Only SSL in web AS 6.40

Similar Messages

• Procedure for Certificates if implementing Terminating SSL at web server

  Hello Gurus,
  We have implemented "Terminating SSL at Web Server" and have generated Certificates for the Server which hosts OHS. My doubt is
  Do we need to generate Certificates for all the server that has EPM components or if it is correct if we generate Certificate only for OHS server.
  Also if we also want to implement SSL for Essbase and making use of Wildcard Certs, can we add the ailas name for Essbase server to the SAN and use the same wallet on the server hosting Essbase server?
  Thanks.

  I meant @Policy(uri = "policy:Wssp1.2-2007-Https.xml") Also I read this article which is talking about the policy file http://chrismuir.sys-con.com/node/1075471/mobile
  Couple of questions:
  1. As I said in my last thread, since Verisign certificate is installed in the web server, I can view the certificate details in the browser for any https requests to that server instead of just for this webservice request. How to block/filter other requests from using the certificate when involed using https?
  2. When do we need policy files?
  Edited by: user8115570 on Feb 6, 2012 2:55 PM

• Require Only SSL/TLS Connections

  I would like to require that only SSL/TLS connections be allowed to my server. This is not to be confused with wanting SSL client authentication. I had initially thought I could do this with ACI using the authmethod="ssl", however after looking at the documentation closely and experimentation this refers to do client based SSL authentication as well. I do have SSL/TLS set up correctly, I just want to disallow non-encrypted traffic.
  In OpenLDAP I would merely state "security ssf=128" to require SSL/TLS only connections.
  Anyone know how to do this in Sun's Directory Server?

  The reason I don't use a firewall (presumedly to block port 389) or set the non-secure port to 0 is that this would disallow TLS on port 389. Hence all I could do is SSL and only 636. I would like to be able to allow only TLS on 389 and not allow non-TLS traffic.

• Unable to view local HTML content from "Help Content Only" SSL  iFrame

  Hi
  Can anyone confirm whether it is possible to view local HTML files within an iFrame when generating Help Content Only SSL content which is also locally deployed?
  I have had no problem viewing local html files from within an iFrame with a locally viewed Browser-Based Help project but despite trying a number of variations on the syntax, I simply cannot obtain the same result from a Help Content Only SSL that is then incorporated within a merged help system. I can however create hyperlinks to view local content using the following syntax (file:/C:\folderName\fileName.html - the only drawback for local preview is that you must right-click and select "open in new tab"). Essentially, I am trying to eliminate the requirement to have to right-click and open in new tab to view local html files.
  The project I am working on is deployed both locally and remotely and this whole process is necessary for emergency management and business continuity purposes.
  I hope my explanation isn't too convoluted and would be glad to clarify it further if required. I would appreciate any assistance!

  Hi John
  I appreciate you and Peter obtaining this  information from Adobe and I appreciate your continuing patience in  trying to understand what I am doing.
  I will start  from the beginning and hopefully clarify my process when deploying my  application locally (my remote process differs somewhat but is not  germane to this discussion). Obviously this will contain some repetition from previous posts but I hope it helps...
  The project itself integrates content created from Adobe RoboHelp with content created within Adobe Dreamweaver
  First, I should mention that I am using RoboHelp 8 as I don't believe I have addressed which version I am using. There's nothing particularly unusual about the project itself.
  Utilizing Dreamweaver I have created a self-contained HTML-only (no server-side functionality) website which is placed at the root level of the C: drive
  Within the RoboHelp project I create a hyperlink to access the local HTML files from the RoboHelp topic pages. The process I use to do so is from within the HTML view of the specific topic page and I use the following file path: "file:/C:\folderName\fileName.html". The only end-user requirement is that they must right-click and select "open in new tab", otherwise the link does not work. Please note, this is ONLY required for accessing the local HTML files.
  I output my RoboHelp project using the Adobe Air SSL, with the output type set to "Help Only Content" which creates the .rha files. I utilize multiple .rha files within my project as each .rha file constitutes a module specific to an individual municipality (in my particular instance)
  I use the Help Viewer Wizard from the RoboHelp "Toolbox" pod to create what I refer to as the "shell" .air file. Once the "shell" .air file created from the Help Viewer Wizard is  installed, it creates a shortcut on my desktop.
  I place an XML .helpcfg file within the directory on C:Program Files where my "shell" .air file has been installed to reference each .rha module which must be placed at the root level of the C: drive in order to be properly referenced by the .helpcfg file
  By double-clicking on the desktop shortcut created in Step 6 it opens the "shell" module which, in turn, loads in each individual .rha file which can be accessed individually from the drop-down menu in the top-right corner
  Why do I do it this way?? My organization severely restricts admin privileges on our workstations. We have one IT person / several hundred officers so I needed to create a system where the only time we need IT assistance is in the initial installation of the "shell" .air file created from the Help Viewer Wizard and placement of the .helpcfg file within the C: Programs folder. Once this is done, because the .rha files are on the C: drive, I can swap these out and update as necessary (we currently have an annual renewal cycle) and we require no further IT intervention. The local system I have just described has hyperlinks to the online browser-based help so that users can also access it and see any content updates made throughout the course of the school year
  Having said all that, based on the model I have just described, I have been trying to create iFrames from within my RoboHelp 8 topic pages (placed on my C: drive) to access the local HTML Dreamweaver site (also on my C: drive). The problem I have been having is that the resultant iFrames display only a blank white page and I have tried a number of variations on the syntax of the file path without success.
  The process I have been using to create the iFrame is as follows:
  In Design view, select Insert >> HTML >> iFrame
  In the iFrame dialog box, provide a name for the iFrame and then navigate to the local file on my C: drive level Dreamweaver HTML-only website that I want to link to.
  Click "Apply" and from the resulting dialog box states that "This action will create an external link to the help system... Do you want to continue?", I click "Yes"
  The resultant file path is "../../../../../folderName/fileName.html" which obviously won't work but I have created the iFrame and now I switch over to HTML view and insert the file path that I have been using for the hyperlinks ("file:/C:\folderName\fileName.html"). I also modify the width to 100% and the height to 1000 px
  The user is not being directed to a different domain. So, if as Adobe states, that iFrames are "supported in local AIR Help (.rha) as well" then I don't know why it will not work for me. Again, this is the file path that allows me to create a hyperlink which will access my local Dreamweaver HTML files: "file:/C:\folderName\fileName.html" so if that syntax works for a hyperlink, why will it not work for the iFrame?
  The videos I referenced are also contained within the local Dreamweaver HTML site
  My usage of the term "merged help" may have been unclear and hopefully steps 1-8 outline what I am doing
  Again, I am very grateful to all who have joined this discussion to try to help me! I think it should be manifestly evident by now that I am self-taught and basically that's the only excuse I can offer in my defense for my poor articulation. Not too many years ago I wanted nothing whatsoever to do with computers!

