Only thing is, Juno takes eons.  I mean EONS.
  As I said, I suspect Hughes.  But, I thought I'd come here and seek help from you guys, I've received excellent and much appreciated help here in the past.  I'm hoping that I'm wrong, that it's not a Hughes problem, and that someone here can suggest a way I can correct w/e is wrong with my settings (if, in fact, it is my settings).
  Like I said, I Hope I got it all in.  I can easily come back to look at replies, but to log in to answer follow-up questions... LOL
  Thanks in advance for your help!

  I'm having this problem as well - and it is indeed very frustrating.  I think it started about two weeks ago (but I've been gone for 10 days during that period).  I couldn’t log in with my passwords to amazon.com, iTunes, or TD Bank.  All were https sites (but other https sites like apple.com worked – go figure)  It does seem to be a "site issue" with Hughes.
  I spent hours talking with senior AppleCare IT folks and Hughes tech support over the weekend. The Hughes person "escalated" my issue to "the highest advanced tech support" at Hughes, and I got a call back today. They said they are starting to hear from other customers, and their Engineers are working on it.  They don't know when it will be fixed.
  At least it does not appear to be a virus, which was my concern.  Hopefully Hughes will resolve this soon (but they are not exactly the best about customer service).  Still, I live in a rural area and the Hughes satellite is better than dial up.
  Hope this helps (at least you know one other person can relate!)

• Http secure-server on 887VA in bridge mode

                    I'm setting up an 887VA to bridge between vlan1 and the atm0 interface. For remote management and to access the https for web management on this device, can I pop one of the 4 fe interfaces into a different vlan to assign it an IP address?
  Not critical, but since you can't assign individual fe interfaces to the bridge group, it would be nice.
  TIA
  Jason

  HI Gilles,
  this is quite confusing as I learnt in a workshop with some Cisco SEs that the CSM is bridging all traffic which is not destined to a VIP if you do bridged mode. I agree with you that you realy need the predictor if you are running secure/routed mode.
  However Chi Wang (I hope that's your forename):
  In regards of your first question:
  I think nothing has to be done to get the reals directly the only thing which has to be ensured it that they are plugged in the correct vlan and reside in that vlan.
  In regards of your second question:
  Have you checked if the routing from the servers to the GW is done correctly (towards a gateway in the Layer3 subnett?)
  Btw are the servers connected in the server vlan?
  Have you done a ping from the MSFC towards the servers?
  have you done a traceroute from the servers to the destination you want to reach? Where does the traceroute stop?
  Some additional questions from my side:
  You set up the CSM in bridged-mode however the reals could be on a different LAyer3 hop? What's your topologiy maybe you can give us a hint of how you config looks like and what's the topology.
  Kind Regards,
  Joerg

• Switching between https secure zone to http domain

  Hi,
  I'd like to know what the best way to link back to a non secure zone http domain from a secure https (worldsecuresystems.com) domain. I've seen a few articles on this subject and tried a few different approaches, but nothing that I've read/tried seems to work completely. I've tried using the full path by adding {module_defaulturl} to links e.g. <a href="{module_defaulturl}/contact.html">Contact</a> and I've tried adding a content holder e.g.<a href='/{module_contentholder name="_Template - Default Domain Host"}/about.html'>About</a>, where the host/path is added to the content holder. I've also tried using the full path hardcoded. All three approaches work for navigating between/from https to http domains, so far so good.
  However, whereas this full path approach works to enable linking within the website, the links no longer work within the Visual Editor (ICE). It appears the ICE will not work with full path links. Does anyone know of a way around this, or know of a better approach to setting up links between https and http domains? I'm thinking of using javascript to add the full path to links when the page loads whilst on a secure domain so that the script doesn't run in the ICE. But is there a better/simpler way?
  Regards, Mark.

  Thanks for the suggestion although getting to the solution requires a subscription to their service. But your suggestion helps because they mention achieving what I want with jquery, so I assume that's the accepted way to go about it. I've already implemented a solution with jquery, I was just trying to see if there was another 'more native' BC way. Cheers

