Non SSL website on port 443
Hi, I have a non-SSL website running on port 443. When I access this website using Chrome or IE it works just fine, but Firefox can't seem to accept what I have done. All browsers on the same machine and using the same web proxy.
I access the website as http://xyz:443.
Just a bit of background info as to why I need this. Where I work I can only access ports 443 and 80 via the web proxy. I have two distinct websites running on a couple of devices at home behind a very config-wise limited router which has ports 80 and 443 redirected to these hosts. There is no way for me to setup two port forward rules on port 80 to two different devices. I cannot setup SSL on either of the websites.
Regardless of options that could exist to overcome my particular issue, I would like to check if you guys know how to make Firefox work with a website running on port 443 whilst not having a certificate assigned to it.
Firefox 32.0.3
Error message:
The connection was reset
The connection to the server was reset while the page was loading.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer's network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
What type of ssl are you running? [https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/]
You can somehow remove the Strict-Transport-Security header or if there is a feature that forced encryption but by default https uses 443 for encryption. I do not know if this is possible.
Similar Messages
-
How to Direct open Website link to https: ( port 443)
In my web server i host website on port 443 using SSl certificate. when my user try to access this website they nee to put manually address like https://siteneme..? how to open this website direct without type https
You can configure a redirection from http to https so that when the user types www.contoso.com it will get redirected to https://www.contoso.com.
You can do that on your load balancer if you are using one or on the Website configuration.
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Get Active Directory User Last Logon
Create an Active Directory test domain similar to the production one
Management of test accounts in an Active Directory production domain - Part I
Management of test accounts in an Active Directory production domain - Part II
Management of test accounts in an Active Directory production domain - Part III
Reset Active Directory user password -
Bulk changing all websites from SSL to non-SSL (443 to 80)
While I was cleaning up my Mountain Lion Server, I innocently updated some SSL server certificates.
Shortly afterwards, I found that ALL my HTTP (80) sites didn't work. I went into the Server.app and found that ALL my sites were now using port 443, rather than the port 80 that they were running on.
Since I have over 100 sites, I need to know how to BULK update them back by removing the certificate they were assigned when I updated that specific cert.
How did I update the certificate? I was looking at the Alerts section of the Server.app, that told me that some were expiring. There was a Replace button and that's what I clicked. I was never warned that it would change ALL my sites from having NO certificate to the certification that I replaced.
Any ideas on how to resolve this issue quickly, without having to open up EACH site and change the certification to NONE (and thus changing the port back to 80)?There's no bulk update via the GUI [1], which leaves shutting off Server.app and mass-editing the Apache data.
For a bulk change of 443 to 80, something like this should get you started.
FWIW, Do also confirm whether the port 80 sites are still around in the configuration data, as some web browsers are now selecting 443 whenever that's available.
[1] Yes, I'm probably ignoring scripting via AppleScript here. If I have to script something, it'll be the Apache data and not the GUI, and using bash, Python or other such and likely not AppleScript. Local preference. -
Custom sig: Non-SSL over SSL port
I am trying to build a custom signature for detecting non-SSL traffic on a specific SSL port (let's say tcp/443). This has to do with CONNECT tunnels through an HTTP proxy. Conceptually, it's not a complicated idea. Whether or not it can technically be done effectively with the Cisco IPS I don't know.
It seems that very early in every SSL connection, there is an SSL "client hello" message(SYN,SYN/ACK,ACK,CLIENT HELLO). There are two relevant record formats, SSLv2 and SSLv2/TLS. I would like to create a signature that fires when it DOES NOT see the client hello message very early in a given TCP session. I would want the signature to only need to check the very first n packets of any given TCP session (n = max size of connection establishment + max size of client hello packet). Has anyone created such a beast or willing to help? Here are a couple packets.
SSLv3 Client Hello
0000 00 00 5e 00 01 67 00 a0 8e 82 ec 5d 08 00 45 00 ..^..g.....]..E.
0010 00 8e 33 b8 40 00 3e 06 94 16 ce c3 c3 6c 40 22 ..3.@.>......l@"
0020 a2 49 58 27 01 bb b7 42 c6 92 fd 36 a3 d1 50 18 .IX'...B...6..P.
0030 44 70 08 e2 00 00 16 03 00 00 61 01 00 00 5d 03 Dp........a...].