• Safari 4.0 is slower to show only the first web site

  Safari 4.0 is slower to show only the first web site. Once Safari is open, the first site may take 4 to 5 seconds to show, and Console indicates:
  11/06/09 17:15:09 [0x0-0x99099].com.apple.Safari[1029] Debugger() was called!
  Subsequent sites load in just one second or so (and Console does not show any messsage).
  If I quit Safari and open it again, the same issue arises: it takes longer to show the very first site (whatever it is) but not the subsequent ones (for which it is quicker), and Console shows a similar string on such very first site (but not the subsequent ones). Other examples of such string:
  11/06/09 17:15:58 [0x0-0x9b09b].com.apple.Safari[1033] Debugger() was called!
  11/06/09 17:15:58 [0x0-0x9b09b].com.apple.Safari[1033] Debugger() was called!
  11/06/09 17:17:06 [0x0-0x9c09c].com.apple.Safari[1036] Debugger() was called!
  How to prevent such Console message and make Safari also quick to show the very first page or site after opening Safari?
  Thanks.

  Not to get your hopes up, did you ever hear or figure out any resolution to this. I have a (slightly) similar issue passed along from one of my bosses, that when he upgraded to 4.0.2 it started causing issues with FTP logins through Safari. He would have to enter passwords multiple times on the same site. So initial entry worked and then every subsequent event needed a password entry. Just curious if this could be part of your problem. I tried to emulate the problem on my machines and only on the one I have the 4.0.2 update does it happen.

• Can only access one web site

  I can only access one web site . www.cisco.com. I am connected to the internet via a lynksys DSL Router, I am using dhcp and NAT from the Lynksys note:works fine for 3 other windows based pc's.
  when I try to connect to any other site the page Hangs during load and neve displays.
  I can ping all of the web sites that do not come up
  I am using a SunBlade 100 and did a new install. I tried the install with webstart and had the same result during the install. again I can only open sucessfully www.cisco.com.

  Hello!
  I am getting this error, but the above fix does not solve the issue, however I do know what has caused it.
  I have an edmx file in a WCF webservice which feeds a silverlight app.  The edmx is quite complex and a bit fragile, but was working fine up until I introduced our Industry Codes view into the model.  The view is basically { ID, ParentID, Name, ... }.  In my model I have created an association to itself which describes Children(*)/Parent(0/1) so I have a nice and tidy hierarchical structure.  The edmx and the service build without any errors - hurrah!  However, when I update the service reference I then get the below error (and a whole load of others as none of the webservice objects exist anymore):
  Error 21 Custom tool error: Failed to generate code for the service reference 'WCF_ContactAdmin'.  Please check other error and warning messages for details. X:\2008-054 ContactAdmin_Silverlight\Contact2_Admin_Silverlight\Service References\WCF_ContactAdmin\Reference.svcmap 1 1 Contact2_Admin_Silverlight
  When I try the fix mentioned in the link above this error disappears, but then so do all the objects in the datamodel, so I cannot continue from there.
  Having the hierarchical data objects defined in the EDM will make like so much easier in future, any help will be greatly appreciated, thank you!!
  Tim
  Web Developer at Terrapinn

• How to grant anonymous access on sharepoint document library/list only not for web application

  Hello
  How to grant anonymous access on sharepoint document library/list only not for web application.I have claim based sharepoint site and has to be but i want to grant access on document library/list only.Is this possible?
  Thanks
  Rajesh Kumar "Changing the Face" can change nothing.But "Facing the Change" can change everything.

