Pesistent HTTPS/SSL connections
Dear all,
Does anybody knows how to make an HTTPS/SSL connection persistent.
We need to make multiple HTTPS requests to a server and we found that most of the time it gets new SSL session ID and makes all the crypto/certificate processing whenever it gets the enw session ID.
I have seen (with -Djavax.net.debug=ssl option) that the JSSE tries to resume, but the server sends new session id, do I need to set/force anything from my side?
Thanks in advacne for the answer!
Vijay
We have solved the problem!
For those who wish to know what happened
I have done some debugging with the JRE option -Djavax.net.debug=ssl and I could see the JSSE libraries (1.0.2, with JDK 1.3.1) trying to resume the seesion with the SSL session ID which it got from previous communication, however, the server gave a new session ID back and it had to do all the compautations for the secret exchanges from scratch.
Then we found the load balancer transfers each requests to different servers causing the creation of new session IDs. The problem is solved after making our requests "sticky" to the load balancer and the SSL accelerator.
Similar Messages
-
Persistent HTTPS/SSL connections
Dear all,
Does anybody know how to make an HTTPS/SSL connection persistent.
We need to make multiple HTTPS requests to a server and we found that most of the time it gets new SSL session ID and makes all the master-secret processing whenever it gets the enw session ID.
I have seen (with -Djavax.net.debug=ssl option) that the JSSE tries to resume, but the server sends new session id, do I need to set/force anything from my side?
Thanks in advance for the answer!
VijayWe have solved the problem!
For those who wish to know what happened
I have done some debugging with the JRE option -Djavax.net.debug=ssl and I could see the JSSE libraries (1.0.2, with JDK 1.3.1) trying to resume the seesion with the SSL session ID which it got from previous communication, however, the server gave a new session ID back and it had to do all the compautations for the secret exchanges from scratch.
Then we found the load balancer transfers each requests to different servers causing the creation of new session IDs. The problem is solved after making our requests "sticky" to the load balancer and the SSL accelerator. -
ERROR http: 5: Unable to initialize ssl connection with server, aborting co
HI EXPERTS,
one of my database give me below error when i start its dbconsole. and after failure it give me meassge
TZ set to Asia/Karachi
Oracle Enterprise Manager 10g Database Control Release 10.2.0.4.0
Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved.
https://test:5500/em/console/aboutApplication
Starting Oracle Enterprise Manager 10g Database Control ..............................................................
........ failed.
Logs are generated in directory /u01/oracle/product/10.2/cnichol_cpuplt/sysman/log
and in trace file name "emdctl.trc" below error is logged.
ERROR http: 5: Unable to initialize ssl connection with server, aborting connection attempt
ERROR ssl: nzos_Handshake failed, ret=29024
and trace file named "emagent.trc" give below error
2010-10-04 19:12:25 Thread-88238992 ERROR http: 11: Unable to initialize ssl connection with server, aborting connection attempt
2010-10-04 19:12:25 Thread-88238992 ERROR pingManager: nmepm_pingReposURL: Cannot connect to https://test:5500/em/upload/: retStatus=-1
2010-10-04 19:12:38 Thread-88238992 ERROR upload: Error in uploadXMLFiles. Trying again in 300.00 seconds.
dbconosle URL is
https://test:5500/em/console/aboutApplication
Operating system is Redhat linux AS 5.3
what is the possible cause of this failure any one can guide me.
thanx in Advance
regards,
Edited by: AMIABU on Oct 4, 2010 7:28 AMoracle@bcm-laptop:~$ emctl
Oracle Enterprise Manager 11g Database Control Release 11.2.0.1.0
Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved.
Oracle Enterprise Manager 10g Database Control commands:
emctl start | stop dbconsole
emctl status | secure | setpasswd dbconsole
emctl config dbconsole -heap_size <size_value> -max_perm_size <size_value>
emctl status agent
emctl status agent -secure [-omsurl <http://<oms-hostname>:<oms-unsecure-port>/em/*>]
emctl getversion
emctl reload | upload | clearstate | getversion agent
emctl reload agent dynamicproperties [<Target_name>:<Target_Type>]....
emctl config agent <options>
emctl config agent updateTZ
emctl config agent getTZ
emctl resetTZ agent
emctl config agent credentials [<Target_name>[:<Target_Type>]]
emctl gensudoprops
emctl clearsudoprops
Blackout Usage :
emctl start blackout <Blackoutname> [-nodeLevel] [<Target_name>[:<Target_Type>]].... [-d <Duration>]
emctl stop blackout <Blackoutname>
emctl status blackout [<Target_name>[:<Target_Type>]]....
