OHS Proxypass with SSL (https) issue.

Similar Messages

• Error in scenario "FILE to HTTP(with SSL)" - HTTP client code 110 reason.

  Hi friends,
  Our scenario is as follows:
  We are trying to send XML file from our SAP-XI to external tool "COMMunix XC" (a multi-protocol EDI platform tool).
  We have configured " FILE TO HTTP(with SSL)" scenario (trying to connect HTTPS/port)
  1. We have created RFC destination of type G and refered the same RFC in Communication channel (Adapter type: HTTP)
  2. We have send the SSL Server certificate to other party and ensure that they have imported at thier end.
  3. We have included the certificates from other party in our SAP XI STRUST under SSL Client (Standard) node.
  4. We have tried " CONNECTION TEST " in the RFC destination created in type G (in STEP 1) and it shows the GREEN TICK at bottom, no other message nor any error message
  When we trigger the communication we recieve the error: HTTP client code 110 reason in SXMB_MONI.
  Please let us know if we have missed out some step.
  What does error message indicate,
  Regards,
  Rehan

  Hi Rehan,
  I see that the PROCTIMEOUT was already at a very high value.
  Does this occur for messages of a particularly large size?  If yes, you could increase the parameter
     icm/HTTP/max_request_size_KB = 2097152
  This would need to be done in the sender/receiver system as well as XI.
  Otherwise you could try reproducing the issue and checking the dev_icm log in the work directory, or go to SMICM -> Goto -> Display trace file
  check for errors like NIECONN_REFUSED or "no service for protocol HTTPS" which can often be related to this type of issue.
  Kind regards,
  Sarah

• Crystal Reports export and print fails with SSL / https but works with http

  Windows 2008 Server, 32-bit (IIS7)
  ASP.NET 2.0
  Ajax 1.0
  Crystal Reports version 10.5.3700.0
  http:  printing works, export works
  https:  printing not working, only export to MS Excel and MS Word work.
  I am able to generate reports using both http and https, and the toolbar icons are all showing.  However, I am unable to print or export properly with SSL.
  Printing prompts me with a select printer window, and then a window 'Retrieving Page 1' follow by two messages from Crystal Print Control both stating:
  A communication error occured.  Printing will be stopped.
  Exporting generates various errors depending on which export method is being selected (however Excel and Word work over https).
  I've found the same problem on this site and other forums, but never a resolution to get exporting and printing to work with SSL.  Will someone please provide me assistance or possibly relay what settings they're using if they have Crystal Reports export or printing working over SSL in IIS7?  Everything works fine when I change the address from https to http.
  Please let me know if I can help by providing further information.  We've gone through a great deal of possible solutions with code and I'm currently looking in to IIS settings again.
  Thank you.

  Thanks Ludek. I got it by searching KB number.
  Unfortunately, it didn’t fix my problem even my IE (IE8 and IE 9) has correct setting.  I double check my version. PrintControl.CAB is version 10.2.0.1146. we use VS 2005 Crystal report and VB .NET. It works fine on HTTP. But when we use HTTPS (SSL Certificate from go daddy).
  1: Crystal report export
              Export to MS Excel, Word: pop us “File download”, then click “Save”. It says “Internet Explorer cannot download ReportView.aspx from my site. Internet Explorer was not able to open this internet site. the requested site is either unavailable or cannot be found. Please try it again later”
              Export to RPt, Rich text format: It says “Internet Explorer cannot download ReportView.aspx from my site. Internet Explorer was not able to open this internet site. the requested site is either unavailable or cannot be found. Please try it again later”
              Export to PDF : nothing happened.
  2: Print:
              Pop up dialog to select printer, click “Print” “. Shows windows “Crystal Report Viewer” and pop us error message box. Title is “Crystal Print Control”. Message is “An communication error occurred. Printing will be stopped”. Click “OK” and pop up error message box again.
  Please advise.
  Thank you very much!

