Multi SSL connections in one application

In my web application I have two servlets, any of them call different web services. The protocol is HTTPS, so how can I tell them to use different trust and keystores? Or if I should use common keystore, how can I use something like keyAlias to show on any servlet to use different PrivateKey if there is client authentication.
For now my code in every servlet is:
               System.setProperty("javax.net.ssl.keyStoreType", "");
               System.setProperty("javax.net.ssl.keyStore", "");
               System.setProperty("javax.net.ssl.keyStorePassword", "");
               System.setProperty("javax.net.ssl.trustStoreType", "");
               System.setProperty("javax.net.ssl.trustStore", "");
               System.setProperty("javax.net.ssl.trustStorePassword", "");
Ofcourse with appropiate values.
But that works only for the first servlet witch is called.
Please help.

The protocol is HTTPS, so how can I tell them to use different trust and keystores?Why would you want to do that?
Or if I should use common keystore, how can I use something like keyAlias to show on any servlet to use different PrivateKey if there is client authentication.Why?
There is no reason in the world to use different truststores or keystores. All that this PKI does is establish identity. Whether the applications concerned should trust that identity in specific contexts is an application question that can't be resolved via keystores and truststores and different private keys. This is a common misconception. It's not what they are for, it's not what they are designed to do, and you can't use them for that purpose securely.
See [this thread|http://forums.sun.com/thread.jspa?threadID=5388459&tstart=0] for a full discussion.

Similar Messages

Several SSL Connections in one Application

Hi, Im triing to wirte an application that connects to several SSL- servers. When Im writing an application with one connection I set the systemproperties javax.net.ssl.keyStore and password and use the SSLSocketFactory.getDefault().
But now, this doesnt work, heres my testcode:
System.setProperty("javax.net.ssl.keyStore", "c:/keystore1");
System.setProperty("javax.net.ssl.keyStorePassword", "123456");
System.setProperty("javax.net.ssl.trustStore", "c:/keystore1");
System.setProperty("javax.net.ssl.trustStorePassword", "123456");
SSLSocket s = (SSLSocket) SSLSocketFactory.getDefault().createSocket("server1", 1099);
s.startHandshake();
System.out.println("Handshake1 works");
System.setProperty("javax.net.ssl.keyStore", "c:/keystore2");
System.setProperty("javax.net.ssl.keyStorePassword", "tetappl");
System.setProperty("javax.net.ssl.trustStore", "c:/keystore2");
System.setProperty("javax.net.ssl.trustStorePassword", "tetappl");
s = (SSLSocket) SSLSocketFactory.getDefault().createSocket("server2", 636);
s.startHandshake();
System.out.println("Handshake2 works");Of cause, if this worked, I didnt write here. I think I have to create one SocketFactory for each connection, but I dont know how. Please help.
Bye Michael

SSLContext.getInstance().getSocketFactory(). You'll have to make other arrangements instead of the system properties. See SSLContext.init() and work your way down from there to creating your own trust managers. See also the Javadoc Guide to Features/Security/JSSE for how to create trust managers and keystore managers.

FTP/SSL Connection Problem for FTP Receiver Adapter

Hello All,
We are trying to establish an FTPS/SSL connection with one of our customers from our XI(Unix) system, and are receive following error:
iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier
Communication Channel Parameters:
Connection Security: FTP (FTP Using SSL/TLS) for Control Connection or FTP (FTP Using SSL/TLS) for Control Connection and Data Connection
Command Order: AUTH TLS, USER, PASS, PBSZ, PROT
Checkbox - Use X.509 Certificate.... checked (Certificate was provided by third party (customer issued) and uploaded to service_ssl certificate store on J2EE server)
Data Connection: Passive
Port: 10021
Keystore: service_ssl
X.509 Certificate & Private Key: ssl-credentials
Note: Initial handshaking occurs but connection is being dropped by the third party FTP Server when SSL certificate credentials are being validated. We also tried connecting to the third party FTPS server using standard FTPS client(FileZilla software), this connection gets established successfully with no certificate issues which means certificate and third party FTP Server is functioning correctly.
We therefore are thinking that the problem lies with our XI system being unable to load the certificate information correctly at the point when FTPS session is being established.
Your help and suggestions will be greatly appreciated.
Thanks and Best Regards
Prashant Rajani