  As i am using following code
  SPSite site = SPContext.Current.Site;
              SPWeb web = SPContext.Current.Web;
              SPSecurity.RunWithElevatedPrivileges(delegate()
                  using (SPSite ospSite = new SPSite(site.ID))
                      using (SPWeb webs = ospSite.OpenWeb(web.ID))
                          // Enable anonymous access on web application
                          webs.AllowUnsafeUpdates = true;
                          SPUrlZone urlZone = SPUrlZone.Default;
                          SPWebApplication specifiedWebApplication = ospSite.WebApplication;
                          SPIisSettings iisSettings = specifiedWebApplication.IisSettings[urlZone];
                          //iisSettings.AuthenticationMode = AuthenticationMode.Windows;
                          iisSettings.AllowAnonymous = true;                       
                          specifiedWebApplication.Update();
                          // Get document library collection here and fetch all the document urls
                          SPDocumentLibrary docLib = (SPDocumentLibrary)web.Lists["Documents"];
                          if (docLib != null)
                              docLib.BreakRoleInheritance(true, false);
                              docLib.AllowEveryoneViewItems = true;
                              docLib.AnonymousPermMask64 = SPBasePermissions.ViewPages | SPBasePermissions.OpenItems | SPBasePermissions.ViewVersions
                                  | SPBasePermissions.Open | SPBasePermissions.UseClientIntegration | SPBasePermissions.ViewFormPages | SPBasePermissions.ViewListItems;
                              //docLib.AnonymousPermMask64 = SPBasePermissions.EmptyMask;
                              docLib.Update();
  Should working but getting access denied......i am totally stuck at this point.
  Rajesh Kumar "Changing the Face" can change nothing.But "Facing the Change" can change everything.

• RV320 SSL VPN web service unable to connect port 56000 56001...

  I have recently installed a RV320 dual WAN small business router in order to use the SSL VPN functionality to allow secure access to our intranet pages which are hosted on a server inside our network. I have the latest firmware installed on the router.
  With the firewall feature of the RV320 disabled - After logging in to the router remotely via the HTTPS interface, I am able to use the web-based services such as SSH and NetworkPls. However, when using the HTTP and HTTPS services I receive a web browser unable to connect error on port 56000, 1, 2, 3 ... This is regardless of whether I enter a URL or IP address on the network behind the router or on the internet.
  Enabling the firewall feature of the RV320 gives a different result - when any IP or URL is entered into the box in the second image below, the router log-in page is loaded instead of the required site. I have pasted an extract from the log at the bottom of this post although it doesn't seem to contain any relevant information. As a separate issue, you will also notice that users connecting to the router brings up [HACK] SynFlooding Attack in error.
  Can anyone explain why this is happening? Alternatively, does anyone have a guide for setting up a IPSec VPN with this router? There seems to be very little literature available for this model.
  Thanks in advance for your help.
  Log extract
  2013-11-02, 11:36:19
  Connection Accepted
  IN=eth1 OUT=eth0 SRC=178.239.83.183 DST=192.168.10.100  DMAC=e0:2f:6d:75:35:7d SMAC=d4:ca:6d:98:3e:55 LEN=60 TOS=0x00 PREC=0x00  TTL=54 ID=57573 DF PROTO=TCP SPT=54925 DPT=993 WINDOW=5840 RES=0x00 SYN  URGP=0
  2013-11-02, 11:36:19
  [HACK] SynFlooding Attack
  IN=eth1 OUT=eth0 SRC=178.239.83.183 DST=192.168.10.100  DMAC=e0:2f:6d:75:35:7d SMAC=d4:ca:6d:98:3e:55 LEN=60 TOS=0x00 PREC=0x00  TTL=54 ID=57573 DF PROTO=TCP SPT=54925 DPT=993 WINDOW=5840 RES=0x00 SYN  URGP=0
  2013-11-02, 11:31:53
  Connection Accepted
  IN=eth1 OUT=eth0 SRC=178.239.83.156 DST=192.168.10.100  DMAC=e0:2f:6d:75:35:7d SMAC=d4:ca:6d:98:3e:55 LEN=60 TOS=0x00 PREC=0x00  TTL=53 ID=50721 DF PROTO=TCP SPT=55634 DPT=993 WINDOW=5840 RES=0x00 SYN  URGP=0
  2013-11-02, 11:31:53
  [HACK] SynFlooding Attack
  IN=eth1 OUT=eth0 SRC=178.239.83.156 DST=192.168.10.100  DMAC=e0:2f:6d:75:35:7d SMAC=d4:ca:6d:98:3e:55 LEN=60 TOS=0x00 PREC=0x00  TTL=53 ID=50721 DF PROTO=TCP SPT=55634 DPT=993 WINDOW=5840 RES=0x00 SYN  URGP=0
  2013-11-02, 11:31:38
  User Log
  User cisco login success from 221.142.25.181
  2013-11-02, 11:31:38
  User Log
  User cisco login success from 221.142.25.181
  2013-11-02, 11:29:49
  Kernel
  kernel: upnp idx=83, ip=192.168.10.220, eport=59725, iport=59725
  2013-11-02, 11:29:49
  Kernel
  kernel: wrong ip[0],not_list[0]
  2013-11-02, 11:29:43
  Connection Accepted
  IN=eth1 OUT=eth0 SRC=176.251.102.32 DST=192.168.10.100  DMAC=e0:2f:6d:75:35:7d SMAC=d4:ca:6d:98:3e:55 LEN=64 TOS=0x00 PREC=0x00  TTL=52 ID=44670 DF PROTO=TCP SPT=49423 DPT=143 WINDOW=65535 RES=0x00 SYN  URGP=0
  2013-11-02, 11:29:43
  [HACK] SynFlooding Attack
  IN=eth1 OUT=eth0 SRC=176.251.102.32 DST=192.168.10.100  DMAC=e0:2f:6d:75:35:7d SMAC=d4:ca:6d:98:3e:55 LEN=64 TOS=0x00 PREC=0x00  TTL=52 ID=44670 DF PROTO=TCP SPT=49423 DPT=143 WINDOW=65535 RES=0x00 SYN  URGP=0
  2013-11-02, 11:29:12
  Kernel
  kernel: upnp idx=83, ip=192.168.10.220, eport=59725, iport=59725
  2013-11-02, 11:29:12
  Kernel
  kernel: wrong ip[0],not_list[0]
  2013-11-02, 11:29:12
  SSL Log
  User ben login success from 221.142.25.181

