IPSEC/SSL Connections

I have a ASA 5510, we have both IPSEC and SSL setup on it, the users authenticate to a radius box. We would like to find out if there is a way to block users from using the IPSEC client (except for a certain few) and make everyone else use the SSL which then does a host checker and make sure they are clean before coming inside. Can this be done?
Thanks for the info

Steve,
This is possible - you need to look into the "Cisco Secure Desktop" which will allow you to "check" the machines connecting and based on the results, what they can have access to!
See the below link:-
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008072aa6c.shtml
HTH>

Similar Messages

  • Dual Monitors functionality with SSL connections?

    Hi, I'm configuring a new ASA5510 w/ SSL licensing and a coworker asked me some questions on functionality of remote access. I'm new to the ASA device and have never configured one before.
    Both of these questions are assuming the user is at home and using their personal computer (not a laptop or work computer). If a user successfully creates a SSL connection, I understand it's basically like a remote desktop session to that particular user's desktop.
    Q1: If the work computer is running dual LCD screens, are there any remote desktop options that will allow the home user to do the same or even to switch? Can those settings be saved as if it was a profile?
    Q2: Same situation only the home user would like to print to his personal printer at home.
    Thanks

    Thanks for the responses Farrukh. I'm reading the config example now.
    I'm trying to visualize the step by step process the end user would go through in order to remotely connect.
    With my previous employer, I've used and I'm most familiar with using the ipsec VPN Client. Now, with my new employer I'm tasked with setting up a remote access solution using SSL.
    The new company uses a Sonicwall solution that works like this:
    1. https://vpngateway
    2. user authentication with AD login
    3. CompanyName Virtual Office
    4. there is a pre-configured bookmark (remote access) for only that particular end user's desktop (forces static ip address)
    5. WinXP login prompt
    6. connection completed to end user's desktop with the normal group policies applied
    I've never seen/used a remote access solution like this and was wondering if Cisco's clientless SSL works the same.

  • Cannot access to any site with ssl connection and fail to open safari and keychain, unless restart computer and login in with Guest account.

    when Update to 10.7.2 ,I cannot access to any site with ssl connection and fail to open safari and keychain, unless restart computer and login in with Guest account.
    OS:10.7.2
    Macbook Pro 2010-mid 13inch

    I also have the same problem, however if I use Firefox or Opera sites with ssl connection work fine. Still, I can't use Google Chrome (ssl), Safari (ssl), the Mac app store (generally), or the iTunes store (generally). Both the iTunes store, Safari and the app store won't respond, and Chrome displays this error: (net::ERR_TIMED_OUT). The problem persists regardless of what network I'm using. Also, when trying to access the keychain or iCloud, the process will not start (will hang). I didn't have these problems at all before updating to 10.7.2.
    Sometimes rebooting helps, and sometimes not. If the problem disappears by rebooting, then it only lasts a few minutes before it reappears. It is very frustrating, especially since there doesn't seem to be any obvious or consistent way of which to fix it.
    I'm also using a Macbook Pro 13-inch mid 2010.

  • Weird internet problem / ssl connection error, site loads in safari not in firefox or other way around

    I really can't figure out this problem. Search the internet tried all kinds of things, nothing help so far.
    I have a Macbook Pro (Lion originally installed) running on Mavericks (all latest updates). SSD installed and the DVD tray is replaced by the original HDD.
    The laptop wasn't running very smooth anymore so decided to give it a fresh Mavericks install (even though I know it's not really necessary for mac, it helped, everything is much faster except a weird internet problem came up).
    After freshly installing Mavericks I couldn't get into my google account anymore, just wouldn't load. Tried Safari (use this normally) and Firefox and Chrome, this last was gave a SSL connection error, both Safari and FF said the website couldn't be loaded because the server didn't respond. For Gmail I use Mailplane which is just stuck on a white page. I tried repairing the keychain, repaired disk and disk permissions, cleaned browsers, turned off firewall and antivirus (Shopos) started in safe mode, checked time settings which were all good. Nothing of this helped. I even ended up creating a usb bootdisk for Mavericks, formatted the disk and reinstalled from the start just Mavericks and nothing else, started Safari, still the same problem. As even this didn't help I figured it's not worth reinstalling all software so put back my backup.
    Now I ended up somehow only being able to use Gmail normally in Firefox, Chrome still gives SSL error and Safari can load the inbox, but I can't open any messages. I get the error there is a problem with the connection. If I try in Basic HTML mode it surprisingly does work.
    You would say, just use Firefox, finished...but the thing is that sometimes random websites won't load in Firefox, when I load the same site in Safari it works perfectly.
    O yes, I also tried the connect to my iPhone and use the Cellular data network, then it's no problem using Gmail in Safari normally. You would say it's a router problem, but I have another Macbook Pro (just one model later running Mountain Lion) this one works perfectly with every browser. Also my iPhone does everyting logged into the WiFi network.
    You can understand I really have no clue what's going on here, I don't see any logic. I can only think of a hardware problem in my Macbook, but don't see how that could cause these problems.
    I hope someone is ably to help me ?

    Please read this whole message before doing anything.
    This procedure is a test, not a solution. Don’t be disappointed when you find that nothing has changed after you complete it.
    Step 1
    The purpose of this step is to determine whether the problem is localized to your user account.
    Enable guest logins* and log in as Guest. Don't use the Safari-only “Guest User” login created by “Find My Mac.”
    While logged in as Guest, you won’t have access to any of your documents or settings. Applications will behave as if you were running them for the first time. Don’t be alarmed by this behavior; it’s normal. If you need any passwords or other personal data in order to complete the test, memorize, print, or write them down before you begin.
    Test while logged in as Guest. Same problem?
    After testing, log out of the guest account and, in your own account, disable it if you wish. Any files you created in the guest account will be deleted automatically when you log out of it.
    *Note: If you’ve activated “Find My Mac” or FileVault, then you can’t enable the Guest account. The “Guest User” login created by “Find My Mac” is not the same. Create a new account in which to test, and delete it, including its home folder, after testing.
    Step 2
    The purpose of this step is to determine whether the problem is caused by third-party system modifications that load automatically at startup or login, by a peripheral device, by a font conflict, or by corruption of the file system or of certain system caches.
    Please take this step regardless of the results of Step 1.
    Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards, if applicable. Start up in safe mode and log in to the account with the problem. You must hold down the shift key twice: once when you turn on the computer, and again when you log in.
    Note: If FileVault is enabled, or if a firmware password is set, or if the startup volume is a software RAID, you can’t do this. Ask for further instructions.
    Safe mode is much slower to start up and run than normal, with limited graphics performance, and some things won’t work at all, including sound output and Wi-Fi on certain models. The next normal startup may also be somewhat slow.
    The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.
    Test while in safe mode. Same problem?
    After testing, restart as usual (not in safe mode) and verify that you still have the problem. Post the results of Steps 1 and 2.