• Securing Portal with SSL/https

  Has anyone successfully setup oracle portal 9.0.2 on solaris running all over secure sockets for both login/server and portal ?
  I've followed the otn documentation but i'm still having problems with gettin portal to work with https.
  It's driving me insane!! please help with any suggestions.
  Kind Regards
  Neil

  Hi,
  We did the following steps and it working :)
  Assuming that HTTPS is correctly working and without security aspects.
  Assuming that the HTTPS is 443
  1) configure Webcache to work on port 443 and link it to the 4444 port of Apache
  1) configure SSO
  I directly change in WWSEC_ENABLER_CONFIG_INFO$ LS_LOGIN_URL to the https URL
  the LSNR_TOKEN has to be like 'myhost' and not 'myhost:port'
  2) Login to SSO and update the HOME, SUCCESS and CANCEL URL of SSO
  to https
  3) register mod_osso against the new SSO Server
  4) register the portal using ptlasst
  (if possible remove the already installed portal)
  beware You might have big trouble with groups you have created.
  5) Add in ORACLE_HOME\j2ee\OC4J_Portal\applications\portal\WEB-INF\web.xml
  <init-param>
  <param-name>httpsports<param-name>
  <param-value>443:4444</param-value>
  </init-param>
  That is it !!!!
  You have also to protect some URL with SSL and
  to redefine some virtual path
  The best test is to stop WebCache to liste http port
  Have fun
  Philippe Camelio
  SysAdmin

• Applet with SSL Performance Issue

  Hi All,
  I tried posting this in the general java forum but I think it's more relavant in the Applet section. I have a program where JavaScript invokes an Applet which uses PrintService to retrieve a list of all the printers on the network and returns that string, the JS then does something with that String. The problem I'm seeing is that when a user tests this functionality without SSL enabled there are no issues. However, with SSL enabled, the first invocation of this functionality is successful but the second invocation always causes the CPU to spike to 50%. Any ideas what's happening here? Why is it spiking on the second call to this applet? Workarounds? Would it be possible to retrieve a list of printers directly with JS?
  Thanks for your feedback.
  Message was edited by:
  javajiggs

  what do you mean the sniffer trace is normal ?
  Do you have the decrypted trace ?
  It's important to know if the server sent an error message, or if the css corrupted the server response.
  This should be seen in the trace.
  Also, is the same client always having issue ?
  Is it the only one ?
  Can this client browse different webpages ?
  Gilles.

• SOAP Sender with HTTP(with SSL)=HTTPS with Client Authentication config

  Hi All,
  I have a Web-service-XI-Proxy scenario where we use SOAP Sender Adapter with HTTPs.  Double authentication (client- server) sertificate shall be used.
  Testing simple HTTP and XI user name/password works fine.
  Now I installed requred sertificates in TrustedCA and ssl-provider in VIsualadmin.
  But i can't see how i can configure certificates in SOAP sender Adapter. I've just did SOAP receiver for another scenario and there I could give keystore entry.
  I also doesn't know how to disable asking for name/password.  I am using XI 7.0.
  Please advise.
  Thanks,
  Nataliya

  Hi Nataliya,
  Go to SOAP Adapter> Inbound Security Checks-> HTTP Security Level--> Here you can specify  option "HTTP with Client Authentication. 
  One more thing HTTP Security level option is always available in Sender Adapter.
  For more clarity about HTTPS find below link.
  http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/content.htm
  To enable the TrustedCA in SOAP Sender adapter. Go SOAP Sender> Security Parameter> Security Profile--> Web Service
  security. Then go to sender agreement there you need to give key store entry.