Hello All,
Further in order to test connection set up and communication channel configuration we tried simulating the FTP connection locally by configuring FTP Server using FileZilla at a local machine and accessed it from Client's XI Server.
This set up simulates the problem we encounter with our customer's FTP Server.
If connection security parameter in communication channel for Sender FTP Adapter is set to "FTPs( FTP Using SSL/TLS) with Control Connection" only, file gets successfully created with data at the FTP server but as soon as we switch the connection security parameter to "FTPs( FTP Using SSL/TLS) with Control and Data Connection", we receive error "Certificate rejected by Chain Verifier". The initial handshaking happens successfully and file gets created at the FTP Server but its empty, connection fails when attempt is made to write data into file and we end up with said error thereby closing the connection.
This is what the FTP (FileZilla) sees when the XI system attempts to set-up a fully encrypted data (FTPS) connection i.e., connection security parameter value as"FTPs( FTP Using SSL/TLS) with Control and Data Connection" :-
- (not logged in) (10.18.106.34)> Connected, sending welcome message...
- (not logged in) (10.18.106.34)> 220-FileZilla Server version 0.9.18 beta
- (not logged in) (10.18.106.34)> 220-written by Tim Kosse ([email protected])
- (not logged in) (10.18.106.34)> 220 Please visit http://sourceforge.net/projects/filezilla/
- (not logged in) (10.18.106.34)> AUTH TLS
- (not logged in) (10.18.106.34)> 234 Using authentication type TLS
- (not logged in) (10.18.106.34)> SSL connection established
- (not logged in) (10.18.106.34)> USER test
- (not logged in) (10.18.106.34)> 331 Password required for test
- (not logged in) (10.18.106.34)> PASS ***********
- test (10.18.106.34)> 230 Logged on
- test (10.18.106.34)> PBSZ 0
- test (10.18.106.34)> 200 PBSZ=0
- test (10.18.106.34)> PROT P
- test (10.18.106.34)> 200 Protection level set to P
- test (10.18.106.34)> SYST
- test (10.18.106.34)> 215 UNIX emulated by FileZilla
- test (10.18.106.34)> PWD
- test (10.18.106.34)> 257 "/" is current directory.
- test (10.18.106.34)> CWD /payment/
- test (10.18.106.34)> 250 CWD successful. "/payment" is current directory.- test (10.18.106.34)> TYPE I
- test (10.18.106.34)> 200 Type set to I
- test (10.18.106.34)> PASV
- test (10.18.106.34)> 227 Entering Passive Mode (10,27,7,103,15,63)- test (10.18.106.34)> STOR BHPDSB20060911-153840-834.txt
- test (10.18.106.34)> 150 Connection accepted
- test (10.18.106.34)> Data connection SSL warning: SSL3 alert read: fatal: bad certificate
- test (10.18.106.34)> Data connection SSL warning: SSL_accept: failed in SSLv3 read client certificate A- test (10.18.106.34)> Data connection SSL warning: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate- test (10.18.106.34)> Data connection SSL warning: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure- test (10.18.106.34)> 426 Connection closed; transfer aborted.- test (10.18.106.34)> QUIT
- test (10.18.106.34)> 221 Goodbye
- test (10.18.106.34)> SSL connection established
Please suggest your valuable inputs if we are missing out something. Any helpful inputs in this regard is highly appreciated.
Thanks and Best Regards
Prashant

Creating a connection pool using Oracle 10g, Sun ONE Application Serve 8.1

Has any one succesfully configured Oracle 10g to work with Sun ONE Application Server 8.1 on Windows 2000 server service pack 4? I am embarking on a new J2EE project and I need to configure it as soon as possible.

I haven't done it myself on that particular service pack, but I don't see why it should be any different than configuring a connection pool on other vanilla win2k/other OSes.
Would you please try and let this forum know?
thanks.