  • SSL Connection Configuration between Apache and Weblogic 8,1

    I'm currently using Apache web server as a front end server for Weblogic server 8.1 and now i' facing some configuration problem to setting up the SSL connection between this 2 server. When i open my web application page, it shows
    Failure of Server Apache bridge
    No backend server available for connection: timed out after 10 seconds or idempotent set to OFF.
    and my proxy.log shows:
    Thu Nov 03 09:36:41 2011 <182413202842013> INFO: SSL is configured
    Thu Nov 03 09:36:41 2011 <182413202842013> INFO: SSL configured successfully
    Thu Nov 03 09:36:41 2011 <182413202842013> Using Uri /favicon.ico
    Thu Nov 03 09:36:41 2011 <182413202842013> After trimming path: '/favicon.ico'
    Thu Nov 03 09:36:41 2011 <182413202842013> The final request string is '/favicon.ico'
    Thu Nov 03 09:36:41 2011 <182413202842013> SEARCHING id=[ebwdsk298.ebworx.com:7002] from current ID=[ebwdsk298.ebworx.com:7002]
    Thu Nov 03 09:36:41 2011 <182413202842013> The two ids matched
    Thu Nov 03 09:36:41 2011 <182413202842013> @@@FOUND...id=[ebwdsk298.ebworx.com:7002], server_name=[10.122.50.218], server_port=[80]
    Thu Nov 03 09:36:41 2011 <182413202842013> attempt #0 out of a max of 5
    Thu Nov 03 09:36:41 2011 <182413202842013> general list: trying connect to '10.122.50.48'/7002/7002 at line 2696 for '/favicon.ico'
    Thu Nov 03 09:36:41 2011 <182413202842013> New SSL URL: match = 0 oid = 22
    Thu Nov 03 09:36:41 2011 <182413202842013> Connect returns -1, and error no set to 10035, msg 'Unknown error'
    Thu Nov 03 09:36:41 2011 <182413202842013> EINPROGRESS in connect() - selecting
    Thu Nov 03 09:36:41 2011 <182413202842013> Setting peerID for new SSL connection
    Thu Nov 03 09:36:41 2011 <182413202842013> 0a7a 3230 5a1b 0000 .z20Z...
    Thu Nov 03 09:36:41 2011 <182413202842013> Local Port of the socket is 2121
    Thu Nov 03 09:36:41 2011 <182413202842013> Remote Host 10.122.50.48 Remote Port 7002
    Thu Nov 03 09:36:41 2011 <182413202842013> general list: created a new connection to '10.122.50.48'/7002 for '/favicon.ico', Local port:2121
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Host]=[10.122.50.218]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Connection]=[keep-alive]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept]=[*/*]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[User-Agent]=[Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Encoding]=[gzip,deflate,sdch]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Language]=[en-US,en;q=0.8]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Charset]=[ISO-8859-1,utf-8;q=0.7,*;q=0.3]
    Thu Nov 03 09:36:41 2011 <182413202842013> URL::sendHeaders(): meth='GET' file='/favicon.ico' protocol='HTTP/1.1'
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Host]=[10.122.50.218]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept]=[*/*]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[User-Agent]=[Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Encoding]=[gzip,deflate,sdch]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Language]=[en-US,en;q=0.8]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Charset]=[ISO-8859-1,utf-8;q=0.7,*;q=0.3]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Connection]=[Keep-Alive]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[WL-Proxy-SSL]=[false]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[WL-Proxy-Client-IP]=[10.122.50.48]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Proxy-Client-IP]=[10.122.50.48]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[X-Forwarded-For]=[10.122.50.48]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[X-WebLogic-Force-JVMID]=[unset]
    Thu Nov 03 09:36:41 2011 <182413202841921> INFO: No session match found
    Thu Nov 03 09:36:41 2011 <182413202842013> INFO: No CA was trusted, validation failed
    Thu Nov 03 09:36:41 2011 <182413202841921> INFO: DeleteSessionCallback
    Thu Nov 03 09:36:41 2011 <182413202842013> ERROR: SSLWrite failed
    Thu Nov 03 09:36:41 2011 <182413202842013> SEND failed (ret=-1) at 789 of file ../nsapi/URL.cpp
    Thu Nov 03 09:36:41 2011 <182413202842013> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 790 of ../nsapi/URL.cpp
    Thu Nov 03 09:36:41 2011 <182413202842013> Marking 10.122.50.48:7002 as bad
    Thu Nov 03 09:36:41 2011 <182413202842013> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0,  line 790 of ../nsapi/URL.cpp]: at line 3078
    Thu Nov 03 09:36:41 2011 <182413202842013> INFO: Closing SSL context
    Thu Nov 03 09:36:41 2011 <182413202842013> INFO: Error after SSLClose, socket may already have been closed by peer
    Thu Nov 03 09:36:41 2011 <182413202842013> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
    Can anyone tell me what should i do in order to correct this error? Your help is kindly appreciate!!! Please~

    1) Is the managed server up?
    2) from apache server are you able to bind the managed server port?
    3) can you pls send the weblogic ssl configuration?

  • How to use a key file in the FTP Task using and SSL connection

    In the past I have used this code to set the FTP pass word in an FTP component task in SSIS.
    Does anyone know how to use a Key file in an SSL connection to download a file from an FTP site?  If not can you tell me where I can get the C# code examples to learn how to create a script task or if there is another way in SSIS to download large files
    from an SSL FTP site?  Thank you for any help offered.
    public void Main()
    ConnectionManager FTPConn;
    FTPConn = Dts.Connections["FTPServer"];
    FTPConn.Properties["ServerPassword"].SetValue(FTPConn, Dts.Variables["FTPPassword"].Value);
    Dts.TaskResult = (int)ScriptResults.Success;
    Antonio

    You can use SFTP for this.
    This is a way of implementing SFTP in SSIS using standard tasks 
    http://visakhm.blogspot.in/2012/12/implementing-dynamic-secure-ftp-process.html
    also see
    http://blog.goanywheremft.com/2011/10/20/sftp-ftps-secure-ftp-transfers/
    Please Mark This As Answer if it helps to solve the issue Visakh ---------------------------- http://visakhm.blogspot.com/ https://www.facebook.com/VmBlogs

  • SSL: Connection reset by peer ; Failed to enable crypto error while calling the report using bing API with SOAP client

