POP over SSL in Messaging 5.2

I'm running Messaging 5.2, build 2002.51.1611 (iPlanet Messaging Server 5.2 HotFix 2.08 (built Sep 22 2005)) and would like to see if I can enable POP over SSL on that host.
According to BugID, 4712887 pop over SSL works. When I follow the instructions in that document, I get the following errors:
./configutil -o service.pop.enablesslport -v 1
General Error: func=configmsg_setkeys; func=psetSetAttrList; error=Attribute does not exist
NO Unable to set option(service.pop.enablesslport)
./configutil -o service.pop.sslport -v 995
[18/Nov/2005:18:34:45 +0000] mocbox5 [16332]: General Error: func=configmsg_setkeys; func=psetSetAttrList; error=Attribute does not exist
NO Unable to set option(service.pop.sslport)
service.pop.sslusessl is set to "yes"
Is this wrong? Does POPS only run on Sun Java Enterprise Messaging (6.x)?
Thanks,
Don Holtzer

try using the -l with your configutil setting
configutil -o -l service.pop.enablesslport -v yes
etc.

Similar Messages

Configuring IMAP - POP - SMTP over SSL

Hi,
I have configured SSL for webserver. I have copied same cert database (cert8.db and key3.db) in the config directory of messaging server. Changed the ownership of database to messaging server user. Password file is updated. I am able to see the certficate (./msgcert list-certs and ./msgcert show-cert cert1).
SSL is enabled for IMAP and POP.
# ./getconf | grep ssl
service.imap.enablesslport = 1
service.imap.sslcachesize = 0
service.imap.sslport = 993
service.imap.sslusessl = yes
service.pop.enablesslport = 1
service.pop.sslcachesize = 0
service.pop.sslport = 995
service.pop.sslusessl = yes
I am not able to connect to 993 and 995 port.
bash-3.00# telnet mail1 995
Trying 10.77.33.135...
telnet: Unable to connect to remote host: Connection refused
bash-3.00# telnet mail1 993
Trying 10.77.33.135...
telnet: Unable to connect to remote host: Connection refused
Am I missing any step? How do I use IMAP / POP over ssl?
Thanks and Regards,
Shashank

for a simple ssl client, use openssl:
openssl s_client -connect imap.gmail.com:993provides the following output:
CONNECTED(00000003)
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
verify error:num=21:unable to verify the first certificate
verify return:1
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
   i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/[email protected]
Server certificate
-----BEGIN CERTIFICATE-----
MIIDYzCCAsygAwIBAgIQCtN0WxFVbbMJoG3rDFxPezANBgkqhkiG9w0BAQUFADCB
zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ
Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE
CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh
d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl
cnZlckB0aGF3dGUuY29tMB4XDTA4MDQyOTAwMTEwOVoXDTA5MDQyOTAwMTEwOVow
aDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1v
dW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxFzAVBgNVBAMTDmltYXAu
Z21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFMvRc3adE9FQT
U957F6ogQjmQRg6PGKSg79ECfMsDu/Rjrx2mFDmdScPLdHJxMgwfSrKGC/+R0OEf
FLDCXsNng6lwrCGL1xQXwNF1mfbzQZTa01HkiGQKcv6e93jZ1FTLHTak1eja6SA+
62IW+CSxyUGyue56quHza6zec2bhZQIDAQABo4GmMIGjMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLnRo
YXd0ZS5jb20vVGhhd3RlUHJlbWl1bVNlcnZlckNBLmNybDAyBggrBgEFBQcBAQQm
MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnRoYXd0ZS5jb20wDAYDVR0TAQH/
BAIwADANBgkqhkiG9w0BAQUFAAOBgQBycxu3lqcaaIly9avL8Xw80+SFeWVJCUdO
A2n2Y12OcKYeYCXuMJiHREpg+u8rjnUoDccdt7bhYq3sdhYARxtD47VjsqdpxnN0
9ERig/Dc0vRHGdBaxJX9OfDzpJjXdcTmMfN4xfbshJr6hlsfnQ5fzw1Fk7ya4PzD
PaGdeSi00w==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
issuer=/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/[email protected]
No client certificate CA names sent
SSL handshake has read 1017 bytes and written 324 bytes
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol : TLSv1
    Cipher    : RC4-MD5
    Session-ID: 86F8C5265F6EE4524797F2139851376D20D702BB9EFFB78C5CD35999DE3B4C7A
    Session-ID-ctx:
    Master-Key: EA5857BBF58622793961B6CFEE448D079E249AF36171532F40C46C2E3887E08ACFBAC823D2186231D228ECB726140718
    Key-Arg   : None
    Start Time: 1213099885
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---It helps you figure out if you configured your servers correctly. It shows the cert chain sent by server, negotiated cipher suite, and whether any client-auth DNs were sent.