Creating a connection pool using SQL Server 2000, Sun ONE Application Serve

Has any one succesfully configured SQL Server 2000 to work with Sun ONE Application Server 7 on Windows 2000 server service pack 4? I am embarking on a new J2EE project and I need to configure it as soon as possible.
The problem I am having is that, when I ping the data souce name, there is a connection error.
I have set the data source name and other details as follows:
Under JDBC, I have set the parameters for the connection pool as follows:
Data Source Name: com.microsoft.jdbc.sqlserver.SQLServerDriver
Database Name: jdbc:microsoft:sqlserver://localhost:1433;DatabaseName=Test
User: test
Password: test
In the JVM settings page, I have set the prefix class path as follows for the location of the Microsoft JDBC
drivers that I downloaded as follows:
c:\microsoft\drivers/lib/msbase.jar
c:\microsoft\drivers/lib/msutil.jar
c:\microsoft\drivers/lib/mssqlserver.jar
Under JVM Options, there is a strange setting which I don't understand: perhaps this is the cause of the
connction error?
-Djdbc.drivers=com.pointbase.jdbc.jdbcUniversalDriver
Please help????

I'm in a similar boat...
Trying to setup AS7 JDBC and followed the instructions on the link you provided and get the following exception. I kept the case the same, thinking 'setpassword" was incorrect, so I tried changing the property to "Password", but get the same exception but it points to "setPassword" instead.
SEVERE: RAR5041:Cannot get jdbc connection
com.sun.enterprise.repository.J2EEResourceException
java.lang.NoSuchMethodException: setpassword
at com.sun.enterprise.repository.JdbcConnectionPool.createDataSource(JdbcConnectionPool.java:243)
at com.sun.enterprise.resource.JdbcUrlAllocator.createResource(JdbcUrlAllocator.java:80)
at com.sun.enterprise.resource.IASNonSharedResourcePool.createSteadyResources(IASNonSharedResourcePool.java:856)
at com.sun.enterprise.resource.IASNonSharedResourcePool.initPool(IASNonSharedResourcePool.java:416)
at com.sun.enterprise.resource.IASNonSharedResourcePool.internalGetResource(IASNonSharedResourcePool.java:625)
at com.sun.enterprise.resource.IASNonSharedResourcePool.getResource(IASNonSharedResourcePool.java:520)
at com.sun.enterprise.resource.PoolManagerImpl.getResourceFromPool(PoolManagerImpl.java:263)
at com.sun.enterprise.resource.JdbcXAConnection.<init>(JdbcXAConnection.java:74)
at com.sun.enterprise.resource.Jdbc10XaAllocator.createResource(Jdbc10XaAllocator.java:94)
at com.sun.enterprise.resource.IASNonSharedResourcePool.createSteadyResources(IASNonSharedResourcePool.java:856)
at com.sun.enterprise.resource.IASNonSharedResourcePool.initPool(IASNonSharedResourcePool.java:416)
at com.sun.enterprise.resource.IASNonSharedResourcePool.internalGetResource(IASNonSharedResourcePool.java:625)
at com.sun.enterprise.resource.IASNonSharedResourcePool.getResource(IASNonSharedResourcePool.java:520)
at com.sun.enterprise.resource.PoolManagerImpl.getResourceFromPool(PoolManagerImpl.java:263)
at com.sun.enterprise.resource.PoolManagerImpl.getResource(PoolManagerImpl.java:170)
at com.sun.enterprise.resource.JdbcDataSource.internalGetConnection(JdbcDataSource.java:241)
at com.sun.enterprise.resource.JdbcDataSource.getConnection(JdbcDataSource.java:98)
at com.rvi.database.jdbcConnection.getConnection(jdbcConnection.java:93)
at com.webapp.database.ArticlesDAO.selectByYear(ArticlesDAO.java:102)
at com.webapp.actions.ArticleAction.list(ArticleAction.java:96)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:280)
at org.apache.struts.actions.DispatchAction.execute(DispatchAction.java:216)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:720)
at org.apache.catalina.core.StandardWrapperValve.access$000(StandardWrapperValve.java:118)
at org.apache.catalina.core.StandardWrapperValve$1.run(StandardWrapperValve.java:278)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:274)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:505)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:505)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:203)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:505)
at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:157)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:598)

How to host one application using different database connection on OAS?