    Hi,
    I am trying to fetch report using bing API and making a SOAP call for fetching the data. I get the following error:
    [Warning] fopen(): SSL: Connection reset by peer [file] /var/www/sites/psmedia/perfectstormmedia/tools/class/msn_api.class.php [line] 780
    02-04-2015 10:17:41 (BST) : [Warning] fopen(): Failed to enable crypto [file] /var/www/sites/psmedia/perfectstormmedia/tools/class/msn_api.class.php [line] 780
    02-04-2015 10:17:41 (BST) : [Warning] fopen(https://download.api.bingads.microsoft.com/ReportDownload/Download.aspx?q=rzr63XFt5qJduddohoIRyOYAP%2f1%2ftsnhk8L%2bzBmUpdU2CQlcUB98RpY%2bbOaLFFGMqAC4IUUadC%2fNdNnJqeVCY%2f%2bpy6noVsVA%2fMJp47a3Xb1VjABfKhcdKy6vqpgEdcQg%2fQZ7QcEpZ3bEloJjUtGpDquFk53BnkeHEPVWZkDYcsQegRz%2fpG4t4w6gKCCRmhArd6osr6ZU9CMJ3lbxtGXjcQEMPvP2apNyr9P%2fc8niyfWA2aBcm1aEmOLX2KL3aRJ4rz9N7gG7uBslVZH%2b4rUjHdB7CMkbb%2fHyHwvPTqGPbPCHnicefr%2b%2fDP70hlkBEGfyOOswK67%2bl1zh7CyIv%2bcMlaDsuDX1HeFf4uORfD41H1z7):
    failed to open stream: operation failed [file] /var/www/sites/psmedia/perfectstormmedia/tools/class/msn_api.class.php [line] 780
    Whenever I execute my script. Can you please let me know what we can do to solve this issue. The version of PHP we are using is 5.3.3 with open ssl. 

    Hi Shobha,
    I can't confirm what version of PHP you are using, but to err on the side of caution please use the version specified in the sample/SDK:
    PHP 5.4.14 has been installed from PHP.
    Here is our code examples:
    https://msdn.microsoft.com/en-US/library/bing-ads-overview-getting-started-php-with-web-services.aspx
    Thanks,
    Itai

  • I am getting the following error using SQL Plus on Windows "ORA-28865: SSL connection closed"