The following are valid options for blackouts
<Target_name:Target_type> defaults to local node target if not specified.
If -nodeLevel is specified after <Blackoutname>,the blackout will be applied to all targets and any target list that follows will be ignored.
Duration is specified in [days] hh:mm
emctl getemhome
emctl ilint
Em Key Commands Usage :
emctl config emkey -emkeyfile <emkey.ora path> [-force] [-sysman_pwd <sysman password>]
emctl config emkey -emkey [-emkeyfile <emkey.ora path>] [-force] [-sysman_pwd <sysman password>]
emctl config emkey -repos [-emkeyfile <emkey.ora path>] [-force] [-sysman_pwd <sysman password>]
emctl config emkey -remove_from_repos [-sysman_pwd <sysman password>]
emctl config emkey -copy_to_repos [-sysman_pwd <sysman password>]
emctl status emkey [-sysman_pwd <sysman password>]
Secure DBConsole Usage :
emctl secure dbconsole -sysman_pwd <sysman password> [-passwd_file <abs file loc>]
[-host <slb hostname>] [-sid <service name>] [-reset] [-secure_port <secure_port>]
[-root_dc <root_dc>] [-root_country <root_country>] [-root_state <root_state>] [-root_loc <root_loc>]
[-root_org <root_org>] [-root_unit <root_unit>] [-root_email <root_email>]
[-wallet <wallet loc>] [-wallet_pwd <wallet pwd>] [-trust_certs_loc <certs loc>]
emctl secure status dbconsole
Register Targettype Usage :
emctl register oms targettype [-o <Output filename>] <XML filename> <rep user> <rep passwd> <rep host> <rep port> <rep sid> OR
emctl register oms targettype [-o <Output filename>] <XML filename> <rep user> <rep passwd> <rep connect descriptor> -
SSL Connection Configuration between Apache and Weblogic 8,1
I'm currently using Apache web server as a front end server for Weblogic server 8.1 and now i' facing some configuration problem to setting up the SSL connection between this 2 server. When i open my web application page, it shows
Failure of Server Apache bridge
No backend server available for connection: timed out after 10 seconds or idempotent set to OFF.
and my proxy.log shows:
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: SSL is configured
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: SSL configured successfully
Thu Nov 03 09:36:41 2011 <182413202842013> Using Uri /favicon.ico
Thu Nov 03 09:36:41 2011 <182413202842013> After trimming path: '/favicon.ico'
Thu Nov 03 09:36:41 2011 <182413202842013> The final request string is '/favicon.ico'
Thu Nov 03 09:36:41 2011 <182413202842013> SEARCHING id=[ebwdsk298.ebworx.com:7002] from current ID=[ebwdsk298.ebworx.com:7002]
Thu Nov 03 09:36:41 2011 <182413202842013> The two ids matched
Thu Nov 03 09:36:41 2011 <182413202842013> @@@FOUND...id=[ebwdsk298.ebworx.com:7002], server_name=[10.122.50.218], server_port=[80]
Thu Nov 03 09:36:41 2011 <182413202842013> attempt #0 out of a max of 5
Thu Nov 03 09:36:41 2011 <182413202842013> general list: trying connect to '10.122.50.48'/7002/7002 at line 2696 for '/favicon.ico'
Thu Nov 03 09:36:41 2011 <182413202842013> New SSL URL: match = 0 oid = 22
Thu Nov 03 09:36:41 2011 <182413202842013> Connect returns -1, and error no set to 10035, msg 'Unknown error'
Thu Nov 03 09:36:41 2011 <182413202842013> EINPROGRESS in connect() - selecting
Thu Nov 03 09:36:41 2011 <182413202842013> Setting peerID for new SSL connection
Thu Nov 03 09:36:41 2011 <182413202842013> 0a7a 3230 5a1b 0000 .z20Z...