Hi,
Jdeveloper - 10.1.3.4
Application - ADF/BC
Oracle Application Server - 10.1.3
Above our the specifications for our application,
We have two database schemas different for development and production therfore we have different databse connections for the two,
we have one application which is in production and enhacements on the same application are done by the development team.
Since we have two different schemas for developement and prduction we use different database connections for the application on development and production.
The problem is our Model and View Controller project are same, only the database connection file changes that's why we are able to host only on application at a time on our OAS. This is probably because the URL generated by OAS for developemnt and prodyction application is same.
Is there a way we can host two instances of the same application with two different database connections on the a single OAS.
Thanks & Regards,
Raksha

Use different deployment profiles each with a different context root for your application?
See: http://one-size-doesnt-fit-all.blogspot.com/2009/02/configuring-separate-dev-test-prod-urls.html

Sun One application server connection problem for Oracle DB

On our project in live environments we have six Sun One application servers that have been configured to connect to RAC Oracle database using OCI drivers. ( JDBC thick driver)
Sun one application server : Version 7.0.0
Oracle Database : Version 9.2.0.4.0
Following are two scenarios where Sun one server receives an error while attempting to perform any DML operations onto the database e.g. when you will try to send a insert/update msg through sun One.
Case 1: - If the Oracle package/procedure/function is compiled using �Alter package/function/procedure....� command
problem
Any attempt to perform a DML operation using RMI calls though Sun one application server with already established oracle connection will fail.
Sun One application server needs to be bounced to get an up-to-date state of the package.
Case 2: If the Oracle package/procedure/function is compiled using �Create or Replace package/function/procedure....� command
problem
First attempt to perform any DML operation using RMI calls though Sun one application server with already established oracle connection will always fail. Any subsequent attempts will be successful.
We are using JDBC OCI think drivers. I tried flushing Shared pool at the Oracle side but it didn't help. For some reason Sun One seems to Cache the session information for already establised connections with Oracle database. As its live system we don't want any outage. i.e we know bouncing oracle app server will solve the problem.
So just wondering is there way/workaround to make aware the already estlised connection from sun one appserver to Oracle DB about changed packages/proceduress in the DB?
Any thoughts on this would be much appreciated.
txns
Ravi

Forgot one thing: when I use remote debugging , it works.

How to connect Java Application to ORACLE8i over SSL connection

Hi,
I would like to know how to make an existent Java application connect to an ORACLE8i database over a secure SSL connection?
can I user ResultSets?
Could you please tell me what parameters to set on the database and, especially, what new code must be added for the Java Application so send data over an SSL connection.
Your advice/hints will be greatly appreciated.
Vani

Use usual Oracle' encryption. SSL configuration is a nightmare.
DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
Properties props = new Properties();
try {
props.put("user", "scott");
props.put("password","tiger");
props.put("oracle.net.encryption_client", "REQUIRED");
props.put("oracle.net.encryption_server", "REQUIRED");
props.put("oracle.net.encryption_types_client", "( RC4_56 )");
props.put("oracle.net.encryption_types_server", "( RC4_56 )");
props.put("oracle.net.crypto_checksum_client", "REQUIRED");
props.put("oracle.net.crypto_checksum_server", "REQUIRED");
props.put("oracle.net.crypto_checksum_types_client", "( MD5 )");
props.put("oracle.net.crypto_checksum_types_server", "( MD5 )");
props.put("sqlnet.crypto_seed", "769764576979045769576907");
} catch (Exception e) { e.printStackTrace(); }
Connection conn=DriverManager.getConnection("jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=orcl)(PORT =1521)))(SDU=32767)(CONNECT_DATA=(SERVICE_NAME=orcl)(SID=orcl))", props);
Statement stmt = conn.createStatement ();
ResultSet rset = stmt.executeQuery ("select ENAME from EMP");
while (rset.next ())
System.out.println (rset.getString (1));
rset.close();
stmt.close();
conn.close();

Weird internet problem / ssl connection error, site loads in safari not in firefox or other way around