0040 00 44 5f 9a 77 69 49 5a 85 52 a0 96 38 b3 b4 15 .D_.wiIZ.R..8...
0050 8f db f2 0f c9 0e ea 10 f5 69 39 8c 58 87 e5 33 .........i9.X..3
0060 70 20 ba 06 1e 3f d4 4e 3c d0 de a8 ea 4e a3 7f p ...?.N<....N..
0070 0f 07 fd 5f 88 07 17 ef 50 ce 6b cf 10 e3 84 99 ..._....P.k.....
0080 04 a2 00 16 00 04 00 05 00 0a 00 09 00 64 00 62 .............d.b
0090 00 03 00 06 00 13 00 12 00 63 01 00 .........c..
TLSv1 Client Hello
0000 00 0f 20 6c 99 8b 00 a0 8e 82 c4 c1 08 00 45 00 .. l..........E.
0010 00 96 a2 89 40 00 7f 06 32 b3 ce c3 c2 29 ce c3 [email protected]....)..
0020 c6 74 0d 13 01 bb 38 17 d5 89 98 0f fc 73 50 18 .t....8......sP.
0030 44 70 6c 75 00 00 16 03 01 00 69 01 00 00 65 03 Dplu......i...e.
0040 01 44 5f 9a 84 8a 94 ab f3 78 e7 b1 c9 ca 04 34 .D_......x.....4
0050 3b 95 1b 86 51 05 5f ac 9d a0 b0 69 fe 0c 27 e5 ;...Q._....i..'.
0060 9c 20 78 08 00 00 ce c3 c2 29 58 58 58 58 58 58 . x......)XXXXXX
0070 58 58 58 58 58 58 58 58 58 58 48 9a 5f 44 8c 4b XXXXXXXXXXH._D.K
0080 05 00 00 1e 00 04 00 05 00 2f 00 33 00 32 00 0a ........./.3.2..
0090 00 16 00 13 00 09 00 15 00 12 00 03 00 08 00 14 ................
00a0 00 11 01 00 ....
SSLv2 Client Hello
0000 00 00 5e 00 01 67 00 a0 8e 82 ec 5d 08 00 45 00 ..^..g.....]..E.
0010 00 82 fb a7 40 00 3e 06 cf 32 ce c3 c3 6c 9f 35 ....@.>..2...l.5
0020 40 36 58 6d 01 bb b7 78 06 1b cd e2 e2 3d 80 18 @6Xm...x.....=..
0030 44 70 47 6b 00 00 01 01 08 0a 31 fd f9 51 00 00 DpGk......1..Q..
0040 00 00 80 4c 01 03 00 00 33 00 00 00 10 00 00 04 ...L....3.......
0050 00 00 05 00 00 0a 01 00 80 07 00 c0 03 00 80 00 ................
0060 00 09 06 00 40 00 00 64 00 00 62 00 00 03 00 00 [email protected].....
0070 06 02 00 80 04 00 80 00 00 13 00 00 12 00 00 63 ...............c
0080 7b af 57 75 f8 a9 72 54 23 29 32 50 bf ef 1e a9 {.Wu..rT#)2P....Hi mhellman:
I can see 3 difficulties with this kind of sign.
1) To determine the order of the packets.
2) To determine that happen at the very begining of the conection
3) fire when the traffic doesn't match with the signature.
The difficulty number 3, I think, is imposible to resolve because the sensor can compare the trafic with a well defined pattern and fire when it match, but not when it doen't.
The difficult number 2
You need a kind of state signature because this can be classified like a machine state (first three way handshake, then hello packet) but I can't see fields in the state engine that help in this case.
The difficult number 1 could be resolved by a Meta signature.
You will need to create an a custom atomic signature for the syn packet, another for the syn ack, another to ack, and the last one for hellow packet.
Then create a meta signature and add the fourth atomic singatures whith a strict order.
but guess what...
Meta signature doesn't permit custom signatures.
I think this kind of signature is imposible to write.
But I'd try.