Thu Nov 03 09:36:41 2011 <182413202842013> Local Port of the socket is 2121
Thu Nov 03 09:36:41 2011 <182413202842013> Remote Host 10.122.50.48 Remote Port 7002
Thu Nov 03 09:36:41 2011 <182413202842013> general list: created a new connection to '10.122.50.48'/7002 for '/favicon.ico', Local port:2121
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Host]=[10.122.50.218]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Connection]=[keep-alive]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept]=[*/*]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[User-Agent]=[Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Encoding]=[gzip,deflate,sdch]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Language]=[en-US,en;q=0.8]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Charset]=[ISO-8859-1,utf-8;q=0.7,*;q=0.3]
Thu Nov 03 09:36:41 2011 <182413202842013> URL::sendHeaders(): meth='GET' file='/favicon.ico' protocol='HTTP/1.1'
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Host]=[10.122.50.218]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept]=[*/*]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[User-Agent]=[Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Encoding]=[gzip,deflate,sdch]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Language]=[en-US,en;q=0.8]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Charset]=[ISO-8859-1,utf-8;q=0.7,*;q=0.3]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Connection]=[Keep-Alive]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[WL-Proxy-Client-IP]=[10.122.50.48]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Proxy-Client-IP]=[10.122.50.48]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[X-Forwarded-For]=[10.122.50.48]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[X-WebLogic-Force-JVMID]=[unset]
Thu Nov 03 09:36:41 2011 <182413202841921> INFO: No session match found
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: No CA was trusted, validation failed
Thu Nov 03 09:36:41 2011 <182413202841921> INFO: DeleteSessionCallback
Thu Nov 03 09:36:41 2011 <182413202842013> ERROR: SSLWrite failed
Thu Nov 03 09:36:41 2011 <182413202842013> SEND failed (ret=-1) at 789 of file ../nsapi/URL.cpp
Thu Nov 03 09:36:41 2011 <182413202842013> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 790 of ../nsapi/URL.cpp
Thu Nov 03 09:36:41 2011 <182413202842013> Marking 10.122.50.48:7002 as bad
Thu Nov 03 09:36:41 2011 <182413202842013> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0, line 790 of ../nsapi/URL.cpp]: at line 3078
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: Closing SSL context
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: Error after SSLClose, socket may already have been closed by peer
Thu Nov 03 09:36:41 2011 <182413202842013> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
Can anyone tell me what should i do in order to correct this error? Your help is kindly appreciate!!! Please~1) Is the managed server up?
2) from apache server are you able to bind the managed server port?
3) can you pls send the weblogic ssl configuration? -
How to use a key file in the FTP Task using and SSL connection
In the past I have used this code to set the FTP pass word in an FTP component task in SSIS.
Does anyone know how to use a Key file in an SSL connection to download a file from an FTP site? If not can you tell me where I can get the C# code examples to learn how to create a script task or if there is another way in SSIS to download large files
from an SSL FTP site? Thank you for any help offered.
public void Main()
ConnectionManager FTPConn;
FTPConn = Dts.Connections["FTPServer"];
FTPConn.Properties["ServerPassword"].SetValue(FTPConn, Dts.Variables["FTPPassword"].Value);
Dts.TaskResult = (int)ScriptResults.Success;
AntonioYou can use SFTP for this.