I really can't figure out this problem. Search the internet tried all kinds of things, nothing help so far.
I have a Macbook Pro (Lion originally installed) running on Mavericks (all latest updates). SSD installed and the DVD tray is replaced by the original HDD.
The laptop wasn't running very smooth anymore so decided to give it a fresh Mavericks install (even though I know it's not really necessary for mac, it helped, everything is much faster except a weird internet problem came up).
After freshly installing Mavericks I couldn't get into my google account anymore, just wouldn't load. Tried Safari (use this normally) and Firefox and Chrome, this last was gave a SSL connection error, both Safari and FF said the website couldn't be loaded because the server didn't respond. For Gmail I use Mailplane which is just stuck on a white page. I tried repairing the keychain, repaired disk and disk permissions, cleaned browsers, turned off firewall and antivirus (Shopos) started in safe mode, checked time settings which were all good. Nothing of this helped. I even ended up creating a usb bootdisk for Mavericks, formatted the disk and reinstalled from the start just Mavericks and nothing else, started Safari, still the same problem. As even this didn't help I figured it's not worth reinstalling all software so put back my backup.
Now I ended up somehow only being able to use Gmail normally in Firefox, Chrome still gives SSL error and Safari can load the inbox, but I can't open any messages. I get the error there is a problem with the connection. If I try in Basic HTML mode it surprisingly does work.
You would say, just use Firefox, finished...but the thing is that sometimes random websites won't load in Firefox, when I load the same site in Safari it works perfectly.
O yes, I also tried the connect to my iPhone and use the Cellular data network, then it's no problem using Gmail in Safari normally. You would say it's a router problem, but I have another Macbook Pro (just one model later running Mountain Lion) this one works perfectly with every browser. Also my iPhone does everyting logged into the WiFi network.
You can understand I really have no clue what's going on here, I don't see any logic. I can only think of a hardware problem in my Macbook, but don't see how that could cause these problems.
I hope someone is ably to help me ?

Please read this whole message before doing anything.
This procedure is a test, not a solution. Don’t be disappointed when you find that nothing has changed after you complete it.
Step 1
The purpose of this step is to determine whether the problem is localized to your user account.
Enable guest logins* and log in as Guest. Don't use the Safari-only “Guest User” login created by “Find My Mac.”
While logged in as Guest, you won’t have access to any of your documents or settings. Applications will behave as if you were running them for the first time. Don’t be alarmed by this behavior; it’s normal. If you need any passwords or other personal data in order to complete the test, memorize, print, or write them down before you begin.
Test while logged in as Guest. Same problem?
After testing, log out of the guest account and, in your own account, disable it if you wish. Any files you created in the guest account will be deleted automatically when you log out of it.
*Note: If you’ve activated “Find My Mac” or FileVault, then you can’t enable the Guest account. The “Guest User” login created by “Find My Mac” is not the same. Create a new account in which to test, and delete it, including its home folder, after testing.
Step 2
The purpose of this step is to determine whether the problem is caused by third-party system modifications that load automatically at startup or login, by a peripheral device, by a font conflict, or by corruption of the file system or of certain system caches.
Please take this step regardless of the results of Step 1.
Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards, if applicable. Start up in safe mode and log in to the account with the problem. You must hold down the shift key twice: once when you turn on the computer, and again when you log in.
Note: If FileVault is enabled, or if a firmware password is set, or if the startup volume is a software RAID, you can’t do this. Ask for further instructions.
Safe mode is much slower to start up and run than normal, with limited graphics performance, and some things won’t work at all, including sound output and Wi-Fi on certain models. The next normal startup may also be somewhat slow.
The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.
Test while in safe mode. Same problem?
After testing, restart as usual (not in safe mode) and verify that you still have the problem. Post the results of Steps 1 and 2.

Multi PS3's on one network unable to use applicati...