    I have set up my certificates on client and server and have tested the port using TCP and works fine.  TCPS fails with ORA-28865.  I have attached my trace file which was using level 10
    Please any assistance is appreciated
    (5888) [11-APR-2015 09:36:28:365] nsnainit: NS Connection version: 315
    (5888) [11-APR-2015 09:36:28:365] nsnainit: inf->nsinfflg[0]: 0x41 inf->nsinfflg[1]: 0x41
    (5888) [11-APR-2015 09:36:28:365] nsnainit: "or" info flags: 0x41 Translations follow:
      native service(s) is (are) wanted
    (5888) [11-APR-2015 09:36:28:365] nsnainit: "or" info flags: 0x41 Translations follow:
      native service(s) is (are) wanted
    "and" info flags: 0x41 Translations follow:
      native service(s) is (are) wanted
    (5888) [11-APR-2015 09:36:28:365] snsbitts_ts: acquired the bit
    (5888) [11-APR-2015 09:36:28:365] nsopen: global context check-in (to slot 0) complete
    (5888) [11-APR-2015 09:36:28:365] nsopen: lcl[0]=0xf4ffefff, lcl[1]=0x102000, gbl[0]=0xfabf, gbl[1]=0x1, tdu=2097152, sdu=8192
    (5888) [11-APR-2015 09:36:28:365] nsfull_opn: cid=0, opcode=65, *bl=0, *what=0, uflgs=0x0, cflgs=0x0
    (5888) [11-APR-2015 09:36:28:365] nsfull_opn: nsctx: state=7, flg=0x4001, mvd=0
    (5888) [11-APR-2015 09:36:28:365] nsmal: 168 bytes at 0x214d1a0
    (5888) [11-APR-2015 09:36:28:365] nsmal: 168 bytes at 0x214dbf0
    (5888) [11-APR-2015 09:36:28:365] nsmfr: 239 bytes at 0x20e53a0
    (5888) [11-APR-2015 09:36:28:365] nsdo: cid=0, opcode=67, *bl=238, *what=8, uflgs=0x0, cflgs=0x3
    (5888) [11-APR-2015 09:36:28:365] snsbitts_ts: acquired the bit
    (5888) [11-APR-2015 09:36:28:365] nsdo: rank=64, nsctxrnk=0
    (5888) [11-APR-2015 09:36:28:365] nsdo: nsctx: state=14, flg=0x4005, mvd=0
    (5888) [11-APR-2015 09:36:28:365] nsdo: gtn=10, gtc=10, ptn=10, ptc=8111
    (5888) [11-APR-2015 09:36:28:365] nscon: doing connect handshake...
    (5888) [11-APR-2015 09:36:28:365] nscon: sending NSPTCN packet
    (5888) [11-APR-2015 09:36:28:365] nspsend: plen=70, type=1
    (5888) [11-APR-2015 09:36:28:365] ntzwrite: entry
    (5888) [11-APR-2015 09:36:28:365] nzos_Write: entry
    (5888) [11-APR-2015 09:36:28:365] nttwr: entry
    (5888) [11-APR-2015 09:36:28:365] nttwr: socket 560 had bytes written=99
    (5888) [11-APR-2015 09:36:28:365] nttwr: exit
    (5888) [11-APR-2015 09:36:28:365] nzos_Write: exit
    (5888) [11-APR-2015 09:36:28:365] ntzwrite: exit
    (5888) [11-APR-2015 09:36:28:365] nspsend: 70 bytes to transport
    (5888) [11-APR-2015 09:36:28:365] nscon: sending 238 bytes connect data
    (5888) [11-APR-2015 09:36:28:365] nsdo: cid=0, opcode=67, *bl=238, *what=1, uflgs=0x4002, cflgs=0x0
    (5888) [11-APR-2015 09:36:28:365] nsdo: nsctx: state=2, flg=0x4005, mvd=0
    (5888) [11-APR-2015 09:36:28:365] nsdo: gtn=10, gtc=10, ptn=10, ptc=431
    (5888) [11-APR-2015 09:36:28:365] nsdo: 238 bytes to NS buffer
    (5888) [11-APR-2015 09:36:28:365] nsdofls: DATA flags: 0x0
    (5888) [11-APR-2015 09:36:28:365] nsdofls: sending NSPTDA packet
    (5888) [11-APR-2015 09:36:28:365] nspsend: plen=248, type=6
    (5888) [11-APR-2015 09:36:28:365] ntzwrite: entry
    (5888) [11-APR-2015 09:36:28:365] nzos_Write: entry
    (5888) [11-APR-2015 09:36:28:365] nttwr: entry
    (5888) [11-APR-2015 09:36:28:365] nttwr: socket 560 had bytes written=277
    (5888) [11-APR-2015 09:36:28:365] nttwr: exit
    (5888) [11-APR-2015 09:36:28:365] nzos_Write: exit
    (5888) [11-APR-2015 09:36:28:365] ntzwrite: exit
    (5888) [11-APR-2015 09:36:28:365] nspsend: 248 bytes to transport
    (5888) [11-APR-2015 09:36:28:365] nsdoacts: flushing transport
    (5888) [11-APR-2015 09:36:28:365] ntzcontrol: entry
    (5888) [11-APR-2015 09:36:28:365] ntzcontrol: Command = 4
    (5888) [11-APR-2015 09:36:28:365] ntzcontrol: unknown command 4 - calling underlying protocol adapter
    (5888) [11-APR-2015 09:36:28:365] nttctl: entry
    (5888) [11-APR-2015 09:36:28:365] ntzcontrol: operation is unsupported
    (5888) [11-APR-2015 09:36:28:365] ntzcontrol: exit
    (5888) [11-APR-2015 09:36:28:365] snsbitts_ts: acquired the bit
    (5888) [11-APR-2015 09:36:28:365] nsdo: nsctxrnk=0
    (5888) [11-APR-2015 09:36:28:365] nsdo: cid=0, opcode=68, *bl=2048, *what=9, uflgs=0x0, cflgs=0x3
    (5888) [11-APR-2015 09:36:28:365] snsbitts_ts: acquired the bit
    (5888) [11-APR-2015 09:36:28:365] nsdo: rank=64, nsctxrnk=0
    (5888) [11-APR-2015 09:36:28:365] nsdo: nsctx: state=2, flg=0x4005, mvd=0
    (5888) [11-APR-2015 09:36:28:365] nsdo: gtn=10, gtc=10, ptn=10, ptc=8111
    (5888) [11-APR-2015 09:36:28:380] nscon: recving a packet
    (5888) [11-APR-2015 09:36:28:380] nsprecv: reading from transport...
    (5888) [11-APR-2015 09:36:28:380] ntzread: entry
    (5888) [11-APR-2015 09:36:28:380] ntznzosread: entry
    (5888) [11-APR-2015 09:36:28:380] nzos_Read: entry
    (5888) [11-APR-2015 09:36:28:380] nttrd: entry
    (5888) [11-APR-2015 09:36:28:380] ntt2err: entry
    (5888) [11-APR-2015 09:36:28:380] ntt2err: exit
    (5888) [11-APR-2015 09:36:28:380] nttrd: socket 560 had bytes read=0
    (5888) [11-APR-2015 09:36:28:380] nttrd: exit
    (5888) [11-APR-2015 09:36:28:380] nzos_Read: exit
    (5888) [11-APR-2015 09:36:28:380] ntznzosread: encountered "wouldblock" error
    (5888) [11-APR-2015 09:36:28:380] ntctst: size of NTTEST list is 1 - not calling poll
    (5888) [11-APR-2015 09:36:28:396] nzos_Read: entry
    (5888) [11-APR-2015 09:36:28:396] nttrd: entry
    (5888) [11-APR-2015 09:36:28:396] nttrd: exit
    (5888) [11-APR-2015 09:36:28:396] ntt2err: entry
    (5888) [11-APR-2015 09:36:28:396] ntt2err: Read unexpected EOF ERROR on 560
    (5888) [11-APR-2015 09:36:28:396] ntt2err: exit
    (5888) [11-APR-2015 09:36:28:396] nzos_Read: exit
    (5888) [11-APR-2015 09:36:28:396] ntznzosread: SSL connection closed gracefully.
    (5888) [11-APR-2015 09:36:28:396] ntznzosread: SSL connection terminated normally.
    (5888) [11-APR-2015 09:36:28:396] ntznzosread: returning NZ error 28865 in result structure
    (5888) [11-APR-2015 09:36:28:396] ntznzosread: exit
    (5888) [11-APR-2015 09:36:28:396] nserror: nsres: id=0, op=68, ns=12537, ns2=12560; nt[0]=507, nt[1]=0, nt[2]=0; ora[0]=28865, ora[1]=0, ora[2]=0
    (5888) [11-APR-2015 09:36:28:396] snsbitts_ts: acquired the bit
    (5888) [11-APR-2015 09:36:28:396] nsdo: nsctxrnk=0
    (5888) [11-APR-2015 09:36:28:396] nscall: unexpected response
    (5888) [11-APR-2015 09:36:28:396] nsvntx_dei: entry
    (5888) [11-APR-2015 09:36:28:396] nsvntx_dei: exit
    (5888) [11-APR-2015 09:36:28:396] nstimarmed: no timer allocated
    (5888) [11-APR-2015 09:36:28:396] ntzcontrol: entry
    (5888) [11-APR-2015 09:36:28:396] ntzcontrol: Command = 14
    (5888) [11-APR-2015 09:36:28:396] ntzcontrol: exit
    (5888) [11-APR-2015 09:36:28:396] ntzcontrol: entry
    (5888) [11-APR-2015 09:36:28:396] ntzcontrol: Command = 15
    (5888) [11-APR-2015 09:36:28:396] ntzcontrol: exit
    (5888) [11-APR-2015 09:36:28:396] snsbitts_ts: acquired the bit
    (5888) [11-APR-2015 09:36:28:396] nsfull_cls: cid=0, opcode=65, *bl=0, *what=0, uflgs=0x0, cflgs=0x440
    (5888) [11-APR-2015 09:36:28:396] nsfull_cls: nsctx: state=1, flg=0x4001, mvd=0
    (5888) [11-APR-2015 09:36:28:396] nsclose: closing transport
    (5888) [11-APR-2015 09:36:28:396] ntzdisconnect: entry
    (5888) [11-APR-2015 09:36:28:396] ntzFreeNTZData: entry
    (5888) [11-APR-2015 09:36:28:396] nzos_DestroyCtx: entry
    (5888) [11-APR-2015 09:36:28:396] nzos_DestroyCtx: exit
    (5888) [11-APR-2015 09:36:28:396] ntzFreeNTZData: exit
    (5888) [11-APR-2015 09:36:28:396] nttdisc: entry
    (5888) [11-APR-2015 09:36:28:396] nttdisc: Closed socket 560
    (5888) [11-APR-2015 09:36:28:396] nttdisc: exit
    (5888) [11-APR-2015 09:36:28:396] ntzdisconnect: exit
    (5888) [11-APR-2015 09:36:28:396] snsbitts_ts: acquired the bit
    (5888) [11-APR-2015 09:36:28:396] nsclose: global context check-out (from slot 0) complete
    (5888) [11-APR-2015 09:36:28:396] nadisc: entry
    (5888) [11-APR-2015 09:36:28:396] nacomtm: entry
    (5888) [11-APR-2015 09:36:28:396] nacompd: entry
    (5888) [11-APR-2015 09:36:28:396] nacompd: exit
    (5888) [11-APR-2015 09:36:28:396] nacompd: entry
    (5888) [11-APR-2015 09:36:28:396] nacompd: exit
    (5888) [11-APR-2015 09:36:28:396] nacomtm: exit
    (5888) [11-APR-2015 09:36:28:396] nas_dis: entry
    (5888) [11-APR-2015 09:36:28:396] nas_dis: exit
    (5888) [11-APR-2015 09:36:28:396] nau_dis: entry
    (5888) [11-APR-2015 09:36:28:396] nau_dis: exit
    (5888) [11-APR-2015 09:36:28:396] naeetrm: entry
    (5888) [11-APR-2015 09:36:28:396] naeetrm: exit
    (5888) [11-APR-2015 09:36:28:396] naectrm: entry
    (5888) [11-APR-2015 09:36:28:396] naectrm: exit
    (5888) [11-APR-2015 09:36:28:396] nagbltrm: entry
    (5888) [11-APR-2015 09:36:28:396] nau_gtm: entry
    (5888) [11-APR-2015 09:36:28:396] nau_gtm: exit
    (5888) [11-APR-2015 09:36:28:396] nagbltrm: exit
    (5888) [11-APR-2015 09:36:28:396] nadisc: exit
    (5888) [11-APR-2015 09:36:28:396] snsbitts_ts: acquired the bit
    (5888) [11-APR-2015 09:36:28:396] nsvntx_dei: entry
    (5888) [11-APR-2015 09:36:28:396] nsvntx_dei: exit
    (5888) [11-APR-2015 09:36:28:396] snsbitts_ts: acquired the bit
    (5888) [11-APR-2015 09:36:28:396] nsmfr: 2944 bytes at 0x2152400
    (5888) [11-APR-2015 09:36:28:396] nsmfr: 1880 bytes at 0x2151ca0
    (5888) [11-APR-2015 09:36:28:396] nscall: connecting...
    (5888) [11-APR-2015 09:36:28:396] nladget: entry
    (5888) [11-APR-2015 09:36:28:396] nladget: exit
    (5888) [11-APR-2015 09:36:28:396] nsmfr: 238 bytes at 0x221def0
    (5888) [11-APR-2015 09:36:28:412] nsmfr: 304 bytes at 0x20d8200
    (5888) [11-APR-2015 09:36:28:412] nladtrm: entry
    (5888) [11-APR-2015 09:36:28:412] nladtrm: exit
    (5888) [11-APR-2015 09:36:28:412] nioqper:  error from nscall
    (5888) [11-APR-2015 09:36:28:412] nioqper:    ns main err code: 12537
    (5888) [11-APR-2015 09:36:28:412] nioqper:    ns (2)  err code: 12560
    (5888) [11-APR-2015 09:36:28:412] nioqper:    nt main err code: 507
    (5888) [11-APR-2015 09:36:28:412] nioqper:    nt (2)  err code: 0
    (5888) [11-APR-2015 09:36:28:412] nioqper:    nt OS   err code: 0
    (5888) [11-APR-2015 09:36:28:412] niomapnserror: entry
    (5888) [11-APR-2015 09:36:28:412] niqme: entry
    (5888) [11-APR-2015 09:36:28:412] niqme: reporting ORA-28865 error
    (5888) [11-APR-2015 09:36:28:412] niqme: exit
    (5888) [11-APR-2015 09:36:28:412] niomapnserror: exit
    (5888) [11-APR-2015 09:36:28:412] niotns: Couldn't connect, returning 28865
    (5888) [11-APR-2015 09:36:28:412] niotns: exit
    (5888) [11-APR-2015 09:36:28:412] nsbrfr: nsbfs at 0x214d1a0, data at 0x2225ca0.
    (5888) [11-APR-2015 09:36:28:412] nsbrfr: nsbfs at 0x214dbf0, data at 0x2227d90.
    (5888) [11-APR-2015 09:36:28:412] nsbrfr: nsbfs at 0x214d9e0, data at 0x21531c0.
    (5888) [11-APR-2015 09:36:28:412] nigtrm: Count in the NI global area is now 1
    (5888) [11-APR-2015 09:36:28:412] nigtrm: Count in the NL global area is now 1