Messages in Pop-over Message Area

Hi,
I have a Pop-over where I have defined a Message Area.
But whenever I try to show a message in the Pop-over's Message Area, the message gets displayed in the Message Area of the View from where this pop-over is invoked.
Please let me know how to fix this.
Regards,
Sherfu

Hi,
Try this threads,
WDA MessageArea
MessageArea
MessageArea in popup
Regards,
Saravanan K

Connecting to a remote OpenLDAP server over SSL.

I've been trying for several weeks now to get a remote OpenLDAP server up and running; configured in such a way that it only allows SSL and requires certificate validation.
I've created a CA with a self-signed certificate.
I used that CA to create a server and client certificate.
The server certificate is in /etc/ssl/certs, has a link by the name of its hash.0 pointing to it; permissions are all correct and /etc/ssl/slapd.conf point to it and the CA certificate.
The client certificate is on my MacBook Pro in /etc/ssl/certs along with the CA certificate; each of which also has its hash linked to it. /etc/ssl/ldap.conf is set up properly, the permissions are correct, and the following test command ran as my user produces a successful result:
ldapsearch -v -x -H ldaps://ldap.foo.org -b "dc=foo,dc=org" -d -1
Now the problem part. I open Directory Utility; go to Services with Advanced Settings enabled. After unlocking it, I click the LDAPv3 and the pencil icon.
I hit New... in the window that pops up and use ldap.foo.org as servername, SSL box ticked. I hit Continue, and behold; nothing happens.
It is to say; Directory Utility hangs for a while; after which it goes back to the box I clicked Continue in without any error or warning popping up; but obviously hasn't advanced.
The server logs indicate my Mac had actually connected; received the server certificate; but didn't send a client certificate at which point the TLS connection got aborted for some reason and the session ended.
My Mac Console shows something even more bizare, though:
11/09/08 23:09:22 com.apple.DirectoryServices[97123] Assertion failed: (ld != NULL), function ldapsearchext, file search.c, line 76.
My suspicion is that Directory Utility can't verify the server certificate and aborts the TLS connection. I expect it also uses /etc/openldap/ldap.conf? How can I diagnose the root of this problem?
Thanks a lot for your assistance; I just can't figure this out and any hint or pointer would be greatly appreciated. It now just looks like OSX does not support a secure LDAP over SSL configuration.
Though it currently isn't set up to be that way, I'd like to have my client also provide a certificate (CN=lhunath.foo.org) and have the server validate that. For now I've got the server set to:
TLSVerifyClient never
(And of course, the client:)
TLS_REQCERT demand
Message was edited by: lhunath

By the way; about the assertion error I get in Console; here's the relevant source of ldap.c. Looks like ld is not set; probably something going wrong before that with setting up the TLS connection, perhaps? Or not?
* ldapsearchext - initiate an ldap search operation.
* Parameters:
* ld LDAP descriptor
int
ldapsearchext(
LDAP *ld,
assert( ld != NULL );

How to set up iPhone 5 iOS 6 email with IMAP over SSL on a custom port?

Basically I have the same problem as this guy 5 years ago but the thread contained no useful answer. Maybe there are people out there who became smarter in the meantime? Please help me out how to get my iPhone read emails via IMAP over SSL on a custom port to the corporate server. The issue is that the iPhone only seems to work if you use the standard 993 port for IMAPS, not with a custom port as we have. I've installed the corporate root certificate in a profile, and it shows up as trusted and verified in the phone, so that should not be the issue. The mail app in the iPhone tries to connect, I can verify that from the server, but then does nothing, doesn't try to authenticate, doesn't log out, nothing is going on, and then drops the connection after 60 seconds. Repeats this every 5 minutes (as set to fetch e-mail every 5 minutes.)
Original thread 5 years ago: https://discussions.apple.com/message/8104869#8104869