Regards
Alberto Giorgi from spain. -
Non-root user can't start Apache on port 443
Today I've been attempting to get SSL working for my Oracle Applications 11i (11.5.10.2) installation and I just hit a small problem. I've followed all of the Oracle literature I've come across, which instructed me to create a new (non-root) user to own the database tier and the applications tier. I've also followed the instructions for configuring SSL ([Doc 123718.1|https://metalink2.oracle.com/metalink/plsql/f?p=130:14:6976756808231635106::::p14_database_id,p14_docid,p14_show_header,p14_show_help,p14_black_frame,p14_font:NOT,123718.1,1,1,1,helvetica]) and the SSL wizard in OAM defaults to the standard HTTPS port (443). However, because 443 is a privileged port, a non-root user cannot bind to it. In other words, the Oracle literature itself has led me to an impossible situation. This is what I see in the Apache error log:
[Fri May 15 15:05:03 2009] [crit] (13)Permission denied: make_sock: could not bind to port 443
At this point, I see two choices:
1. Run the application tier services as root.
2. Change the SSL port to something greater than 1024 (i.e. 4443).
I'm leaning towards option #2, since option #1 negates the advantage of using a non-root user to begin with. Does anyone have any other suggestions? Does Oracle have any recommendations for this scenario?Hi,
You just need to start Apache as root (not all the application services). For Option 1, the application tier files should be owned by applmgr/oracle user (not root), and for Option 2, you do not need to change the port (though it is valid option). Just follow the steps in the following document.
Note: 356080.1 - How to run Apache on Port 80 in Apps 11i
https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=356080.1
BTW, this is mentioned in the document "if you have chosen port 443 (or any port under 1024) for your SSL port, you will have to start Apache as root".
Regards,
Hussein -
BM 3.8 sp5, Open Enterprise 6.5 SP6 - SSL - listening port 443 - Craig
advised to change to port 444 because it conflicts with Apache on the
server. Do my users need to type :444 when they authenticate or is this
change will be transparent to them? Also, one of our NetAdmins indicates
we are not running Apache...
Please provide me with more info. on this issue.
Thank you in advance for your helpIs wrote:
> BM 3.8 sp5, Open Enterprise 6.5 SP6 - SSL - listening port 443 - Craig
> advised to change to port 444 because it conflicts with Apache on the
> server. Do my users need to type :444 when they authenticate or is this
> change will be transparent to them?
I assume you're referring to proxy authentication, where the user enters
credentials in the browser to gain access to the proxy. In this case the
BM server automatically redirects users to the port 444 URL... they
don't type it in. Thus, the port the proxy listens on for SSL
*authentication* requests doesn't matter much, as long as it doesn't
conflict with other services running on the server.
Jim
Support Sysop -
Error with default SSL port (443) on Solaris
Hi all
I would like to config default SSL port 443 on Solaris but I found this error. What is the problem?
I use WebLogic 8.1 sp3
SSL port : 443
Unable to create a server socket on Channel Default for port: 443. java.net.BindException: Permission denied Perhaps another process is using port 443
I dont sure about permission. How can I do?Oh I can use root start weblogic and I can use 443 port, but when I use other users. I can't use 443 port
-
How do i temporarily disable TLS/SSL port 443 going to server on CSS
We are having issues with truncating packets that go through the CSS
I did a capture after the CSS and there is truncation............however i cant read it before the since everything is encrypted.