  After lots of trial and error, I was able to eliminate this problem.  What I wound up doing is defining the XE service again in the listener.ora file:
  SID_LIST_LISTENER =
    (SID_LIST =
      (SID_DESC =
        (SID_NAME = XE)
        (ORACLE_HOME = C:\ProgramData\oraclexe\app\oracle\product\11.2.0\server)
  I know that typically you should not have to do this, especially since I already had defined DEFAULT_SERIVCE_LISTENER = (XE) at the bottom of the listener.ora file.  Explicitly defining the XE service in the listener.ora file allows the listener to find it while the system is running under the Cisco AnyConnect VPN.  The only hiccup I found by doing this is that the XE service is discovered twice by the listener when the system is NOT running under the Cisco AnyConnect VPN.  It still works OK.  The listener just seems to ignore the repeated definition of the XE service (see output below):
  C:\ProgramData\oraclexe\app\oracle\product\11.2.0\server\bin>lsnrctl service
  LSNRCTL for 32-bit Windows: Version 11.2.0.2.0 - Production on 13-JUN-2013 10:03:15
  .......(omitted output).......
  Service "XE" has 2 instance(s).
    Instance "XE", status UNKNOWN, has 1 handler(s) for this service...
      Handler(s):
        "DEDICATED" established:0 refused:0
           LOCAL SERVER
    Instance "xe", status READY, has 1 handler(s) for this service...
      Handler(s):
        "DEDICATED" established:0 refused:0 state:ready
           LOCAL SERVER
  Service "XEXDB" has 1 instance(s).
    Instance "xe", status READY, has 1 handler(s) for this service...
      Handler(s):
        "D000" established:0 refused:0 current:0 max:1022 state:ready
           DISPATCHER <machine: DEV-M-137GF, pid: 5544>
  (ADDRESS=(PROTOCOL=tcp)(HOST=DEV-M-137GF.paychex.com)(PORT=58257))
  The command completed successfully
  If anyone has a cleaner solution for this problem, please let me know.  Otherwise, I am moving forward with what I did.
  Thanks.....Paul

• ACE - Balance HTTP and sticky only SSL/TLS

  Hi there,
  I have a situation that I am trying to solve. We have lot of services trough ACE, but now I have to modify one of them, PROXY servers. 
  I have six (6) servers working with Sticky, but with a MASK 255.255.255.0, which produce an unbalanced situation some times, and that affect some servers on depending of how many users connected to that server. We have between 40K and 50K conns in that serverfarm, but in Sticky terms we have arround 700 /24 subnets.
  I want to modify the configuration, specificaly the MASK to 255.255.255.255, which is going to increase a lot Sticky resources. But thinking in optimize Sticky resources, I want to know if there is a way to select only e-commerce, Home Banking or other kind of SSL/TSL traffic (always using port 80 trough proxy servers), so I could use Sticky only  for connections that need it, and leave other HTTP traffic without this feature.
  I´m sorry, may be I'm doing a silly question, but don´t have the experience to make this configuration, and I will apreciate your help.
  Here is the actual configuration:
  probe tcp HTTP
    description Keepalive web servers
    interval 20
    passdetect interval 30
  rserver host Server1
    ip address 10.1.1.1
    inservice
  rserver host Server2
    ip address 10.1.1.2
    inservice
  rserver host Server3
    ip address 10.1.1.3
    inservice
  rserver host Server4
    ip address 10.1.1.4
    inservice
  rserver host Server5
    ip address 10.1.1.5
    inservice
  rserver host Server6
    ip address 10.1.1.6
    inservice
  serverfarm host PRX
    failaction purge
    predictor leastconns
    probe HTTP
    rserver Server1
      inservice
    rserver Server2
       inservice
    rserver Server3
      inservice
    rserver Server4
      inservice
    rserver Server5
      inservice
    rserver Server6
      inservice
  sticky ip-netmask 255.255.255.0 address source sticky-PRX
    timeout 60
    serverfarm PRX
  class-map match-any VIP-PRX
    2 match virtual-address 10.10.10.101 tcp eq www
  policy-map type loadbalance first-match POLICY-L7-PRX
    class class-default
      sticky-serverfarm sticky-PRX
  policy-map multi-match PRX-Balance
    class VIP-PRX
      loadbalance vip inservice
      loadbalance policy POLICY-L7-PRX
      loadbalance vip icmp-reply
  interface vlan 100
    ip address 10.10.10.11 255.255.255.0
    alias 10.10.10.10 255.255.255.0
    peer ip address 10.10.10.12 255.255.255.0
    no normalization
    access-group output SOLO-SLB
    service-policy input PRX-Balance
  Thanks
  Alexis