Solved it by some (a lot) of fiddling.
Turns out it's not a bug in the iPhone, it's a feature.
Here's how to make it work.
DOVECOT
If the IMAPS port is anything other than 933 (the traditional IMAPS port) the iPhone's Mail App takes the "Use SSL" setting on the IMAP server as 'TLS', meaning it starts the communication in plain text and then issues (tries to issue) the STARTTLS command to switch the connection to encrypted. If, however, Dovecot is set up to start right away in encrypted mode, the two cannot talk to each other. For whatever reason neither the server nor the client realizes the connection is broken and only a timeout ends their misery.
More explanation about SSL/TLS in the Dovecot wiki: http://wiki2.dovecot.org/SSL
So to make this work, you have to set Dovecot the following way. (Fyi, I run Dovecot 2.0.19, versions 1.* have a somewhat different config parameters list.)
1. In the /etc/dovecot/conf.d/10-master.conf file make sure you specify the inet_listener imap and disable (set its port to 0) for imaps like this:
service imap-login {
inet_listener imap {
    port = --your port # here--
inet_listener imaps {
    port = 0
    ssl = yes
This of course enables unencrypted imap for all hackers of the universe so you quickly need to also do the things below.
2. In the /etc/dovecot/conf.d/10-ssl.conf file, make sure you set (uncomment) the following:
ssl = required
This sets Dovecot to only serve content to the client after a STARTTLS command was issued and the connection is already encrypted.
3. In /etc/dovecot/conf.d/10-auth.conf set
disable_plaintext_auth = yes
This prevents plain text password authentication before encryption (TLS) is turned on. If you have also set ssl=required as per step 2, that will prevent all other kinds of authentications too on an unencrypted connection.
When debugging this, please note that if you connect from localhost (the same machine the server runs on) disable_plaintext_auth=yes has no effect, as localhost is considered secure. You have to connect from a remote machine to make sure plain text authentication is disabled.
Don't forget service dovecot restart.
To test if your setup works as it's supposed to, issue the following (green) from a remote machine (not localhost) (I'm using Ubuntu, but telnet and openssl is available for almost all platforms) and make sure Dovecot responds with something like below (purple):
telnet your.host.name.here yourimapsportnumber
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED] Dovecot ready.
Most importantly, make sure you see 'STARTTLS' and 'LOGINDISABLED'. Then issue STARTTLS and hopefully you see something like this:
a STARTTLS
a OK Begin TLS negotiation now.
(The 'a' in front of STARTTLS is not a typo, a prefix is required by the IMAP server in front of all commands.)
Close the telnet (with 'a logout' or Ctrl+C) and you can use openssl to further investigate as you would otherwise; at the end of a lot of output including the certificate chain you should see a line similar to the one below:
openssl s_client -starttls imap -connect your.domain.name.here:yourimapsportnumber
. OK Pre-login capabilities listed, post-login capabilities have more.
You can then use the capability command to look for what authentication methods are available, if you see AUTH=PLAIN, you can then issue a login command (it's already under an encrypted connection), and if it's successful ("a OK Logged in"), then most likely your iPhone will be able to connect to Dovecot as well.
a capability
* CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN
a login username password
* CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS
a OK Logged in
POSTFIX
Likewise, you have to set Postfix to wait for STARTTLS before encrypting the communication.
1. You have to delete the setting smtpd_tls_wrappermode=yes from /etc/postfix/master.cf and/or /etc/postfix/main.cf, if it was enabled. This will mean Outlook won't be able to connect any more because it requires a TSL connection without issuing STARTTLS as per Postfix documentation (haven't tested.) In my case we don't use Outlook so I didn't care. Outlook + iPhone + custom SMTPS port are simply not possible together at the same time as far as I understand. Pick one to sacrifice.
2. Require encrypted (TLS) mode for any data transfer in /etc/postfix/main.cf:
smtpd_tls_security_level = encrypt
3. Authentication should only happen while already in encrypted (TLS) mode, so set in /etc/postfix/main.cf:
smtpd_tls_auth_only = yes
Don't forget postfix reload.
To test if this works, issue the following telnet and wait for the server's greeting:
telnet your.host.name.here yoursmtpsportnumber
220 your.host.name ESMTP Postfix (Ubuntu)
Then type in the EHLO and make sure the list of options contains STARTTLS and does not include an AUTH line (that would mean unencrypted authentication is available):
ehlo your.host.name.here
250-STARTTLS
Then issue starttls and wait for the server's confirmation:
starttls
220 2.0.0 Ready to start TLS
Once again, it's time to use openssl for further testing, detailed info here http://qmail.jms1.net/test-auth.shtml
CERTIFICATES
You also need to be aware that iOS is somewhat particular when it comes to certificates. First of all, you have to make sure to set the following extensions on your root certificate (probably in the [ v3_ca ] section in your /etc/ssl/openssl.cnf, depending on your openssl setup), especially the 'critical' keyword:
basicConstraints = critical,CA:true
keyUsage = critical, cRLSign, keyCertSign
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
And then on the certificate you sign for your mail server, set the following, probably in the [ usr_cert ] section of /etc/ssl/openssl.cnf:
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
subjectAltName = DNS:your.domain.name.here
issuerAltName=issuer:copy
Please note, the above are results of extensive google-ing and trial and error, so maybe you can omit some of the stuff above and it still works. When it started working for me, I stopped experimenting because figuring this all out already took way too much time. The iPhone is horribly undocumented when it comes to details of its peculiar behaviors. If you experiment more and have more accurate information, please feel free to post here as a reply to this message.
You have to import your root certificate into your iPhone embedded in a profile via the iPhone Configuration Utility (free, but only available in Windows or a Mac; details here: http://nat.guyton.net/2012/01/20/adding-trusted-root-certificate-authorities-to- ios-ipad-iphone/ ), after having first added it to Windows' certificate store as a trusted root certificate. This way the Utility will sign your certificate for the phone and it becomes usable; if you just add it from the phone it will be there but won't be used. Using a profile has the added benefit of being able to configure mail settings in it too, and that saves a lot of time when you have to install, remove, reconfigure, install again, etc. a million times until it works.
Another undocumented constraint is that the key size is limited to a max of 4096. You can actually install a root certificate with a larger key, the iPhone Configuration Utility will do that for you without a word. The only suspicious thing is that on the confirmation screen shown on your iPhone when you install the profile you don't get the text "Root Certificate/ Installing the certificate will add it to the list of trusted certificates on your iPhone" in addition to your own custom prompt set up in the iPhone Configuration Utility. The missing additional text is your sign of trouble! - but how would know that before you saw it working once? In any case, if you force the big key certificate on the device, then when you open the Mail App, it opens up and then crashes immediately. Again, without a word. Supposedly Apple implemented this limit on the request of the US Government, read more here if you're interested: http://blogs.microsoft.co.il/blogs/kamtec1/archive/2012/10/13/limitation-of-appl e-devices-iphone-ipad-etc-on-rsa-key-size-bit.aspx .
IN CLOSING...
With all this, you can read and send email from your iPhone.
Don't forget to set all your other clients (Thunderbird, Claws, etc.) to also use STARTTLS instead of SSL, otherwise they won't be able to connect after the changes above.