This is a way of implementing SFTP in SSIS using standard tasks
http://visakhm.blogspot.in/2012/12/implementing-dynamic-secure-ftp-process.html
also see
http://blog.goanywheremft.com/2011/10/20/sftp-ftps-secure-ftp-transfers/
Please Mark This As Answer if it helps to solve the issue Visakh ---------------------------- http://visakhm.blogspot.com/ https://www.facebook.com/VmBlogs -
Hi,
I am trying to fetch report using bing API and making a SOAP call for fetching the data. I get the following error:
[Warning] fopen(): SSL: Connection reset by peer [file] /var/www/sites/psmedia/perfectstormmedia/tools/class/msn_api.class.php [line] 780
02-04-2015 10:17:41 (BST) : [Warning] fopen(): Failed to enable crypto [file] /var/www/sites/psmedia/perfectstormmedia/tools/class/msn_api.class.php [line] 780
02-04-2015 10:17:41 (BST) : [Warning] fopen(https://download.api.bingads.microsoft.com/ReportDownload/Download.aspx?q=rzr63XFt5qJduddohoIRyOYAP%2f1%2ftsnhk8L%2bzBmUpdU2CQlcUB98RpY%2bbOaLFFGMqAC4IUUadC%2fNdNnJqeVCY%2f%2bpy6noVsVA%2fMJp47a3Xb1VjABfKhcdKy6vqpgEdcQg%2fQZ7QcEpZ3bEloJjUtGpDquFk53BnkeHEPVWZkDYcsQegRz%2fpG4t4w6gKCCRmhArd6osr6ZU9CMJ3lbxtGXjcQEMPvP2apNyr9P%2fc8niyfWA2aBcm1aEmOLX2KL3aRJ4rz9N7gG7uBslVZH%2b4rUjHdB7CMkbb%2fHyHwvPTqGPbPCHnicefr%2b%2fDP70hlkBEGfyOOswK67%2bl1zh7CyIv%2bcMlaDsuDX1HeFf4uORfD41H1z7):
failed to open stream: operation failed [file] /var/www/sites/psmedia/perfectstormmedia/tools/class/msn_api.class.php [line] 780
Whenever I execute my script. Can you please let me know what we can do to solve this issue. The version of PHP we are using is 5.3.3 with open ssl.Hi Shobha,
I can't confirm what version of PHP you are using, but to err on the side of caution please use the version specified in the sample/SDK:
PHP 5.4.14 has been installed from PHP.
Here is our code examples:
https://msdn.microsoft.com/en-US/library/bing-ads-overview-getting-started-php-with-web-services.aspx
Thanks,
Itai -
FTP/SSL Connection Problem for FTP Receiver Adapter
Hello All,
We are trying to establish an FTPS/SSL connection with one of our customers from our XI(Unix) system, and are receive following error:
<b>iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier</b>
Communication Channel Parameters:
Connection Security: FTP (FTP Using SSL/TLS) for Control Connection or FTP (FTP Using SSL/TLS) for Control Connection and Data Connection
Command Order: AUTH TLS, USER, PASS, PBSZ, PROT
Checkbox - Use X.509 Certificate.... checked (Certificate was provided by third party (customer issued) and uploaded to service_ssl certificate store on J2EE server)
Data Connection: Passive
Port: 10021
Keystore: service_ssl
X.509 Certificate & Private Key: ssl-credentials
Note: Initial handshaking occurs but connection is being dropped by the third party FTP Server when SSL certificate credentials are being validated. We also tried connecting to the third party FTPS server using standard FTPS client(FileZilla software), this connection gets established successfully with no certificate issues which means certificate and third party FTP Server is functioning correctly.
We therefore are thinking that the problem lies with our XI system being unable to load the certificate information correctly at the point when FTPS session is being established.
Your help and suggestions will be greatly appreciated.
Thanks and Best Regards
Prashant RajaniHello All,
Further in order to test connection set up and communication channel configuration we tried simulating the FTP connection locally by configuring FTP Server using FileZilla at a local machine and accessed it from Client's XI Server.
This set up simulates the problem we encounter with our customer's FTP Server.
If connection security parameter in communication channel for Sender FTP Adapter is set to <b>"FTPs( FTP Using SSL/TLS) with Control Connection" only</b>, file gets successfully created with data at the FTP server but as soon as we switch the connection security parameter to <b>"FTPs( FTP Using SSL/TLS) with Control and Data Connection"</b>, we receive error "Certificate rejected by Chain Verifier". The initial handshaking happens successfully and file gets created at the FTP Server but its empty, connection fails when attempt is made to write data into file and we end up with said error thereby closing the connection.
This is what the FTP (FileZilla) sees when the XI system attempts to set-up a fully encrypted data (FTPS) connection i.e., connection security parameter value as<b>"FTPs( FTP Using SSL/TLS) with Control and Data Connection"</b> :-
- (not logged in) (10.18.106.34)> Connected, sending welcome message...