They hit vip address 172.20.120.16. on the CSS and get redirected to 2 servers depening on what the url says
They server team would like to turn it off just to test..i tried removing
"add service ARR-public-ssl" from the contetn below and we lost http and https to the server
so in essence i want to try and turn the 443 connection to a port 80---than it goes to port 7777 backend to 172.20.212.6
content BYE-WEB-SSL
vip address 172.20.120.16
protocol tcp
port 443
advanced-balance ssl
application ssl
add service ARR-public-ssl
active
ssl-server 40
ssl-server 40 rsacert byetest
ssl-server 40 vip address 172.20.120.16
ssl-server 40 cipher rsa-with-rc4-128-sha 172.20.120.17 80
ssl-server 40 cipher rsa-with-rc4-128-md5 172.20.120.17 80
ssl-server 40 urlrewrite 1 *
ssl-server 40 cipher rsa-with-3des-ede-cbc-sha 172.20.120.17 80
ssl-server 40 rsakey byekey
backend-server 50
backend-server 50 type initiation
backend-server 50 server-ip 69.xxx.xxx.xxx
backend-server 50 ip address 69.xxx.181.xxx
backend-server 50 rsacert byetest
backend-server 50 rsakey byekey
active
!************************** SERVICE **************************
service TIE-SSLINIT
protocol tcp
ip address 69.xxx.xxx.xxx
keepalive type tcp
keepalive port 443
slot 2
type ssl-init
add ssl-proxy-list HR-SSL
active
owner PublicBYE
content BYE-WEB-ARRR
vip address 172.20.120.17
protocol tcp
port 80
url "/arr*"
advanced-balance arrowpoint-cookie
balance aca
arpt-lct http-100-reinsert
add service BYE-ods-web1
active
content BY-WEB-TIX
protocol tcp
port 80
url "/tix*"
advanced-balance arrowpoint-cookie
balance aca
arpt-lct http-100-reinsert
add service BYE-ods-web2
vip address 172.20.120.17
active
content BYE-WEB-TIX-CLEARTEXT
add service TIX-SSLINIT
vip address 172.20.120.19
protocol tcp
port 80
active
content BYE-WEB-Nav
vip address 172.20.120.17
protocol tcp
port 80
url "/na*"
balance aca
arpt-lct http-100-reinsert
add service BYE-ods-web1
active
content BYE-WEB-SSL
vip address 172.20.120.16
protocol tcp
port 443
advanced-balance ssl
application ssl
add service ARR-public-ssl
active
service BYE-ds-web1-ssl
ip address 172.20.212.5
port 443
keepalive type ssl
active
service BYE-ds-web2
ip address 172.20.212.6
port 7777
keepalive port 7777
keepalive type tcp
active
service BYE-ds-web2
ip address 172.20.212.6
port 7777
keepalive port 7777
keepalive type tcp
active
service BYEos-web2-ssl
ip address 172.20.212.6
port 443
keepalive type ssl
activeCSS11506# sh ver
Version: sg0810205 (08.10.2.05)
Flash (Locked): 08.10.1.06
Flash (Operational): 08.10.2.05
Type: PRIMARY
Licensed Cmd Set(s): Standard Feature Set
Secure Management
Yeah..if done a packet trace before it hits the CSS and after......the only issue is that everything is engrypted before it hits the LB so i cant really read anythign....i did a pacet trace after the LB and on the Server itself its seems we get this
I thought i saw some bug info from cisco but i cant tell if its related
CSCsx05640—When you configure the CSS for a Layer 5 (L5) content rule and it receives an HTTP method POST with the HTTP header in one packet that is quickly followed by many packets of POST data or payload, it could fail to deliver all the data to the back-end server. The CSS Flow Manager (FM) application could incorrectly handle the POST and the data packet as a spanned content request and could cause the data to be mishandled. Workaround: Use less than 1-Gb connections in the network; a 100-Mb link does not exhibit this issue.
As you can see after the content-length..........nothing comes across........sometimes addtional stuff will come in ...but usually nothing
Is there a bug related to this on the CSS?
POST /TIXX/DocumentRepository_Service HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/soap+xml;charset=UTF-8;action="urn:ihe:iti:2007:ProvideAndRegisterDocumentSet-b"
User-Agent: Jakarta Commons-HttpClient/3.1
Host: www.xxxxxxxxxxxx.net
Content-Length: 9044 -
IP Virtual Host w/SSL serving on port 80 and 443
We have an OS 10.3.8 system and we've configured several virtual hosts using the system admin panel. One IP has several hosts on it. We have a seperate IP with one virtual host on it since it is running SSL. I have it configured for port 443 and I have all the security certificates installed OK. The site operates correctly over HTTPs. If I try to access it with standard HTTP I get a service not available error (which makes sense since server admin sets the config files to port 443 ... not 80).
The only way I can get it to work is to add another virual host in server admin running on that IP at port 80. Unfortunately, that means it will be logged seperately (which I don't really want it to do). What do I need to change to get a single virtual host on a specific IP to respond correctly to both 443 and 80 using the file layout generated by server admin (I can modify them manually)?
Thanks in advance ...
Tom>The only way I can get it to work is to add another virual host in server admin running on that IP at port 80.
That's correct. That's how you run a site as both HTTP and HTTPS - they're two sites.
> Unfortunately, that means it will be logged seperately
Why? You can set both sites to use the same log file and their hits will be combined in a single file.
> What do I need to change to get a single virtual host on a specific IP to respond correctly to both 443 and 80 using the file layout generated by server admin (I can modify them manually)?