• Calling web service with SSL (HTTPS) hangs client stub

  If anyone can help it would make my day! I've spent way too much time on this!!!
  I'm running:
  - Web service is running on Linux RedHat with Oracle9iAS 9.0.3
  - Client is running from Windows XP under Jdeveloper
  I've successfully installed and run the web security demo "ws_security" at http://otn.oracle.com/sample_code/tech/java/web_services/wssecurity/ws_security.jar.
  This demo goes through installing the web service, certificates, etc... and the demo runs fine. I'm also able to connect to the web service from a browser using https://server1:4443/CreditCardValidator/CreditCardValidator. I can download the proxy, look at the WSDL, etc...
  Now I've written my own very simple stateless java class web service, deployed it to 9iAS , and then downloaded the proxy stub jar. Using the proxy stub I can call my web service and everything works fine.
  Then I configure the web service to use HTTPS by making the following changes to the proxy stub (per the ws_security demo).
  1) Copy the following 5 lines to the proxy stub
  System.setProperty("ssl.SocketFactory.provider","oracle.security.ssl.OracleSSLSocketFactoryImpl");
  System.setProperty("ssl.ServerSocketFactory.provider","oracle.security.ssl.OracleSSLServerSocketFactoryImpl");
  System.setProperty("java.protocol.handler.pkgs","HTTPClient");
  System.setProperty("oracle.wallet.location","C:\\Data\\Oracle\\WALLETS\\ws_security\\wallet.txt");
  System.setProperty("oracle.wallet.password","thewalletpassword");
  2) modify the "m_soapURL" by changing "http" to "https" and the port number to 4443
  3) add the following 3 jar files to my projects library class list:
  C:\Program Files\jdev9031\jlib\jssl-1_2.jar
  C:\Program Files\jdev9031\jdk\jre\lib\ext\jcert.jar
  C:\Program Files\jdev9031\lib\jsse.jar;C:\Program Files\jdev9031\jlib\javax-ssl-1_2.jar
  When I run the proxy stub it just hangs. I've traced the hang to the "Response response = call.invoke(new URL(m_soapURL), soapActionURI);" statement in the "makeSOAPCallRPC" method in the proxy stub.
  Again, this works fine if I simply change the "m_soapURL" to use "http" instead of "https". It looks like it's hanging on the client side and the call is never making it to the server.
  Any help is GREATLY appreciated!!!!!

  Could you explain it a little more, please.
  Since my first message, I used the wallet manager to add the certificate the server where the web service is at, uses.
  What else do I need to make it work??
  Thanks in advance again.

• Need basic info how to run my servlet with SSL/http (I am using Tomcat 4.0.

  I have a servlet that gets a user id and password
  and query information from an HTML form
  and then writes back the answer to the query as a new web page. We want to
  make the transaction secure because it is customer confidential information.
  What do I need to do in my servlet to get it to run under SSL?
  (I am using Apache Tomcat 4.0 on WinNT and
  can use either JDK 1.2.2 or 1.3.1....)
  I know this is a very basic question, but what I'm reading does not
  make it clear to me what I have to do to my servlet code to use SSL, or
  whether the server and client do all the work "outside" my
  servlet code so that no changes to the servlet would be required(???).
  Can I use Tomcat 4.0 for SSL? Any help getting my head pointed in the right
  direction will be much appreciated. (You may reply to this forum or
  to my email: [email protected]
  Much thanks!

  When one follows this how-to, one got the following result:
  The same page, say xyz.html, can be accessed in two ways: one is from
  http://localhost:8080/xyz.html, and the other is from https://localhost:8443/xyz.html.
  How can one allow people to be only able to access from https://localhost:8443/xyz.html, to be not able to access from http://localhost:8080/xyz.html? There is one sentence mentioned some where that Servlet 2.4 specification can do this. But Servlet 2.4 specification would not provide any help. Any clue?

• Performance difference with SSL/HTTPS

  My company has an application deployed on two different servers. When using https, the faster server (more ram, faster CPU, newer version of Solaris) takes between 6 and 12 seconds longer to serve the same JSP. Both instances are hitting the same DB, using the same EJBs, same services, everything is the same. What could be the cause of this?

  Sounds like a configuration problem.
  Does a HelloWorld JSP have the same overhead?
  Is there web server in front of the slow server?
  Is the problems erver clustered?
  Is there a hardware load balancer in front of the problem server?
  Is there a DNS misconfig?
  If you tail logs when you hit the server does the request arrive
  immediately?
  Peter
  "jason" <[email protected]> wrote in message
  news:[email protected]..
  >
  I'm sorry. I did not word my previous post correctly.
  When using SSL, the more powerful of the two servers is 6 seconds slowerthan the
  less powerful of the two servers.
  Srikant Subramaniam <[email protected]> wrote:
  If I read this correctly, there is a difference in performance when using
  https.
  This is expected ... due to the overhead of SSL
  Jason wrote:
  My company has an application deployed on two different servers. Whenusing https, the faster server (more ram, faster CPU, newer version of
  Solaris) takes between 6 and 12 seconds longer to serve the same JSP.
  Both
  instances are hitting the same DB, using the same EJBs, same services,
  everything is the same. What could be the cause of this?