- (not logged in) (10.18.106.34)> 220-FileZilla Server version 0.9.18 beta
- (not logged in) (10.18.106.34)> 220-written by Tim Kosse ([email protected])
- (not logged in) (10.18.106.34)> 220 Please visit http://sourceforge.net/projects/filezilla/
- (not logged in) (10.18.106.34)> AUTH TLS
- (not logged in) (10.18.106.34)> 234 Using authentication type TLS
- (not logged in) (10.18.106.34)> SSL connection established
- (not logged in) (10.18.106.34)> USER test
- (not logged in) (10.18.106.34)> 331 Password required for test
- (not logged in) (10.18.106.34)> PASS ***********
- test (10.18.106.34)> 230 Logged on
- test (10.18.106.34)> PBSZ 0
- test (10.18.106.34)> 200 PBSZ=0
- test (10.18.106.34)> PROT P
- test (10.18.106.34)> 200 Protection level set to P
- test (10.18.106.34)> SYST
- test (10.18.106.34)> 215 UNIX emulated by FileZilla
- test (10.18.106.34)> PWD
- test (10.18.106.34)> 257 "/" is current directory.
- test (10.18.106.34)> CWD /payment/
- test (10.18.106.34)> <b>250 CWD successful. "/payment" is current directory.</b>- test (10.18.106.34)> TYPE I
- test (10.18.106.34)> 200 Type set to I
- test (10.18.106.34)> PASV
- test (10.18.106.34)> <b>227 Entering Passive Mode (10,27,7,103,15,63)</b>- test (10.18.106.34)> STOR BHPDSB20060911-153840-834.txt
- test (10.18.106.34)> <b>150 Connection accepted</b>
- test (10.18.106.34)> <b>Data connection SSL warning: SSL3 alert read: fatal: bad certificate</b>
- test (10.18.106.34)> <b>Data connection SSL warning: SSL_accept: failed in SSLv3 read client certificate A</b>- test (10.18.106.34)> <b>Data connection SSL warning: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate</b>- test (10.18.106.34)> <b>Data connection SSL warning: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure</b>- test (10.18.106.34)> <b>426 Connection closed; transfer aborted.</b>- test (10.18.106.34)> QUIT
- test (10.18.106.34)> 221 Goodbye
- test (10.18.106.34)> SSL connection established
Please suggest your valuable inputs if we are missing out something. Any helpful inputs in this regard is highly appreciated.
Thanks and Best Regards
Prashant -
Testing SSL Connections, differences between ABAP and JAVA stacks
Hello,
I am trying to test an outbound SSL connection to a partner. I already have multiple outbound connections to many partners, but this new one is causing an issue. Our firewalls between the two sites are opened as required, I verified that I can telnet to the 443 port of their sever. I then attempted to connect to their URL, via a Java SOAP message, and it is rejected. Some kind of error regarding our handshake.
In an attempt to troubleshoot the issue I entered their URL in SM59 as a HTTPS connection, tested it, it worked fine. Which indicates to me that the ABAP side works fine.
I do the same on the Java stack, via the SOA Manager: Destinations, and it fails.
"Error during ping operation: Error while silently connecting org.w3c.www.protocol.http.Http.Eception: Peer sent alert: Alert Fatal: unexpected message"
I was thinking that maybe the remote partner only allows specific types of SSL version connection, and the Java side is too low. i.e. the partner only allows TLS v1, and we are attempting to use SSL v2. Is there a place to set this on the Java side? I know I can set inbound parameters on ICM via SMICM.
Any help or assistance would be most appreciated.
Thanks,
Michael MontoneHi,
I suggest that you verify if you use the same release of the SAP Cryptolib for the ABAP and the Java stack.
This could explain a difference of support for SSL or TLS.
Regards,
Olivier -
Got problem when using SSL connection when using my own web server
hi all,
I need to create a SSL connection to a website, i'm using Java 5 so i just append use the following code,
System.setProperty("https.proxyHost","90.0.0.122");
System.setProperty("https.proxyPort","3128");
URL verisign = new URL("https://www.verisign.com");
//URL verisign = new URL("https://localhost");
//URL verisign = new URL("https://90.0.0.30");
BufferedReader in = new BufferedReader(
new InputStreamReader(
verisign.openStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
}Here when i run the program with arg https://www.verisign.com it works fine, when i replace it with https://locahost it shows the follwing error
Exception in thread "main" java.io.IOException: HTTPS hostname wrong: should be <localhost>
at sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java:493)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:418)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:913)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at java.net.URL.openStream(URL.java:1007)
at URLReader.main(URLReader.java:93)i dono why this happening any can pls help me out to solve the problemHI all ,
I find a solution from the post
http://forum.java.sun.com/thread.jspa?threadID=521779&start=0
Thanks -
Receiver HTTP(S) connection
Scenario: IDOC-XI-HTTP(S)
Can I do a HTTP(S) connection with Receiver comm channel ? I wan to do a secured HTTP post to the 3rd party.But When I try to create a 'Receiver' Comm channel, I only see Transport protocol of HTTP 1.0 and there is no option for selecting HTTP(S)..