Multi PS3's on one network unable to use application sharing on all only one.
Can this be changed or is the a fix for it? Plz help i wannaa be able to play on the ps3 with my bro and sis.

disabe the firewall in the hub and you should be able to connect your ps3's without needing app sharing

Running ssl client from multiple applications fails in Sap j2ee engine

There are two applications making ssl connections to third party.
At a time only one application is able to make connection while other
throws error message "No trusted certificate found".
Currently we have two j2ee applications running in SAP j2ee server. Both applications makes ssl connection to third party servers. Lets call first application as A1 and second application as A2.
A1 is an internet shopping application . It makes ssl connection to third party services at two places . One is while fetching the shipping charges from UPS site.
Code Snippet:
java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.getProperties().put("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
String lo_url = new URL("https://wwwcie.ups.com/ups.app/xml/Rate");
lo_connection = (URLConnection) lo_url.openConnection();
At other place A1 connects to cybersource service using webservice +ssl for credit card authentication using cybersource API. It uses certificate in p12 format.
Code Snippet:
com.cybersource.ws.client.axis.soap.RequestMessage lo_requestMessage = new com.cybersource.ws.client.axis.soap.RequestMessage();
Properties lo_cybsProperties = new Properties();
lo_cybsProperties.setProperty("merchantId","arvato");
lo_cybsProperties.setProperty("merchantRefCode","1234")
lo_requestMessage.setMerchantID( "arvato");
lo_requestMessage.setMerchantReferenceCode( "1234" );
lo_cybsProperties.setProperty("cybersourceURL","https://ics2wstest.ic3.com/commerce/1.x/transactionProcessor");
lo_cybsProperties.setProperty("keysDir", "./WEB-INF/config");
lo_requestMessage.setBillTo(setBillToAddress(po_mdsBillingAddress) );
// add ship to address
lo_requestMessage.setShipTo(setShipToAddress(po_mdsShiToAddress));
lo_requestMessage.setPurchaseTotals( setPurchaseTotal() );
//set cc details
lo_requestMessage.setCard( setCardDetails(po_mdsCreditCard) );
Set Items and total tax calculation
lo_replyMessage = com.cybersource.ws.client.axis.soap.Client.runTransaction( lo_requestMessage, lo_cybsProperties );
A2 Application
This application connects to Motorola secured web service to fetch details of mobile hand set. It uses keystore to create ssl connection with Motorola webservice.
Code Snippet
try {
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
 return new java.security.cert.X509Certificate[0];
 public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
} catch (Exception e) {
e.printStackTrace();
System.setProperty("javax.net.ssl.trustStore","SapWSM.keystore");
System.setProperty("javax.net.ssl.trustStorePassword","xxxx");
System.setProperty("javax.net.ssl.keyStore","SapWSM.keystore");
System.setProperty("javax.net.ssl.keyStorePassword","xxxx");
Problem Cases :
Case 1
Step 1 : Server starts
Step 2 : User access A1 first
Step3: A1 Connects to UPS using https (It is able to connect)
Step4: A1 connects to cybersource using webservice+ssl (It is able to connect)
Step 5: Another user access A2
Step6: A2 tries connection to Motorola webservice over ssl
Result connectivity fails with description "No trusted certificate found".
Case2
Step 1 : Server starts
Step 2 : User access A2 first
Step3: A2 tries connection to Motorola webservice over ssl (It is able to connect)
Step 5: Another user access A1
Step6: A1 connects to cybersource using webservice+ssl
Result connectivity fails with description "No trusted certificate found".
Case3
Step 1 : Server starts
Step 2 : User access A2 first
Step3: A2 tries connection to Motorola webservice over ssl (It is able to connect)
Step 5: Another user access A1
Step6: A1 connects to UPS using ssl
Result connectivity fails with description "No trusted certificate found".