    CLIENT SQLNET.ORA
    TRACE_LEVEL_CLIENT = 10
    TRACE_UNIQUE_CLIENT = ON
    TRACE_DIRECTORY_CLIENT = C:\Oracle\app\client\product\12.1.0\client_1\network\trace
    TRACE_FILE_CLIENT = sqlnet_client.trc
    LOG_FILE_CLIENT = sqlnet_client.log
    LOG_DIRECTORY_CLIENT = C:\Oracle\app\client\product\12.1.0\client_1\network\log
    DIAG_ADR_ENABLED = OFF
    TRACE_TIMESTAMP_CLIENT = ON
    SQLNET.AUTHENTICATION_SERVICES = (ALL)
    SQLNET.AUTHENTICATION_REQUIRED = FALSE
    SSL_CLIENT_AUTHENTICATION = FALSE
    WALLET_LOCATION =
      (SOURCE =
        (METHOD = FILE)
        (METHOD_DATA =
          (DIRECTORY = C:\Oracle\app\client\product\12.1.0\client_1\network\wallets)
    ADR_BASE = C:\Oracle\app\client\product\12.1.0\client_1\log
    SERVER SQLNET.ORA
    SQLNET.AUTHENTICATION_SERVICES= (ALL)
    SSL_VERSION = 0
    SSL_CLIENT_AUTHENTICATION = FALSE
    TRACE_UNIQUE_SERVER = ON
    TRACE_DIRECTORY_SERVER = /u01/app/grid/product/12.1.0/12.1.0.2/network/trace
    TRACE_FILE_SERVER = sqlnet_server.trc
    LOG_FILE_SERVER = sqlnet_server.log
    WALLET_LOCATION =
      (SOURCE =
        (METHOD = FILE)
        (METHOD_DATA =
          (DIRECTORY = /u01/app/grid/product/12.1.0/12.1.0.2/owm/wallets/grid)
    LOG_DIRECTORY_SERVER = /u01/app/grid/product/12.1.0/12.1.0.2/network/log
    SQLNET.AUTHENTICATION_REQUIRED = FALSE
    DIAG_ADR_ENABLED = OFF
    TRACE_TIMESTAMP_SERVER = ON

  • FTP/SSL Connection Problem for FTP Receiver Adapter

    Hello All,
    We are trying to establish an FTPS/SSL connection with one of our customers from our XI(Unix) system, and are receive following error:
    <b>iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier</b>
    Communication Channel Parameters:
    Connection Security: FTP (FTP Using SSL/TLS) for Control Connection or FTP (FTP Using SSL/TLS) for Control Connection and Data Connection
    Command Order: AUTH TLS, USER, PASS, PBSZ, PROT
    Checkbox - Use X.509 Certificate.... checked (Certificate was provided by third party (customer issued) and uploaded to service_ssl certificate store on J2EE server)
    Data Connection: Passive
    Port: 10021
    Keystore: service_ssl
    X.509 Certificate & Private Key: ssl-credentials
    Note: Initial handshaking occurs but connection is being dropped by the third party FTP Server when SSL certificate credentials are being validated. We also tried connecting to the third party FTPS server using standard FTPS client(FileZilla software), this connection gets established successfully with no certificate issues which means certificate and third party FTP Server is functioning correctly.
    We therefore are thinking that the problem lies with our XI system being unable to load the certificate information correctly at the point when FTPS session is being established.
    Your help and suggestions will be greatly appreciated.
    Thanks and Best Regards
    Prashant Rajani