But will it be a secured connection If:
1> If I specify https://ww/test.com/testpath or
2> Create a RFC destination to above URL of type 'G'(HTTP to external server) and specify HTTPS option in 'Special tab' and choose SSL option. Then Specify this destination in the comm channel.
Will any of the above options work?
OR Simple HTTPS is NOT supported for making a post to external sever from XI ?
-Thanks
BhavenHi,
This might help you
HTTP adapter
HTTP Adapter
/people/kausik.medavarapu/blog/2005/12/29/csv-file-lookup-with-http-request-and-response-in-xi
/people/siva.maranani/blog/2005/09/15/push-data-to-mvc-architectured-application-using-xi
http://help.sap.com/saphelp_nw2004s/helpdata/en/43/64dbb0af9f30b4e10000000a11466f/frameset.htm
Regards
Agasthuri Doss -
SSL connection, KeyManager and TrustManager
Hello everyone,
I am trying to established an SSL connection to a OC4J Server. The server is correctly configured, as the communications using Internet Explorer goes well.
I am using JDK 1.3.1_06 with JSSE 1.0.3 and OC4J 9.0.3.
But now I have a stand-alone java program that sends SOAP messages to the ssl port in the server using JAXM. When I send the message, I received the following exception:
javax.net.ssl.SSLException: untrusted server cert chain
The following I tried was to connect using a socket to test the handshacking. I received the same exception.
I am using a KeyStore dinamically generated with the PKCS12 certificate of the cliente that is requesting the service, and a TrustStore dinamically generated with the CA certificate for both the client and the server. I am also tries to use the default cacerts file with this certificate imported in.
The KeyManager is initialized in this way:
----- KeyManager start -----
java.security.KeyStore ks = java.security.KeyStore.getInstance
("pkcs12", "SunJSSE");
ks.load(new FileInputStream(file),pass.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance ("SunX509", "SunJSSE");
kmf.init(ks, pass.toCharArray());
KeyManager[] km = (KeyManager[])kmf.getKeyManagers();
----- KeyManager end -----
The TrustManager is initialized in this way:
----- TrustManager start -----
FileInputStream fis = new FileInputStream(file);
java.io.DataInputStream dis = new java.io.DataInputStream(fis);
byte[] bytes = new byte[dis.available()];
dis.readFully(bytes);
java.io.ByteArrayInputStream bais =
new java.io.ByteArrayInputStream(bytes);
java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509");
java.security.cert.X509Certificate caCert =
(java.security.cert.X509Certificate)
cf.generateCertificate(bais);
java.security.KeyStore ksCA =
java.security.KeyStore.getInstance("pkcs12", "SunJSSE");
ksCA.load(null, null);
ksCA.setCertificateEntry("trustedCA", caCert);
TrustManagerFactory tmf =
TrustManagerFactory.getInstance("SunX509", "SunJSSE");
tmf.init(ksCA);
TrustManager[] tm = (TrustManager[])tmf.getTrustManagers();
----- TrustManager end -----
And finally, this is the way I create the ssl connection:
----- main start -----
// loads the jsse provider
System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
java.security.Security.addProvider(
new com.sun.net.ssl.internal.ssl.Provider());
// keymanager
com.sun.net.ssl.KeyManager[] km = getKeyManager(args[0], args[1]);
// trustmanager
com.sun.net.ssl.TrustManager[] tm = getTrustManager(args[2]);
// ssl context configuration
com.sun.net.ssl.SSLContext ctx =
com.sun.net.ssl.SSLContext.getInstance("SSL");
ctx.init(km, tm, null);
com.sun.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(
ctx.getSocketFactory());
// url
URL url = new URL(
"https", my_ip
my_port, a_page,
new com.sun.net.ssl.internal.www.protocol.https.Handler());
// connection
com.sun.net.ssl.HttpsURLConnection conn =
(com.sun.net.ssl.HttpsURLConnection)url.openConnection();
conn.connect();
----- main end -----
This is the full exception trace:
javax.net.ssl.SSLException: untrusted server cert chain
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA6275)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.OutputStream.write(OutputStream.java:56)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect(DashoA6275)
at com.sun.net.ssl.internal.www.protocol.https.NetworkClient.openServer(DashoA6275)
at com.sun.net.ssl.internal.www.protocol.https.HttpClient.l(DashoA6275)
at com.sun.net.ssl.internal.www.protocol.https.HttpClient.<init>(DashoA6275)
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.<init>(DashoA6275)
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a(DashoA6275)
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a(DashoA6275)
at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect(DashoA6275)
at pruebas.SSLClient.main(SSLClient.java)
Has anyone some idea of what is happening. Thanks in advance,
Jorge Hidalgohi
how your client i.e stanadlone application (SOAP client) is getting the server certificates if client doesn't get the server certificate and vice versa then u will get this exception.