BAD_CERTIFICATE error calling a web service over SSL in ALSB 2.6

We have a business service on an ALSB 2.6 server (running on WL 9.2.1) that connects to a web service over SSL. When we try to run it, we get the following exception:
<Sep 17, 2009 7:49:17 AM PDT> <Error> <ALSB Kernel> <BEA-380001> <Exception on TransportManagerImpl.sendMessageToService, com.bea.
wli.sb.transports.TransportException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
com.bea.wli.sb.transports.TransportException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
at com.bea.wli.sb.transports.TransportException.newInstance(TransportException.java:146)
at com.bea.wli.sb.transports.http.HttpOutboundMessageContext.send(HttpOu
tboundMessageContext.java:310)
at com.bea.wli.sb.transports.http.HttpsTransportProvider.sendMessageAsync(HttpsTransportProvider.java:435)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
Truncated. see log file for complete stacktrace
javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
Truncated. see log file for complete stacktrace
This exception only occurs when hitting the web service through the bus. I have written a standalone Java application that posts to the web service and it works fine. I ran the application on the server where the ALSB is running using the same jdk (1.5.0_06 - the version that ships with 9.2.1) and the same cacerts file so I know it's not a problem with the certificate not being trusted. I have tried updating the cacerts file to the latest one distributed with JRE 1.6 and it still doesn't work.
After 8 hours of troubleshooting, I'm out of ideas. Does anyone have any suggestiosn?
Thanks.
Matt
Edited by: user6946981 on Sep 17, 2009 7:58 AM

Are you sure that your standalone application is using the same keystore (eg. cacert)? Default WebLogic configuration uses different keystore (demo).
I saw BAD_CERTIFICATE error only once and the cause was in keytool that somehow corrupted certificate during import. Deleting and importing certificate again helped me, but I doubt you have the same problem as your standalone application works.
Another idea ... Is hostname varification used? I know that the error message would look different if this was the cause, but try to add this parameter to your weblogic startup script: -Dweblogic.security.SSL.ignoreHostnameVerification=true
Last but not least, there is difference between your standalone application and ALSB runtime as WebLogic uses Certicom SSL provider. If you don't find the reason, contact Oracle support. Maybe they can help you to tweak Certicom provider in some way.

Web Service over SSL hangs if sent data size exceeds around 12Kb

Hi,
I have a Web Service running on a WebLogic Server 10.3. One of its purposes is to send and receive documents over a one-way SSL connection. The service runs fine if the documents are smaller than around 12Kb, however if its larger than that, the service simply hangs. From SSL debug information it looks like some data is sent but afterwards it simply stops. When testing the Web Service without SSL it works fine, which points to an SSL issue. Also, surprisingly, when it receives documents over the SSL, it also works fine. I assumed there is a parameter that limits the size of the POST message sent over SSL, however all the parameters that I found, that could do that, were already set to unlimited.