Hi Please answer my query it is really 
urgen
t and we are not able to run both the applications in same server

SSL connections blocking worker threads on DS 5.2 patch 4

Hi,
Is it normal for an idle SSL connection to consume a worker thread within the directory server?
We have recently enabled SSL on a number of our directory servers (5.2 patch 4) and have run into problems with the server hanging. We have a number of application servers, each opening a pool of connections to the servers via JNDI. It seems that once 30 SSL connections have been established to a give LDAP server, the server will hang. By hang I mean the server is accepting TCP connections, but not responding to LDAP requests.
The server can deal with a lot more than 30 non-ssl connections. I'm guessing that SSL connections need to maintain state, which is what is tying up the worker threads.
Is this normal, and is it docuemented anywhere? Currently I'm looking at terminating the SSL connections on a load balancer in front of the LDAP servers, or perhaps on an LDAP proxy. Any other suggestions as to how this is typically dealt with?
thanks,
R

Thank you Gautam.
On further testing yesterday, we discovered that the problem is just as you have described. Our application servers are opening an initial pool of five connections, but typically only using one of those connections. The one connection the server uses to make an LDAP request behaves 'normally', not tying up a thread on the LDAP server. The other four sit there blocking a thread each, until eventually we hit the nsslapd-threadnumber.
Based on that discovery, we're having the application changed so that its initial LDAP connection pool size is one, which appears to address the problem. That way connections are only established and added to the pool as they are required, resulting in well behaved connections to the LDAP server.
Thanks for the quick reply... The Sunsolve note is helpful, as is the info about the nsslapd-ioblocktimeout parameter.
kind regards,
R

Create outgoing SSL connections in WebLogic 4.5.1 using JSSE

Hi,
Does anyone know how to create outgoing SSL connections from a WLS 4.5.1 using
JSSE.
I've implemented an application using JSSE for POSTing data to an HTTPS server
that requires client authentication and it worked fine. But when used inside the
WebLogic server it doesn't work, because the WLS SSL classes are used instead
of the JSSE ones. It returns a "java.io.IOException: Alert: fatal handshake_failure".
If the ssl.enable property is set to false probably it will work, but I need it
set to true. Does anyone a way to solve this problem?
Thanks in advance.

Hi,
I also need to do the same in weblogic 5.1 (sp8). I know
it is not possible with JSSE, but how do I achieve with
weblogic implementation of Https? I am getting "Non
supported cipher requested" error. How do I remove this message. It will be
of great help if someone can list
down the configuration step in weblogic. I am trying
to find it in weblogic documentation but no success so far.
Thanks in advance for your help!
- Rishi
"Jerry" <[email protected]> wrote in message
news:[email protected]..
Hi Nuno,
I don't think that you can use JSSE to make outgoing SSL connections inWLS 4.5.1 because
of the many conflicts between JSSE and the WLS SSL classes
In versions of 5.1 (such as sp9 and up), and also 6.0 and 6.1, BEA gotrid of these
conflicts to make the use of JSSE possible with WebLogic to do outgoingSSL.
In 4.5.1, I believe you are out of luck.
Joe Jerry
Nuno Carvalho wrote:
Hi,
Does anyone know how to create outgoing SSL connections from a WLS 4.5.1
using
JSSE.
I've implemented an application using JSSE for POSTing data to an HTTPSserver
that requires client authentication and it worked fine. But when usedinside the
WebLogic server it doesn't work, because the WLS SSL classes are usedinstead
of the JSSE ones. It returns a "java.io.IOException: Alert: fatalhandshake_failure".
If the ssl.enable property is set to false probably it will work, but Ineed it
set to true. Does anyone a way to solve this problem?
Thanks in advance.