check on both side.
pras -
Dual Monitors functionality with SSL connections?
Hi, I'm configuring a new ASA5510 w/ SSL licensing and a coworker asked me some questions on functionality of remote access. I'm new to the ASA device and have never configured one before.
Both of these questions are assuming the user is at home and using their personal computer (not a laptop or work computer). If a user successfully creates a SSL connection, I understand it's basically like a remote desktop session to that particular user's desktop.
Q1: If the work computer is running dual LCD screens, are there any remote desktop options that will allow the home user to do the same or even to switch? Can those settings be saved as if it was a profile?
Q2: Same situation only the home user would like to print to his personal printer at home.
ThanksThanks for the responses Farrukh. I'm reading the config example now.
I'm trying to visualize the step by step process the end user would go through in order to remotely connect.
With my previous employer, I've used and I'm most familiar with using the ipsec VPN Client. Now, with my new employer I'm tasked with setting up a remote access solution using SSL.
The new company uses a Sonicwall solution that works like this:
1. https://vpngateway
2. user authentication with AD login
3. CompanyName Virtual Office
4. there is a pre-configured bookmark (remote access) for only that particular end user's desktop (forces static ip address)
5. WinXP login prompt
6. connection completed to end user's desktop with the normal group policies applied
I've never seen/used a remote access solution like this and was wondering if Cisco's clientless SSL works the same. -
Create outgoing SSL connections in WebLogic 4.5.1 using JSSE
Hi,
Does anyone know how to create outgoing SSL connections from a WLS 4.5.1 using
JSSE.
I've implemented an application using JSSE for POSTing data to an HTTPS server
that requires client authentication and it worked fine. But when used inside the
WebLogic server it doesn't work, because the WLS SSL classes are used instead
of the JSSE ones. It returns a "java.io.IOException: Alert: fatal handshake_failure".
If the ssl.enable property is set to false probably it will work, but I need it
set to true. Does anyone a way to solve this problem?
Thanks in advance.Hi,
I also need to do the same in weblogic 5.1 (sp8). I know
it is not possible with JSSE, but how do I achieve with
weblogic implementation of Https? I am getting "Non
supported cipher requested" error. How do I remove this message. It will be
of great help if someone can list
down the configuration step in weblogic. I am trying
to find it in weblogic documentation but no success so far.
Thanks in advance for your help!
- Rishi
"Jerry" <[email protected]> wrote in message
news:[email protected]..
Hi Nuno,
I don't think that you can use JSSE to make outgoing SSL connections inWLS 4.5.1 because
of the many conflicts between JSSE and the WLS SSL classes
In versions of 5.1 (such as sp9 and up), and also 6.0 and 6.1, BEA gotrid of these
conflicts to make the use of JSSE possible with WebLogic to do outgoingSSL.
In 4.5.1, I believe you are out of luck.
Joe Jerry
Nuno Carvalho wrote:
Hi,
Does anyone know how to create outgoing SSL connections from a WLS 4.5.1
using
JSSE.
I've implemented an application using JSSE for POSTing data to an HTTPSserver
that requires client authentication and it worked fine. But when usedinside the
WebLogic server it doesn't work, because the WLS SSL classes are usedinstead
of the JSSE ones. It returns a "java.io.IOException: Alert: fatalhandshake_failure".