You can't, but if your issue is the logging, my answer above should take care of that. -
Port 443 used by another web site
All was working well with my evaluation of 2012E. I was able to log on the the access anywhere website. Now the service stopped working and if I try to start the "default website" I get an error message that another website may be using port 443
and it will not start. I checked the bindings on all the stock sites and none used 443 except the default site. I am able to vpn to the server with no issues. I tried messing with the Cert and that did not help. I have probably tweaked things trying to fix
it that has made it worse. I can see nothing else using 443. I read about the folder share issue but the service is not on the service list. I would like to be able to turn back the clock but that option is not available.
Thanks, CkshanIn PowerShell run this:
Import-Module WebAdministration
Get-ChildItem IIS:\Sites
Post back the result.
Robert Pearman SBS MVP
itauthority.co.uk |
Title(Required)
Facebook |
Twitter |
Linked in |
Google+ -
Is it possible to run iSQL*Plus only using Port 443/SSL? I receive the following
error whenever I do not listen for port 80 connections:
[Mon Sep 16 13:29:58 2002] [emerg] OPM: Could not find a valid non-ssl LISTEN ip
and port. The whole process exits.
[Mon Sep 16 13:29:58 2002] [alert] (2)No such file or directory: FastCGI: read()
from pipe failed (0)
[Mon Sep 16 13:29:58 2002] [alert] (2)No such file or directory: FastCGI: the PM
is shutting down, Apache seems to have disappeared - byeAlison,
Thanks for the reply. I think that the httpd.conf file is saying if you want both
types of connections (http and https) you have to listen for both types of connections.
We have other Apache web servers here that only allow https/port 443 connections and
only listen for those type of connections.
Maybe I should have asked my question a different way, is it possible configure
iSQL*Plus via the httpd.conf file (and other .conf files) so that FastCGI will
work with SSL connections? If not, is there a way to configure everything so that
the only non-SSL connections are between FastCGI and iSQL*Plus (i.e., no users can
connect to the web server without using and SSL connection)?
Again, thanks for your help.
Cecil,
After reading the httpd.conf (web server config file), I found this:
# Port: The port to which the standalone server listens. Certain firewall
# products must be configured before Apache can listen to a specific port.
# Other running httpd servers will also interfere with this port. Disable
# all firewall, security, and other services if you encounter problems.
# To help diagnose problems use the Windows NT command NETSTAT -a
Port 7778
## SSL Support
## When we also provide SSL we have to listen to the
## standard HTTP port (see above) and to the HTTPS port
Listen 7778
Listen 4443
It looks like you have to listen on a default port, as well as on an https port. iSQL*Plus doesn't actually care which port it is being called from as it is one step removed and has it's own (different) port connection to the web server.
Perhaps this is a question to research from the web server (essentially Apache) point of view? You could try the usenet newsgroups, the Metalink web site, or you could call Oracle Support.
Alison -
Mutiple servers using port 443
Hi,
I am looking to set up several websites that utilise port 443 for SSL
behind
my firewall.
I understand that the reverse proxy in BM will only forward from port
443 to
port 443.
As I only have one public IP address I was looking to use ports such
as
51443, 52443 and redirect to port 443 on the various internal servers.
Is this possible using the generic TCP proxy or is there another way
of
doing this I am using BM 3.6
All suggestions gratefully rec'd
Davidpresumably if that failed I could use a hardware firewall such as a
cisco
PIX to do the job.
set up some sort of DMZ and put the servers in there.
"Craig Johnson" <[email protected]> wrote in message
news:[email protected]..
> In article <skPnb.461$[email protected]>, David
> Quickfall wrote:
> > Is this possible using the generic TCP proxy or is there another
way of
> > doing this I am using BM 3.6
> >
> Generic proxy will work fine, (and in fact it probably works better
than
> using reverse proxy for 443). Set up one generic proxy for each
port.
>
> I don't know if you can successfully use the port translation
ability of
> generic proxy here. (Proxy port 444 to 443). I don't think that
works
> for SSL.
>
> Craig Johnson
> Novell Support Connection SysOp
> *** For a current patch list, tips, handy files and books on
> BorderManager, go to http://www.craigjconsulting.com ***
> -
The attempt to connect to the server (IP address) on port 443 failed - OLT
Hi all
I am facing one problem, if i run load to any application for 100 users for 1 iteration then it is not showing any error. Lets say i ran the load of 100 users for one hour then for some users there are errors like
Line: (script.java:84)][ScriptException]: The attempt to connect to the server (IP address) on port 443 failed.