  You might want to check out this new product called ITD.
  Simple and faster solution:
  ITD provides :
  ASIC based multi-terabit/s L3/L4 load-balancing at line-rate
  No service module or external L3/L4 load-balancer needed. Every N7k port can be used as load-balancer.
  Redirect line-rate traffic to any devices, for example web cache engines, Web Accelerator Engines (WAE), video-caches, etc.
  Capability to create clusters of devices, for example, Firewalls, Intrusion Prevention System (IPS), or Web Application Firewall (WAF), Hadoop cluster
  IP-stickiness
  Resilient (like resilient ECMP)
  VIP based L4 load-balancing
  NAT (available for EFT/PoC). Allows non-DSR deployments.
  Weighted load-balancing
  Load-balances to large number of devices/servers
  ACL along with redirection and load balancing simultaneously.
  Bi-directional flow-coherency. Traffic from A-->B and B-->A goes to same node.
  Order of magnitude OPEX savings : reduction in configuration, and ease of deployment
  Order of magnitude CAPEX savings : Wiring, Power, Rackspace and Cost savings
  The servers/appliances don’t have to be directly connected to N7k
  Monitoring the health of servers/appliances.
  N + M redundancy.
  Automatic failure handling of servers/appliances.
  VRF support, vPC support, VDC support
  Supported on both Nexus 7000 and Nexus 7700 series.
  Supports both IPv4 and IPv6
  N5k / N6k support : coming soon
  Blog
  At a glance
  ITD config guide
  Email Query or feedback:[email protected]

• Ssl and web app server: there's content which is not secure

  Hello,
  We have  implemented ssl in our intranet site ( web front server, Web app server, sql server - everything ) .
  Yet, In Https (and I.E) and document library , when I press the "..." , I get an warning: "only secure content is displayed" and the file preview doesn't show anything. If I select "show all content", the file preview shows
  the file.
  If I press "View in browser", I get the same message. If I press "show all content" I see the file, otherwise the file doesn't show.
  Looking at the fiddler, it looks like some connections with the (sharepoint)  application server aren't secured.
  Sample unsecured http gets are:
  http://ApplicationServer.mysite.gr/wv/ResReader.ashx?n=p1.img&WOPIsrc=http%3A%2F%Intranet%2Fsites%2FDNY%2F_vti_bin%2Fwopi.ashx%2Ffiles%2F42da77c08cd94b67a1c413ae39a71c58&access_token=eyJ0eBIgBigToken
  http://ApplicationServer.mysite.com/wv/ResReader.ashx?n=p1.img&v=00000000-0000-0000-0000-000000000602&usid=5fae4f7f-d4d6-4a21-a465-2fe24ded9519&WOPIsrc=http%3A%2F%2FIntranetSite%2Fsites%2FDNY%2F_vti_bin%2Fwopi.ashx%2Ffiles%2F42da77c08cd94b67a1c413ae39a71c58&access_token=BIgBigToken
  - this one is an image of the file.
  Having these unsecure gets, I have problems accepting that the site is totally secured.
  is the (sharepoint) application server the source of the problem?
  Thank you
  Christos

  Hi,
  According to your post, my understanding is that you wanted to show all content after you implemented ssl in intranet site.
  Please make sure you configure SSL correctly. You can refer to:
  Configure SSL for SharePoint 2013
  IE does provide an option which can be configured to automatically display all content, both secure and non-secure content, on web pages that come with mixed content.
  You can display all mixed contents in IE to suppress and disable any warning message on secure and/or non-secure content.
  More information:
  How to Disable Only Secure Content is Displayed in IE (Always Show All Mixed Content)
  Stop the "page contains secure and nonsecure items" warning
  Best Regards,
  Linda Li
  Linda Li
  TechNet Community Support

• Can't access SSL-secured web content from Remote Desktop Server

  I am running RDS on Windows Server 2008R2. No Remote App or Gateway Services, just straight up Remote Desktop.
  After making a RDP connection to the server, when trying to access any SSL-secured website, Internet Explorer displays the error "Internet Explorer cannot display the webpage" with a button labeled "Diagnose Connection Problems." It's the same generic
  IE message that appears when DNS lookups fail. This failure to make SSL connections also manifests itself with Exchange autodiscover not working.
  Strangely enough, Administrator is able to make SSL connections just fine, just not any other users. The server is otherwise completely functional.