    Hello All,
    Further in order to test connection set up and communication channel configuration we tried simulating the FTP connection locally by configuring FTP Server using FileZilla at a local machine and accessed it from Client's XI Server.
    This set up simulates the problem we encounter with our customer's FTP Server.
    If connection security parameter in communication channel for Sender FTP Adapter is set to <b>"FTPs( FTP Using SSL/TLS) with Control Connection" only</b>, file gets successfully created with data at the FTP server but as soon as we switch the connection security parameter to <b>"FTPs( FTP Using SSL/TLS) with Control and Data Connection"</b>, we receive error "Certificate rejected by Chain Verifier". The initial handshaking happens successfully and file gets created at the FTP Server but its empty, connection fails when attempt is made to write data into file and we end up with said error thereby closing the connection.
    This is what the FTP (FileZilla) sees when the XI system attempts to set-up a fully encrypted data  (FTPS) connection i.e., connection security parameter value as<b>"FTPs( FTP Using SSL/TLS) with Control and Data Connection"</b> :-
    - (not logged in) (10.18.106.34)> Connected, sending welcome message...
    - (not logged in) (10.18.106.34)> 220-FileZilla Server version 0.9.18 beta
    - (not logged in) (10.18.106.34)> 220-written by Tim Kosse ([email protected])
    - (not logged in) (10.18.106.34)> 220 Please visit http://sourceforge.net/projects/filezilla/
    - (not logged in) (10.18.106.34)> AUTH TLS
    - (not logged in) (10.18.106.34)> 234 Using authentication type TLS
    - (not logged in) (10.18.106.34)> SSL connection established
    - (not logged in) (10.18.106.34)> USER test
    - (not logged in) (10.18.106.34)> 331 Password required for test
    - (not logged in) (10.18.106.34)> PASS ***********
    - test (10.18.106.34)> 230 Logged on
    - test (10.18.106.34)> PBSZ 0
    - test (10.18.106.34)> 200 PBSZ=0
    - test (10.18.106.34)> PROT P
    - test (10.18.106.34)> 200 Protection level set to P
    - test (10.18.106.34)> SYST
    - test (10.18.106.34)> 215 UNIX emulated by FileZilla
    - test (10.18.106.34)> PWD
    - test (10.18.106.34)> 257 "/" is current directory.
    - test (10.18.106.34)> CWD /payment/
    - test (10.18.106.34)> <b>250 CWD successful. "/payment" is current directory.</b>- test (10.18.106.34)> TYPE I
    - test (10.18.106.34)> 200 Type set to I
    - test (10.18.106.34)> PASV
    - test (10.18.106.34)> <b>227 Entering Passive Mode (10,27,7,103,15,63)</b>- test (10.18.106.34)> STOR BHPDSB20060911-153840-834.txt
    - test (10.18.106.34)> <b>150 Connection accepted</b>
    - test (10.18.106.34)> <b>Data connection SSL warning: SSL3 alert read: fatal: bad certificate</b>
    - test (10.18.106.34)> <b>Data connection SSL warning: SSL_accept: failed in SSLv3 read client certificate A</b>- test (10.18.106.34)> <b>Data connection SSL warning: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate</b>- test (10.18.106.34)> <b>Data connection SSL warning: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure</b>- test (10.18.106.34)> <b>426 Connection closed; transfer aborted.</b>- test (10.18.106.34)> QUIT
    - test (10.18.106.34)> 221 Goodbye
    - test (10.18.106.34)> SSL connection established
    Please suggest your valuable inputs if we are missing out something. Any helpful inputs in this regard is highly appreciated.
    Thanks and Best Regards
    Prashant

  • Testing SSL Connections, differences between ABAP and JAVA stacks

    Hello,
       I am trying to test an outbound SSL connection to a partner.   I already have multiple outbound connections to many partners, but this new one is causing an issue.   Our firewalls between the two sites are opened as required, I verified that I can telnet to the 443 port of their sever.   I then attempted to connect to their URL, via a Java SOAP message, and it is rejected.  Some kind of error regarding our handshake.
       In an attempt to troubleshoot the issue I entered their URL in SM59 as a HTTPS connection, tested it, it worked fine.   Which indicates to me that the ABAP side works fine.
       I do the same on the Java stack, via the SOA Manager: Destinations, and it fails.
    "Error during ping operation: Error while silently connecting org.w3c.www.protocol.http.Http.Eception: Peer sent alert: Alert Fatal: unexpected message"
      I was thinking that maybe the remote partner only allows specific types of SSL version connection, and the Java side is too low.  i.e. the partner only allows TLS v1, and we are attempting to use SSL v2.    Is there a place to set this on the Java side?  I know I can set inbound parameters on ICM via SMICM.
      Any help or assistance would be most appreciated.
    Thanks,
    Michael Montone

    Hi,
    I suggest that you verify if you use the same release of the SAP Cryptolib  for the ABAP and the Java stack.
    This could explain a difference of support for SSL or TLS.
    Regards,
    Olivier

  • Got problem when using SSL connection when using my own web server

    hi all,
    I need to create a SSL connection to a website, i'm using Java 5 so i just append use the following code,
    System.setProperty("https.proxyHost","90.0.0.122");
              System.setProperty("https.proxyPort","3128");
              URL verisign = new URL("https://www.verisign.com");
              //URL verisign = new URL("https://localhost");       
              //URL verisign = new URL("https://90.0.0.30");
              BufferedReader in = new BufferedReader(
                        new InputStreamReader(
                                  verisign.openStream()));
              String inputLine;
              while ((inputLine = in.readLine()) != null)
                   System.out.println(inputLine);
              in.close();
         }Here when i run the program with arg https://www.verisign.com it works fine, when i replace it with https://locahost it shows the follwing error
    Exception in thread "main" java.io.IOException: HTTPS hostname wrong:  should be <localhost>
         at sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java:493)
         at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:418)
         at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
         at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:913)
         at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
         at java.net.URL.openStream(URL.java:1007)
         at URLReader.main(URLReader.java:93)i dono why this happening any can pls help me out to solve the problem

    HI all ,
    I find a solution from the post
    http://forum.java.sun.com/thread.jspa?threadID=521779&start=0
    Thanks