• Https / Security Question

  I made an applet which connects to an https server. I want to ensure that a rogue applet cannot call the servlet the same way my real applet can. If a rogue applet could get in, I would have to write additional code to perform login authentication before executing the remainder of the servlet.
  I was wondering if the login authentication is necessary or not because maybe the HttpsURLConnection is satisfactory enough to prevent unauthenticated calls???
  I have the following code demonstration below.
  APPLET
  import javax.net.ssl.HttpsURLConnection;
  import javax.net.ssl.SSLSession;
  import javax.net.ssl.HostnameVerifier;
  import java.net.URL;
  import java.net.HttpURLConnection;
  import java.io.ObjectOutputStream;
  import java.io.ObjectInputStream;
  import java.util.TreeMap;
  import java.util.Iterator;
  public class AppletTest {
     public final static void main( String[] args ) {
        try {
           final Object[] oArr = new Object[]{"paramForServletA", "paramForServletB"};
     //    final URL url = new URL( "http://localhost/servletPath/MyServlet" );
     //    final HttpURLConnection servletConnection = ( HttpURLConnection ) url.openConnection();
           final URL url = new URL( "https://mySite.com/servletPath/MyServlet" );
           final HttpsURLConnection servletConnection = ( HttpsURLConnection ) url.openConnection();
           servletConnection.setHostnameVerifier(
              new HostnameVerifier() {
                 public boolean verify( final String urlHost, final SSLSession ssls ) {
                   return true;
           servletConnection.setDoInput( true );
           servletConnection.setDoOutput( true );
           servletConnection.setUseCaches( false );
           servletConnection.setDefaultUseCaches( false );
           servletConnection.setRequestProperty( "Content-type", "application/octet-stream" );
           // Read the object to the servlet
           final ObjectOutputStream outputToServlet = new ObjectOutputStream( servletConnection.getOutputStream() );
           outputToServlet.writeObject( oArr );
           outputToServlet.flush();
           outputToServlet.close();
           // Read the input from the servlet.
           final ObjectInputStream inputFromServlet = new ObjectInputStream( servletConnection.getInputStream() );
           final Object result = inputFromServlet.readObject();
           inputFromServlet.close();
           System.out.println( "Data: " +(String)result );
        catch ( Exception e ) {
           System.out.println( "Could not establish Connection : " + e.toString() );
  }SERVLET
  public final class MyServlet extends HttpServlet {
     public void doPost( HttpServletRequest request, HttpServletResponse response ){
       ObjectInputStream inputFromApplet = new ObjectInputStream( request.getInputStream() );
       Object[] args = ( Object[] ) inputFromApplet.readObject();
       //etc...
       ObjectOutputStream outputToApplet = new ObjectOutputStream( response.getOutputStream() );
       outputToApplet.writeObject( data );
       outputToApplet.flush();
       outputToApplet.close();
  }If I call this with a HttpURLConnection I can see the data returned, which is bad since I may be a rogue applet. If I call it with an HttpsURLConnection I get the following message:
  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate foundIs the HttpsUrlConnection good enough, or should additional measures be taken?

  Authentication via HTTPS might involve putting a
  certificate on the client where your applet is
  running.Are you saying a signed applet? Or is this a
  completely different thing?Completely different thing. When you install SSL on your server, you get a certificate from Verisign or somebody else in the trust business, and the idea is that the certificate verifies to your client, via SSL, that your server is really your server and not some other pirate box pretending to be your server.
  Likewise you could install a certificate on your client. That certificate would then verify to you that your client was really your client and not some other pirate box. Client certificates aren't used much, because it's a hassle to create them and get them installed on your client, but they do exist.

• Safari 8 not displaying lock icon for https secured websites

  It seems that Safari 8 (installed with Yosemite) is not showing the lock icon for HTTPS websites.
  I can't find a way to see the security certificates for secure websites.
  I switched the “Show full website address” setting in Safari's Preferences, but nothing happened.
  It's essential having this icon, or any way to tell if the site is secure or not.
  I don't see any other option in the menus or anywhere else in Safari to see a sites certificates.

  I'm not sure if Safari was updated since your question, but today the lock icon is in the address bar right next to the address
  This forum page shows:
  Or, a non-Apple site, like google, just shows a grey lock like this:

• Https, secure browsing, certificates

  In Safari on the iTouch (2.1 software, and presumably the same as iPhone) I can connect to an https site. I can see the little lock icon in the address bar. But how do I know that the certificate has actually been checked and verified?
  In Safari on the Mac, if I click the equivalent lock icon, I can see the certificate. This doesn't work AFAICT on the touch, the lock icon seems to only be a display. I've been trained to check the certificate before trusting the website with passwords tied to money etc.
  I could believe that in this stripped-down version of Safari, they don't have the hooks to view the certificate, and maybe I will just get a warning if it can't be verified, or maybe there won't be a lock icon? But I haven't been able to find that documented anywhere. For all I know, this stripped-down Safari doesn't check certificates at all.
  Can anyone shed any light on this, and if you think you know, point me at some Apple documentation that makes this clear?
  I'd really like to use my touch to access eBay, etc., but not if I can't be sure I'm really on a secure page.

  DaVBMan wrote:
  Try this search out and see if you can find what you are looking for.
  http://www.google.com/search?source=ig&hl=en&rlz=&q=certificatesiphone+safarisite%3Asupport.apple.com%2Fkb
  Thanks, actually it does. Most of this is either Mac/Safari or Enterprise client-side certs I'd previously mentioned, but the first link,
  http://support.apple.com/kb/HT2351
  "About the security content of iPhone v2.0 and iPod touch v2.0"
  probably puts the question to rest.
  +CVE-ID: CVE-2008-1589+
  +Description: When Safari accesses a website that uses a self-signed or invalid certificate, it prompts the user to accept or reject the certificate. If the user presses the menu button while at the prompt, then on the next visit to the site, the certificate is accepted with no prompt. This may lead to the disclosure of sensitive information. This update addresses the issue through improved handling of certificates. ...+
  I think this statement of expected behavior, plus some of the information provided in the other thread I mentioned, pretty much makes clear that it works as expected to check certificates. I'm confident enough that I won't hesitate to access secure sites with my CC while traveling.
  I still maintain there's room for improvement in both the operation (display certificates) and documentation of Mobile Safari wrt https (a patch notification summary for now-obsolete versions of firmware is not how this important info should get communicated to users, IMO). But I won't beat this dead horse any further. My question is answered to my satisfaction.
  Thanks again to all.

• Do Mountain Lion and Safari 6.2.2 support SHA-256 Hash algorithms in HTTPS security certificates?

  I use SalesForce for my client CRM. I've just received a notice informing me that they are upgrading from SHA-1 hash to SHA-256 for increased HTTPS certificate security. Will my current OS X version (Mountain Lion) and Safari version (6.2.2) support this upgrade?

  NEVERMIND! SalesForce provided a test page and I was able to determine that both my Mac and Windows environments and browsers support the upgrade.