Mac Mini Ethernet SSL connection issues

Hi,
Up until recently I have been using my Late 2012 Mac mini with a WiFi connection. Recently though I've had reason to switch to a Gigabit Ethernet connection (short version, moved from UK to Canada, living with in-laws and they have a crappy wireless router that can't hold a stable connection for more than a few hours).
However, I'm getting a really odd Ethernet network issue where my mac will "corrupt" SSL connections. This normally manifests itself in web pages not fully downloading, images becoming corrupted, or errors when downloading files. The last one is particularly hurting as I have been doing some heavy downloading of DMG files and other installers, all of which are a 100% guaranteed fail with DMG files reporting as being corrupted if I try to open them.
I have also lost my time machine backup as OSX has reported that this has failed verification and needs to be created new; I accepted creating a new one (reluctantly) and the backup now fails to complete every time it runs - either the wireless cuts out or the SSL connection corrupts the backup.
I have a 16-port GigE Switch (Netgear GS116) with a number of computers and the home modem plugged into this.
I've tried the following to look at this:
I've tried (and tested) a number of different Cat5e and Cat6 cables. These all work fine with other Windows / Linux machines and according to my cable tester all check out. 100% of the cables I own produce the error leading me to believe that it's not a cable problem.
Problem occurs even if the switch is bypassed and the mac plugged directly into the modem.
Problem does not occur (for web pages and small downloads) when plugged into wireless - this is just sloooow and as the router seems to develop issues with DNS over WiFi, I have to reset it every few hours so long term downloads fail.
I found an article (which I have now lost the URL for) where someone suffered intermittent network issues with Ethernet that they resolved by un-checking the "Enable automatic connection" on the 802.1X page of the network settings. This appeared to help for a couple of days and I enjoyed fast Ethernet and downloads once more. However, today the problem is back in force.
I am able to download files from a windows machine (well, except for downloads via the App store) and then transfer them over the network to the mini with no problems at all - the corruption issue only seems to occur when SSL is involved.
So I'm wondering what it could be and how I would go about diagnosing the issue. I'm more familiar with Windows / Linux systems, having not owned a Mac since the days of System 7 - the mini was bought so I could play with learning XCode and try my hand at Mac software development.
Thanks in advance,
~MrBasset.
Machine specs:
Late 2012 Mac Mini running OXS Mavericks 10.9.3
2.5Ghz Intel Core i5
16GB Ram

Launch the Console application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Console in the icon grid.
The title of the Console window should be All Messages. If it isn't, select
SYSTEM LOG QUERIES ▹ All Messages
from the log list on the left. If you don't see that list, select
View ▹ Show Log List
from the menu bar at the top of the screen.Click the Clear Display icon in the toolbar. Then try the action that you're having trouble with again. Select any messages that appear in the Console window. Copy them to the Clipboard by pressing the key combination command-C. Paste into a reply to this message by pressing command-V.
The log contains a vast amount of information, almost all of which is irrelevant to solving any particular problem. When posting a log extract, be selective. A few dozen lines are almost always more than enough.
Please don't indiscriminately dump thousands of lines from the log into this discussion.
Please don't post screenshots of log messages—post the text.
Some private information, such as your name, may appear in the log. Anonymize before posting.

Permanent SSL connection in background (own poll/push service)

Hello
I’m new here and I will first say hello! I'm 46 years old and I am from Germany. I work as an software developer since 1993 and I know, my English isn't the best ;-)!
Now to my questions:
I have written a client Server application which is a secure and real time (< 5 sec) alert system. At the moment the clients can be a PC (Windows, Linux or Mac) or an Android Smartphone.
The App’s have all a permanent SSL connection to the server.
So, if one client send an alert, the server can send this alert to all specified clients which are online.
Also the server can send alerts to specified client, if the count of online clients is under a specified number.
So my customers have a very high security, that in case of a fault, very fast enough employers received the alert!
Now it is on me, to create an I-Phone APP witch work as a client on this system.
I read now many documents, how can I set up a permanent SSL connection in the I-Phone APP as a background task and if I understand it right, than this is not possible.
For that functionality the Apple push service is normally used, but in case of my application there is a problem, because an Apple push notification has no guaranty about the running time.
As far as I read multitasking background function are not for network activity’s (without the APS)
Have someone an idea how can I solve my problem?
Thanks Aki

Hi etresoft,
thanks again, I'm happy that I found here so fast help.
Have you any link to a dokument, how does IOS support keep alive in a multitasking background task, I didn't find anything (maybe I searche with the wrong words)?
The main reason, why I can't use the Apple push notification service is, that then my server dosen't know, who is online and receiveable!
The second is, that I can't start die APP direct, when the IPhone is in look modus (in Android the APP has is own look screen and speak the mesage after the alert sound!).
And the third, that I dosen't know (have a garrenty), how long the message need to be displayed on the phone.
That this application drain battery is clear! On Android it is tolerable (round about 10% more or instead of 30h, 27h battery live time on my device).
For my customer 20h battery livetime, will be enought, because the divices are recharged every night.
Regards Aki

Multi SSL connections in one application

Similar Messages

Maybe you are looking for