• BingMaps not showing with SSL certificate

  I have recently added SSL certificate to the server for the website I am developing.
  I changed my applications to use  https from http.
  <script type="text/javascript" src="https://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=7.0">
  After changing it from http to https, it is showing a blank page in place of map. The error it says is 
  This page is trying to load scripts from unauthenticated sources
  I had to click on the right top corner shield and allow the browser to run unsafe scripts to get the bingmaps to show up.
  Any ideas on how I can resolve it. I am using ASP.NEt, C#, Javascript and jQuery.
  Thanks in advance.
  Nate

  I had to add &s=1 to run the BingMaps in secure mode
  so, we should use following link to run the bing maps with SSL.
  https://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=7.0&s=1
  Thanks
  Nate

• Issue with SSL in web service.

  Hi All,
  We are having synchronous web service to proxy scenario in XI. We are trying to send a binary data using the SOAP web service to SAP via XI. Initially, we were posting large binary data using HTTP connection via XI from the SOAP client. The scenario was working without any issues.
  Since the data is sensitive changed the web service from HTTP to HTTPS.The interface works without issues when we test it using the SOAP client for testing. When the data is sent using the Dot Net application (the end application) using the same webservice, URL (HTTPS connection) the message errors out. The connection is borken and the message fails. In this scenario, XI does not even receive the message which I can make out looking into the SOAP adapter communication channel.
  The interesting fact here is the same  Dot Net application is able to connect and send smaller binary data using HTTPS connection.
  Could you please let us know if this could be the issue with HTTPS connection on XI side? I doubt it to be an issue on XI side because the adapter does not even receive any message when the scenario fails. But we used some HTTPS monitoring tools and found that the Dot Net Application receives some encrypted response from the server which the application is not able to decrypt and the handshake breaks.
  Could you please throw some inputs into this issue.
  Thanks,
  Manohar.

  Hi Manohar
  You have posted the same question with two different subject text
  anyway follow these SAP notes your problem will be short out
  Note 856597 - FAQ: XI 3.0 / PI 7.0 / PI 7.1 SOAP Adapter
  https://websmp102.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=856597&_NLANG=E
  Note 856599 - FAQ: XI 3.0 / PI 7.0 / PI 7.1 Mail Adapter
  https://websmp102.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=856599&_NLANG=E
  Note 870845 - XI 3.0 SOAP adapter SSL client certificate problem
  https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=916664&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
  https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=870845&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
  check the OSS Note 554174 & see if it helps
  Note 645357 - SAPHTTP: SSL error
  https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=645357&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
  https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1150980&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
  one alternative may be Restart ICM (Internet Communication Manager) .This will solve your HTTP issue
  Cheers!!!!
  Regards
  sandeep
  if helpful kindly reward points