And my understanding is the user's which are facing failures is not able to get response or page loaded at their end. As failures are occuring for some particular steps not the entire scenario. Pls confirm.
ThanksI believe that's an indication that there is an error receiving mail, but if you have any drafts or email in your outgoing mailbox, try deleting them. Apple's troubleshooting steps for this are (from http://support.apple.com/kb/TS4002):
Cannot receive mail in OS X Mail
If you use OS X Mail, look at the name of your iCloud account on the left side of the main Mail window. If your iCloud account name is dim and has a lightning bolt next to it, your account is offline. To resolve this, make sure your computer is connected to the Internet. Then choose Go Online from the Mailbox menu.
If taking your iCloud account online doesn't resolve the issue, follow these steps:
From the Mail menu, choose Preferences.
In the Preferences window, click the Accounts tab if it is not already selected.
In the Accounts list, select your iCloud email address.
Click the Account Information tab.
Verify your SMTP server settings with the following information:
Incoming Mail Server: imap.mail.me.com
User Name: Your iCloud email address
Password: Your iCloud password
Click the Advanced tab and verify the following additional settings:
Port: 993
Use Secure Sockets Layer (SSL): Should be enabled
Authentication: Password -
Session Cookies Being Overwritten Browsing From SSL to Non SSL
I have created a bug report for this issue as well.
Please note I am using J2EE session variables so keep that in mind.
I am seeing session cookies being overwritten when browsing from an SSL connection to a non SSL connection.
For example:
Visiting https://www.domain.com/ results in a JSESSIONID cookie being set with details being send for "Encrypted connections only".
Visiting http://www.domain.com/ results in a JSESSIONID cookie being set with details being send for "Any type of connection".
Here's the problem:
Say for example, you're logging into an admin module located at https://www.domain.com/admin/. Once authenticated and some session variables are set, you browse to http://www.domain.com/. When that happens your session cookie (JSESSIONID) is overwritten with a new value and you instantly lose your authentication in the admin module.
Obviously this is causing massive problems for my clients that bounce back and forth from SSL to non SSL connections which is common for e-commerce websites.
Steps to Reproduce:
1. Clear your cookies.
2. Visit a web page such as https://www.domain.com/. Note the JSESSIONID cookie value.
3. Visit a web page such as http://www.domain.com/. Note the JSESSIONID cookie value and how it was overwritten.
This behavior changed in ColdFusion 10. ColdFusion 9 did not overwrite the session cookie.
Has anyone else experience this?Deleting and re-adding my account seems to have fixed it. I think when I initially added my Google Talk account, it was by using the "Add Jabber Account" under 10.6 or something. Now, when I re-added my account, I notice both "Google Talk" and "Jabber" are options, so my thought here is that Jabber and Google Talk options are no longer quite the same thing.
-
Move from NON-SSL to SSL (OAS 9.0.4.1)
We installed OAS 9.0.4.1 (two Midtier and 1 Infst).
We have Application based on forms. We installed and configure OAS default like non-ssl and forms using port 7778. Now we need to use SSL.
If somebody give me detail what should be done?
Actually, what I did
1. I stop midtier Using EM.
2. I modified httpd.conf file changed only "Listen from 7778 to 4445" I didn't change port.
3. Run dcmctl updateconfig -ct ohs
4. start midtier using EM.
I can run forms using //http:localhost:4445/forms90/f90servlet? -succesufully
but My portal is not available. Did I miss something?
Please help. It is emergency we need to go to PROD.
ThanksI started from beginning install again OAS 9.0.4 and followed instruction in
whitepaper in the Internet deployment section titled "Oracle Forms 10g - Configuring Security with SSL ".