We ended up resolving this issue. It turned out to be something really simple. The client that was sending the soap traffic did not have the proper SSL certificate installed on the server that was generating the soap traffic.

Web Service over SSL failing in BEA Workshop

I have deployed a web service on weblogic 9.2
I have enabled one-way ssl on it. got a trial ssl certificate from verisign. installed them on the keystore/truststore on the server as well as the jre (cacerts and jssecacerts truststores) being used by the client. the client is on different machine than the server.
i have developed the service through 'bea weblogic workshop 9.2' now when i try to test the service through the 'web services explorer' within bea weblogic workshop i receive the following error:
IWAB0135E An unexpected error has occurred.
IOException
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
on server:
<Jul 13, 2009 6:45:44 PM EDT> <Warning> <Security> <BEA-090485> <CERTIFICATE_UNKNOWN alert was received from yunus.l1id.local - 10.10.2.72. The peer has an unspecified issue with the certificate. SSL debug tracing should be enabled on the peer to determine what the issue is.>
if i try to access the web service (over ssl) through the browser (ie/firefox), it works fine. i have generated a proxy class to access this web service through the same bea workshop and that works fine too. certificates are identified and all. i also created a small .net (c#) application that calls this secure web service over ssl from another machine and it works fine too!
of course non-secure url for the web service is working fine in every case.
what can be the reason for this failing only in 'web services explorer' in bea workshop?
cross posted at: http://www.coderanch.com/t/453879/Web-Services/java/Web-Service-over-SSL-failing
thanks.

Hello,
I used this example, when I made my experiments with SSL and Glassfish (GF):
http://java.sun.com/developer/EJTechTips/2006/tt0527.html#1
If you have problems with GF I suggest to post a message here:
http://forums.java.net/jive/forum.jspa?forumID=56
e.g. here is one thread:
http://forums.java.net/jive/thread.jspa?threadID=59993&tstart=0
Miro.

BizTalk Tracking Profile Editor not tracking the data and how to implement the Orchestration as wcf service over SSL

Hi Ashwinprabhu,
thank you very much for your answer.
i have one more query, I have orchestration published as wcf service in IIS and internally orchestration calling one more service , it means orchestration sending a request and getting response back from the service.
actually we are implementing the copy of that called service through biztalk orchestration for system automatic and tracking failed messages and n/w failures.
But tracking profiler not tracking the Data.
And we need to develop the http service as https(Over SSL), we implemented in iis using self
signed certificate, it is working just browser for wsdl(in browser), we are not able to test the service in wcf test client, it is giving wsdl error, in wsdl schema reference showing with HTTP only,
please help me how to resolve the issue.
Teegala

First things first, I think it's best to publish only schemas as WCF service for dependency management reasons. That said - WSDL availability is covered in the WCF adapter under the behaviors. If you're using HTTPBasic this may be hard to modify, but using
WCFCustom allows you to add the WSDL behavior and specify that it should be available via HTTPS.
As to the BAM, are you using TPE within the orchestration or at the port level? I'd imagine your TPE tracks the start and end events of your orchestration using the Orchestration Schedule. If you're fairly confident that the TPE is correct and
yet don't see BAM data 1) make sure your SQL Agent is running healthy and all jobs look OK and 2) check the TDDS tables in both the message box and the BAMPrimaryImport databases. These will show you if there has been some sort of sync issue. There's
even a TDDS errors tables - so check that out.
Kind Regards,
-Dan
If this answers your question, please Mark as Answer

I upgraded to iOS8.1.3, and now when I attempt to backup my iPad to iTunes for Windows, it keeps popping up an error message

H. I upgraded to iOS8.1.3, and now when I attempt to backup my iPad to iTunes for Windows, it keeps popping up an error message "not enough space on the computer". There is over 130Gb of space! I have updated iTunes, but no change. Is it an issue in the iOS update? Or am I doing something wrong?
Would appreciate your guidance...
<Subject Edited by Host>

When you upgraded, itunes should have put a copy of the itunes library database in a folder named *Previous iTunes Libraries* . If you upgraded itunes today it will show as
iTunes Library 2010-02-28.itl
Use these directions to get it back
http://support.apple.com/kb/TS1967
Since I am not sure of your setup, look for the "Previous" folder on both your C: and F: drives.