  • Establish SSL connection to Oracle Instance w/JDBC Thin Client

    Hello all,
    I am writing a monitoring utility that will allow me to establish connections to both Oracle instances and LDAP repositories and query them to determine that they are up and running. My utility consists of a number of objects that handle connections to the LDAP and Oracle instances. I need to be able to do SSL and non-SSL connections to said instances.
    My issue is this: I am able to do SSL and non-SSL to LDAP, and non-SSL to an Oracle instance. I am having problems, though, establishing an SSL connection to an Oracle instance (I am using the thin client). Whenever I try, a SQLException is thrown that states: "Encountered a problem with the secret store. Check the wallet location for the presense of an <b>open</b> wallet (cwallet.sso) and ensure that the wallet contains the correct credentials..."
    Ok, a little background for those who may need it. Oracle uses a wallet to hold certs that allow SSL connections. I have a wallet on my box, and, from the command line, I am able to sqlplus into and tnsping the appropriate Oracle instances, so I know it is setup properly. The inability to connect only occurs in my code. My code looks like this:
    DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
    Security.addProvider(new oracle.security.pki.OraclePKIProvider());
    /*Setup connection properties*/
    String connectionString = "testbox01:1000:ssl_instances_name";
    String userName = "userName";
    String pwd = "password";
    Properties props = new Properties();
    props.put("oracle.net.ssl_version", 3.0");
    props.put("oracle.net.wallet_location", "SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=c:\\wallet)))");
    props.put("oracle.net.ssl_cipher_suites", "ssl cipher suites");
    props.put("oracle.net.ssl_server_dn_match", "FALSE");
    props.put("oracle.net.ssl_client_authentication", "true");
    /*Do connection and return connection object
    OracleDataSource ods = new OracleDataSource();
    ods.setUser(userName);
    ods.setPassword(pwd);
    ods.setUrl("jdbc:oracle:thin:@" + connectionString);
    ods.setConnectionProperties(props);
    Connection conn = ods.getConnection(); <---This is where code errors out with SQLException described above.
    return conn;
    And that's pretty much it. Anyone have any ideas?

    Ok, that looked horrible. Let's try this again:<br>
    <br>
    I am writing a monitoring utility that will allow me to establish connections to both Oracle instances and LDAP repositories and query them to determine that they are up and running. My utility consists of a number of objects that handle connections to the LDAP and Oracle instances. I need to be able to do SSL and non-SSL connections to said instances.<br>
    <br>
    My issue is this: I am able to do SSL and non-SSL to LDAP, and non-SSL to an Oracle instance. I am having problems, though, establishing an SSL connection to an Oracle instance. Whenever I try, a SQLException is thrown that states: "Encountered a problem with the secret store. Check the wallet location for the presense of an <b>open</b> wallet (cwallet.sso) and ensure that the wallet contains the correct credentials..."<br>
    <br>
    Ok, a little background for those who may need it. Oracle uses a wallet to hold certs that allow SSL connections. I have a wallet on my box, and, from the command line, I am able to sqlplus into and tnsping the appropriate Oracle instances, so I know it is setup properly. The inability to connect only occurs in my code. My code looks like this:<br>
    <br>
    *****<br>
    <br>
    DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());<br>
    Security.addProvider(new oracle.security.pki.OraclePKIProvider());<br>
    <br>
    /*Setup connection properties*/<br>
    <br>
    String connectionString = "testbox01:1000:ssl_instances_name";<br>
    String userName = "userName";<br>
    String pwd = "password";<br>
    <br>
    Properties props = new Properties();<br>
    props.put("oracle.net.ssl_version", 3.0");<br>
    props.put("oracle.net.wallet_location", "SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=c:\\wallet)))");<br>
    props.put("oracle.net.ssl_cipher_suites", "ssl cipher suites");<br>
    props.put("oracle.net.ssl_server_dn_match", "FALSE");<br>
    props.put("oracle.net.ssl_client_authentication", "true");<br>
    <br>
    /*Do connection and return connection object*/<br>
    OracleDataSource ods = new OracleDataSource();<br>
    ods.setUser(userName);<br>
    ods.setPassword(pwd);<br>
    ods.setUrl("jdbc:oracle:thin:@" + connectionString);<br>
    ods.setConnectionProperties(props);<br>
    <br>
    Connection conn = ods.getConnection(); <---This is where code errors out with SQLException described above.<br>
    <br>
    return conn;<br>
    <br>
    *****<br>
    <br>
    And that's pretty much it. Anyone have any ideas?<br>

  • Limited number of 5 concurrent VPN (ipsec/l2tp) connections to OSX Server

    We've configured OS X 10.6 Server on XServe to accept VPN connections either via PPTP or via IPSEC/L2TP using a PreSharedKey.
    When multiple clients try to connect using IPSec/L2TP, we experience problems as soon as 5 users are connected. No additional ipsec/l2tp connections can be created until one of the 5 existing connections is terminated, but then a new connection can start immediately.
    Sniffing with tcpdump, the following can be seen on the server side:
    09:24:45.349541 IP clientIP.isakmp > serverIP.isakmp: isakmp: phase 1 I ident
    09:24:45.354978 IP serverIP.isakmp > clientIP.isakmp: isakmp: phase 1 R ident
    09:24:45.358233 IP clientIP.isakmp > serverIP.isakmp: isakmp: phase 1 I ident[E]
    09:24:45.365359 IP serverIP.isakmp > clientIP.isakmp: isakmp: phase 1 R ident[E]
    09:24:45.367222 IP clientIP.isakmp > serverIP.isakmp: isakmp: phase 2/others I oakley-quick[E]
    09:24:47.365936 IP clientIP.isakmp > serverIP.isakmp: isakmp: phase 2/others I oakley-quick[E]
    09:24:50.365799 IP clientIP.isakmp > serverIP.isakmp: isakmp: phase 2/others I oakley-quick[E]
    The last lines are repeated several times, until the connection attempt times out.
    When using PPTP connections, we don't experience these problems, and in addition PPTP connections can even be created when 5 ipsec/l2tp connections are already established.
    Does anyone know if there is some kind of limitation for the number of concurrent ipsec/l2tp connections built into OS X server? So far, we have not seen anything like this in the docs.

    Ok, IMAP server almost universally allow multiple connections. Thunderbird as you would have observed uses 5 if they are available. As Airmail suggested, iphones just use more and more until they exhaust the available connections. There is no set maximum option.
    However there are other things that can consume connections and some may surprise you.
    Anti spam tools such as mail washer
    Anti virus programs in their anti spam or anti phishing roles
    Web mail.
    The wife sharing the same account on her laptop.
    That is from the top of my head. So could any of those apply.