  Hi cyborganic,
  To narrow down this issue, Would you like to confirm the following questions:
  1.      
  Does this issue exist when accessing all secured web sites or just some of them? Please try to access
  https://www.microsoft.com.
  Does it work?
  2.      
  Does this issue exist when a user logs on to the console of the problematic server and then access a secure web site? In this way, we can isolate whether the problem is related
  to RDS.
  3.      
  You mentioned that administrator can access properly. As a test, can a problematic user be able to access the SSL site properly if you add him/her to the Administrators group
  temporarily?
  Meanwhile, Please help to make sure the “Cryptographic services” is set to Automatic Start.
  Here, There are some suggestions for
  General troubleshooting
  Suggestion #1:
  =====================================================================
  Run the Network Diagnostics tool in Internet Explorer
  To do this, follow these steps:
  1.    
  Start Internet Explorer, and then try to access the Web page that is displaying the error message.
  2.    
  On the page that displays an Internet Explorer error message, click the
  Diagnose Connection Problems link. The Network Diagnostics tool will run. When the tool has finished running, it will report one of the following results:
  o   
  It was unable to find a problem.
  o   
  It has detected a problem. Additionally, the tool will provide guidance about the next steps to take to troubleshoot the problem.
  Note
  Internet Explorer 6 users click Detect Network Settings
  3.    
  Click
  IP Address, and note the IP Address. You may need it for future troubleshooting.
  4.    
  Follow the steps in the Network Diagnostics tool to fix any connection problems.
  5.    
  Start Internet Explorer.
  If you receive the same error message, go to the next method.
  Suggestion #2:
  =====================================================================
  Use the Delete Browsing History feature
  If resetting the modem or the router did not resolve the problem, deleting your browsing history might help. Follow
  these steps to remove your temporary Internet files, history, and form data:
  Internet Explorer 8
  1.    
  Start Internet Explorer.
  2.    
  On the
  Tools menu, click Internet Options.
  3.    
  Under
  Browsing history, click Delete.
  4.    
  Select the check box next to
  Preserve Favorites website data.
  5.    
  Select the check box next to
  Temporary Internet Files.
  6.    
  Select the check box next to
  Cookies.
  7.    
  Select the check box next to
  History.
  8.    
  Select the check box next to
  Form data.
  9.    
  Select the check box next to
  InPrivate Filtering data.
  10. 
  At the bottom of window, click
  Delete.
  11. 
  Close Internet Explorer, start Internet Explorer again, and then try to access the Web page.
  Suggestion #3:
  =====================================================================
  Use the Internet Explorer (No Add-ons) mode
  To do this, click
  Start, point to All Programs, point to
  Accessories, point to System Tools, and then click
  Internet Explorer (No Add-ons).
  Note Internet Explorer (No Add-ons) mode is only available for Internet Explorer 7 and Internet Explorer 8.
  If this resolves the issue, follow these steps to isolate the browser add-on that is causing the issue:
  1.    
  Click
  Tools, and then click Internet Options.
  2.    
  Click the
  Programs tab, and then click Manage add-ons.
  3.    
  Click an add-on in the
  Name list, and then click Disable.
  4.    
  Repeat step 3 until you identify the add-on that is causing the issue.
  If this issue still persists, Pls refer to the following link for
  Advanced troubleshooting
  You receive an error message in Internet Explorer: "Internet Explorer cannot display the webpage”
  http://support.microsoft.com/kb/956196

• Acces to only SSL

  Hi
  I am using weblogic as web server.
  I have both HTTP and SSL port enabled.
  But i want to restrict some servlets and jsps only to SSL port.
  Please help me how to configure them in weblogic 7.0
  bye
  Mourougane

  I posted this on one of my latter posts but it relates here;
  You may be able to also set up restrictions in an ACL table in a database
  (or LDAP, or whatever your realm is) instead of just the web.xml.
  Not sure of how to do this...researching...
  Michael Lee
  "Michael Lee" <[email protected]> wrote in message
  news:[email protected]..
  I'm not positive on this but whenever you want to control access to anyweb
  resource one of the best places to do it is in the web.xml. I know you can
  restrict on certain jsps, dirs, get/post, etc. You set up the item(s) your
  wishing to secure and then the constraint(s) on those item(s).
  Look up web.xml ACL on sun or bea sites to see how to do this.
  Mike Lee
  "Mourougane" <[email protected]> wrote in message
  news:3d6ae71e$[email protected]..
  Hi
  I am using weblogic as web server.
  I have both HTTP and SSL port enabled.
  But i want to restrict some servlets and jsps only to SSL port.
  Please help me how to configure them in weblogic 7.0
  bye
  Mourougane