Connect MQ V6.0 from MQ adapter over SSL in BPEL 10g

Hi All,
I'm trying to connect to a remote MQ using MQ Adapter from my BPEL(10g) process. I'm able to deploy the process successfully after adding the jars file in server.xml.
My process is a poller one it just dequeue the message upon any message arrival.
But its not picking up the message in spite of having numerous message in queue,in log its showing ,
Failed to create QueueManager.
+[ManagedConnectionImpl] Error while creating QueueManager: "MQW1". [Caused by: CC=2;RC=2397;AMQ9641: Remote CipherSpec error for channel 'JAVA.BSS_VSS.CLIENT'. [3=JAVA.BSS_VSS.CLIENT]]+
Refer WebSphere MQ Reference Manual for Reason Code 2,397 and fix the cause of the error. Contact oracle support if error is not fixable.
+[Caused by: CC=2;RC=2397;AMQ9641: *Remote CipherSpec error for channel* 'JAVA.BSS_VSS.CLIENT'. [3=JAVA.BSS_VSS.CLIENT]]+
+; nested exception is:+
+ ORABPEL-12511+
I've got the SSL Cipher suite =SSL_RSA_WITH_3DES_EDE_CBC_SHA from client but don't know where to set that property.
Would anyone let me know the procedures of invoking MQ over SSL in BPEL 10g.
Thanks in Advance,
Shreekanta

I'm looking for exact property need to be set for SSL in Oracle MQ adapter.
It would be very helpful if Oracle have some standard docs.

SOAP Receiver over SSL - server certificate troubles

Hello all,
I have a scenario with SOAP receiver communication channel with comunnication over SSL. In the URL there is a IP address for a reason I will not mention ... simply there must be IP address in URL and not a host name.
When I access the SOAP server with internet browser it gives me a server certificate with HOST NAME in CN. I placed this certificate to the "trusted container" in J2EEVisAdmin - Key Storage.
Now you might already suspect the trouble: the certificate CN doesn't match with URL. This is obvios error we got many times on the internet (even in e-banking sector .. but we are able to skip it with our internet browsers' possibilities.
Could I set up something in J2EE server as same as in internet browser ???
Thank you in advance.
Rgds
Tom

Got it,
SAP Note : 791655
HTTPS/SSL Properties
Property Name = [default]
messaging.ssl.httpsHandler=iaik.protocol.https.Handler
messaging.ssl.securityProvider=iaik.security.provider.IAIK
messaging.ssl.trustedCACerts.viewName=TrustedCAs
messaging.ssl.serverNameCheck=false
Description:
The properties "httpsHandler" and "securityProvider" specify the class names of the HTTPS handler and Security provider used. The AF only supports IAIK. Never change these values! To activate HTTP/SSL, you must install the IAIK libraries on your J2EE Engine as described in the Installation Guide.
The property "trustedCACerts.viewName" defines which J2EE keystore is used during the SSL Handshake for trusted CA certificates. You should never change this value either. With "serverNameCheck" you can specify whether the host name in outbound HTTPS requests should be checked against the host name in the certificate of the server.
Regards,
Bhavesh

SOAP over SSL

Hi
I have certificate ForKaraganda.pfx.
I need to connect to web service .NET-SOAP application using client-certificate authentication uses HTTP over SSL and execute remote function.
String file = "c:\\tmp\\ForKaraganda.pfx";
String pass = "123456";
System.setProperty("javax.net.ssl.keyStoreType","pkcs12");
System.setProperty("javax.net.ssl.keyStore", file);
System.setProperty("javax.net.ssl.keyStorePassword", pass);
url = new URL("https://something.kz");
SOAPConnectionFactory fac = SOAPConnectionFactory.newInstance();
con = fac.createConnection();
MessageFactory messageFactory = MessageFactory.newInstance();
SOAPMessage message = messageFactory.createMessage();
SOAPHeader header = message.getSOAPHeader();
SOAPBody body = message.getSOAPBody();
SOAPFactory soapFactory = SOAPFactory.newInstance();
javax.xml.soap.Name bodyName = soapFactory.createName("SelectUserByUIN","", "http://something2.kz/");
javax.xml.soap.Name name = soapFactory.createName("uin");
SOAPBodyElement bodyElement = body.addBodyElement(bodyName);
SOAPElement uin = bodyElement.addChildElement(name);
uin.addTextNode("234234234242");
SOAPMessage response = con.call(message, url);But happened error
WT-EventQueue-0, handling exception: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
AWT-EventQueue-0, SEND TLSv1 ALERT: fatal, description = internal_error
AWT-EventQueue-0, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 50                               ......P
AWT-EventQueue-0, called closeSocket()
24.01.2008 14:39:56 com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection post
SEVERE: SAAJ0009: Message send failed
com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
Caused by: java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
     at java.security.AccessController.doPrivileged(Native Method)
     at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(HttpSOAPConnection.java:140)
     ... 29 more
...How it fix?