• Issue with one of the Managed server while enabling SSL.__ Issue Resovled

  Weblogic version:wls 8.1sp6
  SSL: internal
  Environment:
  1 AdminServer and 2 Managed servers. Admin and M1 are on same host. M2 is on different host. We have enabled SSL on M1 & M2 only. Configuration of M1 & M2 are identical. After restarting the servers M1 has no issue with SSL but M2 throws javax.net.ssl.SSLKeyException as shown below,
  <Aug 4, 2008 12:29:01 PM BST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
  <Aug 4, 2008 12:29:02 PM BST> <Info> <WebLogicServer> <BEA-000213> <Adding address: 10.96.201.249 to licensed client list>
  <Aug 4, 2008 12:29:09 PM BST> <Notice> <Security> <BEA-090171> <Loading the identity certificate stored under the alias wpy-euq02 from the JKS keystore file /home/lonwpyq/ssl_cert/WPY_PAYROLLSOLUTIONSKeystore.jks.>
  <Aug 4, 2008 12:29:09 PM BST> <Notice> <Security> <BEA-090170> <Loading the private key stored under the alias wpy-euq02 from the JKS keystore file /home/lonwpyq/ssl_cert/WPY_PAYROLLSOLUTIONSKeystore.jks.>
  <Aug 4, 2008 12:29:09 PM BST> <Warning> <Security> <BEA-090773> <The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.>
  <Aug 4, 2008 12:29:09 PM BST> <Warning> <Security> <BEA-090773> <The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.>
  <Aug 4, 2008 12:29:09 PM BST> <Warning> <Security> <BEA-090773> <The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.>
  <Aug 4, 2008 12:29:09 PM BST> <Error> <Cluster> <BEA-000141> <TCP/IP socket failure occurred while fetching statedump over HTTP from -6401422690190304510S:lonlxwebhost99:[16544,16544,16042,16042,16544,16042,-1,0,0]:etg:lonwpyq_16543_1.
  javax.net.ssl.SSLKeyException: [Security:090773]The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.
  at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
  at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
  at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
  at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
  at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
  at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
  at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
  at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
  at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
  at com.certicom.tls.record.WriteHandler.write(Unknown Source)
  at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
  at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
  at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
  at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
  at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:122)
  at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:322)
  at weblogic.cluster.HTTPExecuteRequest.connect(HTTPExecuteRequest.java:73)
  at weblogic.cluster.HTTPExecuteRequest.execute(HTTPExecuteRequest.java:121)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)>
  Please let me know where I am going wrong. Thnx in advance
  Message was edited by:
  Shashi_sr

  Solution given by BEA Engineer:
  <Warning> <Security> <BEA-090773> <The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.>
  The reason for this was
  The CA Certificate was missing a required bit (according to RFC 3280).
  keyEncipherment bit is not in the KeyUsage and KeyUsage is marked as critical.
  As per RFC:
  The keyEncipherment bit is asserted when the subject public key is
  used for key transport. For example, when an RSA key is to be
  used for key management, then this bit is set.
  According to RFC3280, when the key will be used to encrypt other keys that are send over the wire ("key transport") the keyEncipherment bit of the KeyUsage extension must be set. If the KeyUsage extension is critical, the SSL certificate validation will check that the key can be used in the key agreement. That is, that the key can be used to encrypt the symmetric public key.
  Your KeyUsage only contains the following bits:
  [4]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [
  DigitalSignature
  Key_CertSign
  Crl_Sign
  Since it is marked Critical, it MUST have the keyEncipherment bit.
  Otherwise, it should not be marked as Critical.
  So the three solutions that should work are
  1) Remove keyUsage
  2) Don't mark keyUsage as critical
  3) If keyUsage is critical, make sure keyEncipherment bit is set.