If the ssl.enable property is set to false probably it will work, but Ineed it
set to true. Does anyone a way to solve this problem?
Thanks in advance. -
Could not initiate SSL connection when DS is launched from Eclipse
Hello,
I am wondering whether anyone has faced this issue connecting to the BIP with https when Design Studio is launched from the Eclipse IDE.
The URL is something like : https://myservername.domain.net/dswsbobje/services/Session
We get the following error message when entering the URL : "Could not initiate SSL connection. Check the Web Service Url"
However, when Design Studio is launched directly, the same URL works fine and we can connect to the BIP normally.
I would imagine something is missing in the Eclipse configuration or there is an issue elsewhere. I did not find anything relevant in the SDK guide.
We checked the following SAP notes :
1807142 - How to enable HTTPS/SSL Designer against BIP
-> Web service configured properly, the URL works fine and it works when Design Studio is started without Eclipse
1975475 - Unable to select authentication method in BIP logon dialog of SAP Design Studio
Tried the solution : set to Direct. Tried to remove proxy entries in IE. No improvement. Also, I tried to set the connectivity to Direct in the Eclipse. But, no luck.
Software :
Design Studio 1.2 SP01 + SDK 1.2 SP01
BI 4.0 SP06
Java EE IDE (Kepler) Version: 2.0.1.20130919-0803
Java JRE 1.6.0.35. It's old, I know...
Thanks in advance.
JoelHi Joel,
any progress?
do you use a self signed certficate?
Kind regards
Frank -
Windows Server 2003 and problem with SSL connection (TLS)
Hi,
We are forcing a problem with SLL/TLS connection on a machine Windows Server 2003 SP2.
We spent hours trying to solve it without any result.
SYMPTOMS
No SSL connection can be established in any application since last year, e.g.:
we cannot do any windows update, because there is a time verification over SSL on the windows update website (there is an error that the time is incorrect while it is up-to-date)
we cannot open any website in Internet Explorer over https
when we try to connect to the SQL Server (database SQL 2008 hosted on the same server) with Management Studio it fails with an error: "A connection
was successfully established with the server, but then an error occurred during the pre-login handshake.(provider: SSL Provider, error: 0 - Could not
contact LSA)(Microsoft SQL Server)"
in a custom applications which sends requests over https we receive an error: "Could not establish trust relationship for SSL/TLS secure channel"
Everything seems to point at some SSL problem somewhere deep inside Windows.
We installed several patches, but without any result.
Can anybody help?
Regards,
DawidHi, thanks for answers,
- In IE both SSL2.0 and TLS1.0 are checked. We tried to disable TLS1.0 - with no results.
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel both SSL2.0
and TLS1.0 are enabled. We also tried to dislable TLS1.0 on the Client side - with no resuts.
- In
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL EventLogging is set to 3, so it should log warnings
and errors. But we cannot find any related logs in EventLog
Unfortunately we are still in the same place.
Maybe you are looking for
-
Computer keeps crashing. Took it back to authorized seller and they changed the ram, but continues to crash. Will be in the middle of any program and screen will black out,go back to restart. Very confusing as it's top of the line iMac. This all star
-
How to find out all the material numbers which ends with VEND 000002323233VEND 232233222VEND AAAAAAAAAAVEND How to list all the materials which ends with VEND Thanks in advance
-
HTTP_POST - Error when opening an RFC connection
Performing POST-query. Works well in simple program, and in WebDynpro application: <i>Error when opening an RFC connection</i> l_dest = 'SAPHTTP'. CALL FUNCTION 'HTTP_POST' EXPORTING absolute_uri = l_uri
-
Portal Page parameter to a WSRP - JSR168 portlet
hi all, IHow is possible to pass a Portal (10.1.10.4 ) Page parameter to a WSRP - JSR168 portlet? I have a url parameter like http://myserver/portal/page/portal/ABCD/page1?ID_C=123456789 ad I want to use it in a JSR168 portlet. Thanks, castellim
-
Facebook export settings?
I have some great pictures, but after uploading to facebook their quality gets much worse and muddy. I was wondering what's the best export setting for upload onto facebook?