Hi
I have certificate ForKaraganda.pfx.
I need to connect to web service .NET-SOAP application using client-certificate authentication uses HTTP over SSL and execute remote function.
String file = "c:\\tmp\\ForKaraganda.pfx";
String pass = "123456";
System.setProperty("javax.net.ssl.keyStoreType","pkcs12");
System.setProperty("javax.net.ssl.keyStore", file);
System.setProperty("javax.net.ssl.keyStorePassword", pass);
url = new URL("https://something.kz");
SOAPConnectionFactory fac = SOAPConnectionFactory.newInstance();
con = fac.createConnection();
MessageFactory messageFactory = MessageFactory.newInstance();
SOAPMessage message = messageFactory.createMessage();
SOAPHeader header = message.getSOAPHeader();
SOAPBody body = message.getSOAPBody();
SOAPFactory soapFactory = SOAPFactory.newInstance();
javax.xml.soap.Name bodyName = soapFactory.createName("SelectUserByUIN","", "http://something2.kz/");
javax.xml.soap.Name name = soapFactory.createName("uin");
SOAPBodyElement bodyElement = body.addBodyElement(bodyName);
SOAPElement uin = bodyElement.addChildElement(name);
uin.addTextNode("234234234242");
SOAPMessage response = con.call(message, url);But happened error
WT-EventQueue-0, handling exception: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
AWT-EventQueue-0, SEND TLSv1 ALERT: fatal, description = internal_error
AWT-EventQueue-0, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 50                               ......P
AWT-EventQueue-0, called closeSocket()
24.01.2008 14:39:56 com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection post
SEVERE: SAAJ0009: Message send failed
com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
Caused by: java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
     at java.security.AccessController.doPrivileged(Native Method)
     at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(HttpSOAPConnection.java:140)
     ... 29 more
...How it fix?

How write rmi-iiop over ssl with weblogic server 6.1 - No server found

//New
Hello,
I have written an appication like this:
- An EJB server running on Weblogic server 6.1
(named: BankServerHome)
-A java client calling the BankServer.
Platform: windows 2000 - jdk1.3
Now I want to secure the communication with SSL protocol.
I have done this:
-generate a key peer with weblogic service named certificate.
-send the CSR to a CA and place the answer into the weblogic
server certificate directory.
-update path for ServerCertificateChainFileName,
ServerCertificateFileName, ServerKeyFileName into config.xml.
-launch weblogicServer
     -> server certificate is recognized
     -> listening port 7001 and 7002.
(-stop weblogicServer!)
At now, all is all right, errors come hereafter:
Then I follow the guideline "Programming weblogic Security" (version of 30/07/2001).
"To use RMI over IIOP over SSL with a Java client, do the following:
2. Extend the java.rmi.server.RMISocketFactory class to handle SSL socket
connections. Be sure to specify the port on which WebLogic Server listens for
SSL connections. For an example of a class that extends the
java.rmi.server.RMISocketFactory class, see Listing 4-22.
3. Run the ejbc compiler with the -d option.
4. Add your extension of the java.rmi.server.RMISocketFactory class to the
CLASSPATH of the Java client.
5. Use the following command options when starting the Java client:
-xbootclasspath/a:%CLASSPATH%
-Dorg.omg.CORBA.ORBSocketFactoryClass=implementation of java.rmi.server.RMISocketFactory
-Dssl.certs=directory location of digital certificate for Java client
-Dssl.key=directory location of private key for Java client"
At step 3. I found into documentation that -d is linked to a directory name.
When I run ejbc with this option -d I have the message:
"ERROR: You must specify an output directory or jar with the -d option to weblogic.ejbc."
% So what option can I use to run ejbc for secure usage?
At step 5. Whatever I write for -Dorg.omg.CORBA.ORBSocketFactoryClass,
this pointed class is not instanciated.
Then I can not create a socket with my client.
The folowing exception is raised:
javax.naming.CommunicationException [Root exception is java.net.ConnectException:
No server found at T3S://localhost:7002]
So, my questions are:
% Why -Dorg.omg.CORBA.ORBSocketFactoryClass must be known by the client and not
the server?
My java client part, managing connection is:
-------------------BEGIN OF CONNECTION MANAGER-------------------
Properties env = new Properties ();
// Shouldn't have to do this, but for now you must
if ( factory.equals ("weblogic.jndi.WLInitialContextFactory") ) {
env.put ("java.naming.provider.url", "t3s://localhost:7002");
InitialContext context = new InitialContext (env);
BankSessionServerHome bssh = (BankServerHome) context.lookup("BankServerHome");
BankServer = bssh.create();
-------------------END OF CONNECTION MANAGER-------------------
I have also try
env.put ("java.naming.provider.url", "corbaloc:iiop://localhost:7002");
but it throws the following error
javax.naming.InvalidNameException: url does not conatin !!!
% What is the code for the java client allowing connection with the ejb?
% And better, can I have a sample example for rmi-iiop over ssl?
(...wlserver6.1\samples\examples\iiop\ejb\stateless\rmiclient\client.java do not
speak ssl!)
Any help will be appreciate from you...
Best Regards.
Oliver