• Request management service issue with SSL Sites

  Hi guys,
  I've configured up the request management service, but after start the service on our wfe servers (even before to configure specific web applications),  our ssl sites begin to fail and the event viewer start to alert several errors, by the other hand,
  sites over 80 port with no SSL works as expected.
  I've found some similiar scenarios without a happy ending. Below you can find some of the main errors in event viewer and ULS Logs. In
  this post  solved a very similar issue using ssl host headers with a unique ip but we are using fqdn certificates so it is not an option for us.
  I've already checked the
  good posts from Spencer Harbar and He says that is good idea to use host named site collection, but this is not an option for me because we need to use Self Service Creation and mixed authetnication, besides, None of the Technet literature that i've reviewed
  says  something about don't support path based site collection.
  So far, the only way to avoid this errors is not using the service(discouraging finding), These are some errors we got on Event viewer and logs:
  Machine 'MACHINENAME (AppPool(_LM_W3SVC_515444293_ROOT))' failed ping validation and has been unavailable since '3/28/2014 3:55:48 PM'.  (Just starting the service Event viewer begis to have a bunch of this errors)
  03/28/2014 13:34:01.96 w3wp.exe (0x1184)
  0x154C SharePoint Foundation
  Request Management ai2q3
  High Reached maximum number of failed machines based on ping results for this routing group
  53c2819c-8216-20f3-68c0-c0a3e55c92d5
  03/28/2014 13:34:01.96 w3wp.exe (0x1184)
  0x154C SharePoint Foundation
  Request Management ai2q4
  Medium Unavailable machines based on ping results: MACHINENAME
  53c2819c-8216-20f3-68c0-c0a3e55c92d5
  03/28/2014 13:34:01.97 w3wp.exe (0x1184)
  0x1C2C SharePoint Foundation
  Request Management adc7u
  Medium Mapping URI from 'https://HOSTNAME:443/Style Library/somos-sura-css/inicio/inicio.css' to 'https://MACHINENAME/Style%20Library/somos-sura-css/inicio/inicio.css'
  53c2819c-8217-20f3-68c0-cb2f392c388b
  Seems like it tries to find a site with the machine name, not the host name registered in the Alter access mappings (like portal.acme.com) .
  I would appreciate some feedback about this. Another posts with similar issues:
  http://amolmeshe.blogspot.com/2013/05/sharepoint-2013-request-management.html 
  http://www.akspug.org/Blog/Post/4/Request-Management-and-Error-8316 
  Regards,

  Hi,
  According to your post, my understanding is that you had an issue about the Request management service with SSL sites.
  It’s a known issue that the request management service could not work with the SSL site.
  We had already reported the issue to the product team, as a workaround, if you want to use the request management service, you can change the https site back to http.
  What’s more, the SharePoint 2013 SP1 has been relased, you can install it to check whether it works.
  http://support.microsoft.com/kb/2817429/en-us
  Thanks & Regards,
  Jason
  Jason Guo
  TechNet Community Support

• CSM HTTP Redirect with SSL

  Problem we are having:
  A client opens an HTTPS connection to a CSM with SSL offload to SSL module. The decrypted clear HTTP request hits the IIS server and is redirected (301).
  The client gets an HTTP redirect and not an HTTPS redirect.
  The reason for the 301 redirect is the IIS server does not have a physical resource but rather a virtual directory so it issues a 301 and adds a /. eg https://www.cisco.com/tech is redirected to https://www.cisco.com/tech/ in a working situation.

  look for the urlrewrite command in order to change HTTP into HTTPS.
  Regards,
  Gilles.

• IE unable to connect to Oracle HTTP Server v10.1.2 with SSL

  Hi,
  I configured OHS with SSL to run APEX applications.
  This configuration can be run from Mozilla browsers and Opera, but not from Internet Explorer.
  I suspect that IE doesn't support 256-bit encryption, as both browser above support it. So I set several combination of SSL Cipher Suite in ssl.conf. I also set IE to use TLS v1, SSLv2, and SSLv3. But this doesn't show any results. I also found that several sites which has 256 bit encryption (read the information from Mozilla and Opera browser) can also be opened by IE (read as 128 bit encryption). So I guess the encryption is not the problem, and I move on to the Apache error_log files.
  What I found from Apache's error_log.xxxx is
  [error] mod_ossl: SSL call to NZ function nzos_Handshake failed with error 29014 (server ---.---.com:4443, client --.--.--.--)
  [error] mod_ossl: Unknown error
  [error] mod_ossl: SSL call to NZ function nzos_Handshake failed with error 28864 (server ---.---.com:4443, client --.--.--.--)
  [error] mod_ossl: SSL IO error [Hint: the client stop the connection unexpectedly]
  So I looked in the Metalink and found Note:312041.1 and applied patch 4960210 and restart the server. But now it wouldn't start at all, despite that all configuration files were not changed.
  Any help would be greatly appreciated.
  Regards,
  Aulia Bismar

  You can use any PKCS#12 file with OHS if it includes the complete private key and certificate chain. With Oracle Wallet Manager (owm) you could also create a private key, import it, import the CA certificate as trusted certificate, create a certificate request for the private key, get the certificate response from the CA and import this.
  If you use an unsual CA, ie cacert.org, you must import the CA root certificate as a trusted server certificate for IE.
  --olaf