  • SSL connection, KeyManager and TrustManager

    Hello everyone,
    I am trying to established an SSL connection to a OC4J Server. The server is correctly configured, as the communications using Internet Explorer goes well.
    I am using JDK 1.3.1_06 with JSSE 1.0.3 and OC4J 9.0.3.
    But now I have a stand-alone java program that sends SOAP messages to the ssl port in the server using JAXM. When I send the message, I received the following exception:
    javax.net.ssl.SSLException: untrusted server cert chain
    The following I tried was to connect using a socket to test the handshacking. I received the same exception.
    I am using a KeyStore dinamically generated with the PKCS12 certificate of the cliente that is requesting the service, and a TrustStore dinamically generated with the CA certificate for both the client and the server. I am also tries to use the default cacerts file with this certificate imported in.
    The KeyManager is initialized in this way:
    ----- KeyManager start -----
    java.security.KeyStore ks = java.security.KeyStore.getInstance
         ("pkcs12", "SunJSSE");
    ks.load(new FileInputStream(file),pass.toCharArray());
    KeyManagerFactory kmf = KeyManagerFactory.getInstance     ("SunX509", "SunJSSE");
    kmf.init(ks, pass.toCharArray());
    KeyManager[] km = (KeyManager[])kmf.getKeyManagers();
    ----- KeyManager end -----
    The TrustManager is initialized in this way:
    ----- TrustManager start -----
    FileInputStream fis = new FileInputStream(file);
    java.io.DataInputStream dis = new java.io.DataInputStream(fis);
    byte[] bytes = new byte[dis.available()];
    dis.readFully(bytes);
    java.io.ByteArrayInputStream bais =
         new java.io.ByteArrayInputStream(bytes);
    java.security.cert.CertificateFactory cf =          java.security.cert.CertificateFactory.getInstance("X.509");
    java.security.cert.X509Certificate caCert =
         (java.security.cert.X509Certificate)
              cf.generateCertificate(bais);
    java.security.KeyStore ksCA =
         java.security.KeyStore.getInstance("pkcs12", "SunJSSE");
    ksCA.load(null, null);
    ksCA.setCertificateEntry("trustedCA", caCert);
    TrustManagerFactory tmf =
         TrustManagerFactory.getInstance("SunX509", "SunJSSE");
    tmf.init(ksCA);
    TrustManager[] tm = (TrustManager[])tmf.getTrustManagers();
    ----- TrustManager end -----
    And finally, this is the way I create the ssl connection:
    ----- main start -----
    // loads the jsse provider
    System.setProperty("java.protocol.handler.pkgs",
         "com.sun.net.ssl.internal.www.protocol");
    java.security.Security.addProvider(
         new com.sun.net.ssl.internal.ssl.Provider());
    // keymanager
    com.sun.net.ssl.KeyManager[] km = getKeyManager(args[0], args[1]);
    // trustmanager
    com.sun.net.ssl.TrustManager[] tm = getTrustManager(args[2]);
    // ssl context configuration
    com.sun.net.ssl.SSLContext ctx =
         com.sun.net.ssl.SSLContext.getInstance("SSL");
    ctx.init(km, tm, null);
    com.sun.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(
         ctx.getSocketFactory());
    // url
    URL url = new URL(
         "https", my_ip
         my_port, a_page,
         new com.sun.net.ssl.internal.www.protocol.https.Handler());
    // connection
    com.sun.net.ssl.HttpsURLConnection conn =
         (com.sun.net.ssl.HttpsURLConnection)url.openConnection();
    conn.connect();
    ----- main end -----
    This is the full exception trace:
    javax.net.ssl.SSLException: untrusted server cert chain
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA6275)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA6275)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA6275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
    at java.io.OutputStream.write(OutputStream.java:56)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
    at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect(DashoA6275)
    at com.sun.net.ssl.internal.www.protocol.https.NetworkClient.openServer(DashoA6275)
    at com.sun.net.ssl.internal.www.protocol.https.HttpClient.l(DashoA6275)
    at com.sun.net.ssl.internal.www.protocol.https.HttpClient.<init>(DashoA6275)
    at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.<init>(DashoA6275)
    at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a(DashoA6275)
    at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a(DashoA6275)
    at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect(DashoA6275)
    at pruebas.SSLClient.main(SSLClient.java)
    Has anyone some idea of what is happening. Thanks in advance,
    Jorge Hidalgo

    hi
    how your client i.e stanadlone application (SOAP client) is getting the server certificates if client doesn't get the server certificate and vice versa then u will get this exception.
    check on both side.
    pras

  • Problems running  SSL connection using JRUN 4.0/JDK 1.4.2

    Hi,
    Our project is to run a SSL connection to FedEx. When we test the connection with WebSphere 5.0 test server, it connected and worked. But, when we tested with our environment (JRUN4), exception thrown:
    The following are the exceptions:
    ===========================
    socket = (SSLSocket)factory.createSocket("gateway.fedex.com", 443);
    causes the error:
    java.net.SocketException: Export restriction: this JSSE implementation is non-pluggable.
    Which implies that we are trying to use a SSL impementation other than Sun's, which is not allowed in JDK 1.4.x. Googleing for similar cases confirms that creating SSL sockets has been problematic for JDK 1.4.x users in particular.
    However, the following code
    SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault();
    System.out.println("Classname: "+factory.getClass().getName());
    produces
    Classname: javax.net.ssl.DefaultSSLSocketFactory
    This seems to imply that we are using the Sun SSL implementation. So I am not sure what could be causing the error. Have any you ever run into this particular problem before and if so what is your recommendation?
    Any idea, thinking is greatly appreciated.
    Thank you.

    I have plenty of HD space (130GB) left, so that's not the problem.
    Actually, the amount of free space is not nearly as relevant to the issue as the % of free space.  If your HD is over about 50% full, especially doing video, there will be performance degradation compared to an HD that is less than about 50% full.  It's the physics of the hard drive.  In addition, if you are working on HD video you can easily need 50-100GB per hour of video for working storage & render files.  And if you render multiple times, FCE is not good at cleaning up old render files, so multiple renders take more & more disk space. The only effective way to clean out old render files is to manually delete them from your FCE  /Render Files folder.  And it's nearly impossible to tell which render files are actually in current use, so you end up having to delete them all and then re-render your entire timeline if you really want to free up disk space.
    To answer your question about upgrading, yes, once you install Snow Leopard you should be able to update to 10.6.8 via Software Update.  That's how I've always done it.
    If your black Macbook is the one I suspect it is, the official max is 4GB RAM but it appears it will work with 6GB.  Overall, the system specs are on the low side for FCE 4
    As for still images, I have generally found sizing them to no more than 2x your video frame size works pretty well.  Larger than that, FCE will be discarding lots of pixels to fit the image into your video frame.   You need to consider the actual pixel dimensions of your image, not the embedded resolution or dpi.  Actual pixel dimensions are what's important.  The larger your jpeg image the more pixels will be discarded, so images that are much larger than your frame size are not advisable.

Maybe you are looking for