• Using SSL for Web Service Access

  Hi,
  I'm not sure if this the best forum, but this is technically a J2EE question.
  I'm using JDeveloper and OC4J. I have a java class that I'm publishing as a stateful webservice; however, the only clients will be other java routines. (I generated a WSDL file and then stubs.) This webservice has to run on a Windows 2000 box inside of OC4J. I have this done and can call it from across the network from a Linux box. This all works fine. However, I need to add security preferably by going to SSL. I can't find out how to do this. Does anyone know? Do I manually edit the generated stub files? Any chance there is some sample code somewhere?
  thanks,
  Joe Gamache

  Please look at Appendix A of the "Web Services Developer's Guide" from iAS v9.0.2 covers Oracle SOAP. The section, "Working With Oracle9 iAS SOAP
  Transport Security", covers using SSL.
  Here is a simple example with steps:
  Prerequisites
  1 . Suppose you have configured Apache to use SSL , that is
  -     Apache has a valid server certificate
  -     Apache requires the client certificate
  -     Apache has a bundle of root certificates of CA with wich it can trust client certificates
  -     Apache is in front of OC4J with mod_oc4j (9.0.2) or mod_proxy ( 1.0.2.2)
  For more information on this please refer to Oracle9i Application Server Security Guide
  2. Have a working knowledge of Oracle Wallet Manager
  Steps
  The following steps let you use an https web services client
  1.     First you need a certificate store in order to store the private key , the client X509 certificate and some trusted authorities. This store in our case is a wallet exported by Oracle Wallet Manager.
  2.     In order to generate a correct wallet you need :
  a.     Start the Oracle Wallet Manager ( OWM )
  b.     Create a new empty wallet
  c.     Generate a Certificate Signing Request (CSR )
  d.     Import the X509 certificate that the CA generated from the CSR
  e.     Import the root certificate of the CA that trusts the server certificate you would like to connect to ( that of Apache )
  f.     Export the wallet
  3.     Let's call exported_wallet the wallet that we exported from OWM , and lets put it under c:\temp . Suppose that the wallet password is camarda.
  4.     The JDK you plan to use for your client , in the extension directory ( that is $JDK_HOME/jre/lib/ext ) , must contains the following library
  a.     jcert.jar
  b.     jsse.jar
  c.     jssl-1_1.jar
  5.     Oracle SSL library use JNI in order to implement some low level encryption API , so you need a shared library usually located in $ORACLE_HOME/bin . For NT platform this library is njssl9.dll . Be sure to have this library in your path
  6.     Now given a WDSL , use the Jdeveloper wizard to generate a proxy
  7.     Modify the URL end-point from http to https
  8.     Add to the proxy the following lines of code
  System.setProperty("ssl.SocketFactory.provider","oracle.security.ssl.OracleSSLSocketFactoryImpl");
  System.setProperty("ssl.ServerSocketFactory.provider","oracle.security.ssl.OracleSSLServerSocketFactoryImpl");
  System.setProperty("java.protocol.handler.pkgs","HTTPClient");
  System.setProperty("oracle.wallet.location","C:\\temp\\exported_wallet");
  System.setProperty("oracle.wallet.password","camarda");
  Example
  In red : modified
  In blue : added
  import oracle.soap.transport.http.OracleSOAPHTTPConnection;
  import java.net.URL;
  import org.apache.soap.Constants;
  import org.apache.soap.Fault;
  import org.apache.soap.SOAPException;
  import org.apache.soap.rpc.Call;
  import org.apache.soap.rpc.Parameter;
  import org.apache.soap.rpc.Response;
  import org.w3c.dom.Element;
  import java.util.Vector;
  import java.util.Properties;
  import oracle.xml.parser.v2.*;
  * Generated by the Oracle9i JDeveloper Web Services Stub/Skeleton Generator.
  * Date Created: Mon May 20 14:24:48 CEST 2002
  * WSDL URL: http://26.2.197.119:8888/InterOp/Services.wsdl
  public class AnagInquireServicesEJBStub {
  public String endpoint = "https://26.2.197.119/InterOp/AnagInquireServices";
  private OracleSOAPHTTPConnection m_httpConnection = null;
  public AnagInquireServicesEJBStub() {
  m_httpConnection = new OracleSOAPHTTPConnection();
  public Element ricercaPF(String istat1, String istat2, String codiceFiscale) throws Exception {
  System.setProperty("ssl.SocketFactory.provider","oracle.security.ssl.OracleSSLSocketFactoryImpl");
  System.setProperty("ssl.ServerSocketFactory.provider","oracle.security.ssl.OracleSSLServerSocketFactoryImpl");
  System.setProperty("java.protocol.handler.pkgs","HTTPClient");
  System.setProperty("oracle.wallet.location","C:\\temp\\exported_wallet");
  System.setProperty("oracle.wallet.password","camarda");
  Element returnVal = null;
  URL endpointURL = new URL(endpoint);
  Call call = new Call();
  call.setSOAPTransport(m_httpConnection);
  call.setTargetObjectURI("AnagInquireServices");
  call.setMethodName("ricercaPF");
  call.setEncodingStyleURI(Constants.NS_URI_LITERAL_XML);
  Vector params = new Vector();
  params.addElement(new Parameter("istat1", String.class, istat1, Constants.NS_URI_SOAP_ENC));
  params.addElement(new Parameter("istat2", String.class, istat2, Constants.NS_URI_SOAP_ENC));
  params.addElement(new Parameter("codiceFiscale", String.class, codiceFiscale, Constants.NS_URI_SOAP_ENC));
  call.setParams(params);
  Response response = call.invoke(endpointURL, "");
  if (!response.generatedFault()) {
  Parameter result = response.getReturnValue();
  returnVal = (Element)result.getValue();
  else {
  Fault fault = response.getFault();
  throw new SOAPException(fault.getFaultCode(), fault.getFaultString());
  return returnVal;
  public void setMaintainSession(boolean maintainSession) {
  m_httpConnection.setMaintainSession(maintainSession);
  public boolean getMaintainSession() {
  return m_httpConnection.getMaintainSession();
  public void setTransportProperties(Properties props) {
  m_httpConnection.setProperties(props);
  public Properties getTransportProperties() {
  return m_httpConnection.getProperties();
  public static void main( String args[] ) {
  AnagInquireServicesEJBStub a = new AnagInquireServicesEJBStub();
  try {
  XMLElement e = (XMLElement) a.ricercaPF("102030","102030","CMRGPP69M29D761K");
  e.print(System.out);
  } catch (Exception ex) {
  ex.printStackTrace();
  } finally {