Everything was goung okay until last peice run test form using ssl -- https
I have error
java.io.IOException: javax.net.ssl.SSLException: Failed set trust point in ssl context
at oracle.security.ssl.OracleSSLSocketImpl.startHandshake(Unknown Source)
at oracle.jinitiator.protocol.https.HttpsClient.doConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.<init>(Unknown Source)
at sun.net.www.http.HttpClient.<init>(Unknown Source)
at sun.plugin.protocol.jdk12.http.HttpClient.<init>(Unknown Source)
at oracle.jinitiator.protocol.https.HttpsClient.<init>(Unknown Source)
at oracle.jinitiator.protocol.https.HttpsClient.New(Unknown Source)
at oracle.jinitiator.protocol.https.HttpsURLConnection$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.jinitiator.protocol.https.HttpsURLConnection.connect(Unknown Source)
at sun.plugin.protocol.jdk12.http.HttpURLConnection.getInputStream(Unknown Source)
at oracle.jre.protocol.jar.HttpUtils.followRedirects(Unknown Source)
at oracle.jre.protocol.jar.JarCache$CachedJarLoader.download(Unknown Source)
at oracle.jre.protocol.jar.JarCache$CachedJarLoader.load(Unknown Source)
at oracle.jre.protocol.jar.JarCache.get(Unknown Source)
at oracle.jre.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
at oracle.jre.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source)
at sun.misc.URLClassPath$JarLoader.getJarFile(Unknown Source)
at sun.misc.URLClassPath$JarLoader.<init>(Unknown Source)
at sun.misc.URLClassPath$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.misc.URLClassPath.getLoader(Unknown Source)
at sun.misc.URLClassPath.getLoader(Unknown Source)
at sun.misc.URLClassPath.getResource(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at sun.applet.AppletClassLoader.findClass(Unknown Source)
at sun.plugin.security.PluginClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadCode(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
WARNING: Unable to cache https://houorcl324.corp.kbr.com:4444/forms90/java/f90all_jinit.jar
load: class oracle.forms.engine.Main not found.
java.lang.ClassNotFoundException: java.io.IOException: javax.net.ssl.SSLException: Failed set trust point in ssl context
at oracle.security.ssl.OracleSSLSocketImpl.startHandshake(Unknown Source)
at oracle.jinitiator.protocol.https.HttpsClient.doConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.<init>(Unknown Source)
at sun.net.www.http.HttpClient.<init>(Unknown Source)
at sun.plugin.protocol.jdk12.http.HttpClient.<init>(Unknown Source)
at oracle.jinitiator.protocol.https.HttpsClient.<init>(Unknown Source)
at oracle.jinitiator.protocol.https.HttpsClient.New(Unknown Source)
at oracle.jinitiator.protocol.https.HttpsURLConnection$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.jinitiator.protocol.https.HttpsURLConnection.connect(Unknown Source)
at sun.plugin.protocol.jdk12.http.HttpURLConnection.getInputStream(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at sun.applet.AppletClassLoader.getBytes(Unknown Source)
at sun.applet.AppletClassLoader.access$100(Unknown Source)
at sun.applet.AppletClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.applet.AppletClassLoader.findClass(Unknown Source)
at sun.plugin.security.PluginClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadCode(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Do I need SSL webcache too? It was not in instruction
please help
Maybe you are looking for
-
Would like to know how old my system is
Hi, I just bought my mac, I am having trouble finding things that are compatible with it on the internet, aka downloads, magic jack, and so on. I was at the apple store in Des Moines, Iowa at Jordan Creek Town-center this past week and they told me t
-
I am trying to update my iphone 3Gs for the IOS 5
Please help! I am trying to update my IPhone 3GS to the new update ios5 and it has downloaded and its now stuck on the Backing up Iphone bit and its been there since 3:00pm today and still wont go away, I have stopped it once due to thinking the com
-
Which do I install first?
OK, I'm giving up on ever getting one of my photos in Elements 8.0 to appear in the CS5 Editor. I used to be able to do this on my old computer, which used XP, but cannot do this in my new computer, which uses Windows 7. I currently have Elements 8 a
-
Disk Utility Reporting Hardware Failure on Mac HD- Not Repairable
Hi! Looks like my hard drive is toast on my 24" aluminum case 24" imac. NOT under warranty although I bought it in Jan 09. DU reporting Mac HD in RED with message...'disk utility has detected hardware problem which cannot be repaired'. Ok. Will a sim
-
TPC2006 keyboard doesn't appear
Hello I have two questions, 1. I'm workin with TCP2006 and I'm trying to open the keyboard but it's doesn't appear. I did everything the manual said but it wasn't succesfull.... I suppose that tha keyboard is out of the panel, if so how can I see it