• Issue with SSL in web service.

  Hi All,
  We are having synchronous web service to proxy scenario in XI. We are trying to send a binary data using the SOAP web service to SAP via XI. Initially, we were posting large binary data using HTTP connection via XI from the SOAP client. The scenario was working without any issues.
  Since the data is sensitive changed the web service from HTTP to HTTPS.The interface works without issues when we test it using the SOAP client for testing. When the data is sent using the Dot Net application (the end application) using the same webservice, URL (HTTPS connection) the message errors out. The connection is borken and the message fails. In this scenario, XI does not even receive the message which I can make out looking into the SOAP adapter communication channel.
  The interesting fact here is the same  Dot Net application is able to connect and send smaller binary data using HTTPS connection.
  Could you please let us know if this could be the issue with HTTPS connection on XI side? I doubt it to be an issue on XI side because the adapter does not even receive any message when the scenario fails. But we used some HTTPS monitoring tools and found that the Dot Net Application receives some encrypted response from the server which the application is not able to decrypt and the handshake breaks.
  Could you please throw some inputs into this issue.
  Thanks,
  Manohar.

  Hi Manohar
  You have posted the same question with two different subject text
  anyway follow these SAP notes your problem will be short out
  Note 856597 - FAQ: XI 3.0 / PI 7.0 / PI 7.1 SOAP Adapter
  https://websmp102.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=856597&_NLANG=E
  Note 856599 - FAQ: XI 3.0 / PI 7.0 / PI 7.1 Mail Adapter
  https://websmp102.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=856599&_NLANG=E
  Note 870845 - XI 3.0 SOAP adapter SSL client certificate problem
  https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=916664&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
  https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=870845&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
  check the OSS Note 554174 & see if it helps
  Note 645357 - SAPHTTP: SSL error
  https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=645357&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
  https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1150980&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
  one alternative may be Restart ICM (Internet Communication Manager) .This will solve your HTTP issue
  Cheers!!!!
  Regards
  sandeep
  if helpful kindly reward points

• Webcal and webmail where Calendar and Mail use SSL but Web does not

  I have Lion Serer 10.7.3 up and running. I have the same SSL cert in use for calendar, address book, and email, but not for web service. Calendar is running great via iCal.app and on iOS.
  1.  Trying to access the webcal at http://myserver.com/webcal returns a page saying "Calendar service is turned off. You can turn it on by using the Server app on the server." Accessing webcal via https://myserver.com/webcal fails when it redirects for authentication - the resulting page, gives me an apache 404 error that /auth could not be found - the url it is trying to reach is: https://myserver.com/auth?redirect=https://myserver.com/webcal/
  There is a bit of a hack for this that I have discovered - I change the url to eliminate the https on the url, but leave it on the redirect:
  http://myserver.com/auth?redirect=https://myserver.com/webcal/
  I can then authenticate and get into the calendar and it works as expected from there.
  2. Trying to access webmail via https://myserver/webmail fails with a page saying "Mail is turned off..." But it all works fine using the non-ssl connection.
  If I turn off all certs, then it works fine. If I turn on all certs, it works fine. But turning on SSL for my website is not an option - it's a blog that does not need the extra overhead (and my certs are self-signed, making them look nefarious to most web browsers). 
  So, I am looking for suggestions on how to obtain access to webcal where the calendar server (and address book server) are using an ssl certificate but the web service is not.
  Does anyone have suggestions on how to make this work appropriately, where the webcal and webmail are served on SSL protected connections and the Web Service uses an unencrypted, non-SSL connection?

  bump.
  Anyone? It seems this question has been asked a couple of different times and in a couple of different ways (including here: https://discussions.apple.com/message/16100639#16100639).
  Thanks for your help!