"oliver" <[email protected]> writes:
The SSL support is poorly doc'd right now. We have fixed this and
updated the way you do things in SP2. Please either wait for SP2 or
contact support.
andy
I have written an appication like this:
- An EJB server running on Weblogic server 6.1
(named: BankServerHome)
-A java client calling the BankServer.
Platform: windows 2000 - jdk1.3
Now I want to secure the communication with SSL protocol.
I have done this:
-generate a key peer with weblogic service named certificate.
-send the CSR to a CA and place the answer into the weblogic
server certificate directory.
-update path for ServerCertificateChainFileName,
ServerCertificateFileName, ServerKeyFileName into config.xml.
-launch weblogicServer
     -> server certificate is recognized
     -> listening port 7001 and 7002.
(-stop weblogicServer!)
At now, all is all right, errors come hereafter:
Then I follow the guideline "Programming weblogic Security" (version of 30/07/2001).
"To use RMI over IIOP over SSL with a Java client, do the following:
2. Extend the java.rmi.server.RMISocketFactory class to handle SSL socket
connections. Be sure to specify the port on which WebLogic Server listens for
SSL connections. For an example of a class that extends the
java.rmi.server.RMISocketFactory class, see Listing 4-22.
3. Run the ejbc compiler with the -d option.
4. Add your extension of the java.rmi.server.RMISocketFactory class to the
CLASSPATH of the Java client.
5. Use the following command options when starting the Java client:
-xbootclasspath/a:%CLASSPATH%
-Dorg.omg.CORBA.ORBSocketFactoryClass=implementation of java.rmi.server.RMISocketFactory
-Dssl.certs=directory location of digital certificate for Java client
-Dssl.key=directory location of private key for Java client"
At step 3. I found into documentation that -d is linked to a directory name.
When I run ejbc with this option -d I have the message:
"ERROR: You must specify an output directory or jar with the -d option to weblogic.ejbc."
% So what option can I use to run ejbc for secure usage?
At step 5. Whatever I write for -Dorg.omg.CORBA.ORBSocketFactoryClass,
this pointed class is not instanciated.
Then I can not create a socket with my client.
The folowing exception is raised:
javax.naming.CommunicationException [Root exception is java.net.ConnectException:
No server found at T3S://localhost:7002]
So, my questions are:
% Why -Dorg.omg.CORBA.ORBSocketFactoryClass must be known by the client and not
the server?
My java client part, managing connection is:
-------------------BEGIN OF CONNECTION MANAGER-------------------
Properties env = new Properties ();
// Shouldn't have to do this, but for now you must
if ( factory.equals ("weblogic.jndi.WLInitialContextFactory") ) {
env.put ("java.naming.provider.url", "t3s://localhost:7002");
InitialContext context = new InitialContext (env);
BankSessionServerHome bssh = (BankServerHome) context.lookup("BankServerHome");
BankServer = bssh.create();
-------------------END OF CONNECTION MANAGER-------------------
I have also try
env.put ("java.naming.provider.url", "corbaloc:iiop://localhost:7002");
but it throws the following error
javax.naming.InvalidNameException: url does not conatin !!!
% What is the code for the java client allowing connection with the ejb?
% And better, can I have a sample example for rmi-iiop over ssl?
(...wlserver6.1\samples\examples\iiop\ejb\stateless\rmiclient\client.java do not
speak ssl!)
Any help will be appreciate from you...
Best Regards.
Oliver

How write rmi-iiop over ssl with weblogic server 6.1?

Hello,
I have written an appication like this:
- An EJB server running on Weblogic server 6.1
(named: BankServerHome)
-A java client calling the BankServer.
Platform: windows 2000 - jdk1.4
Now I want to secure the communication with SSL protocol.
I have done this:
-generate a key peer with weblogic service named certificate.
-send the CSR to a CA and place the answer into the weblogic
server certificate directory.
-update path for ServerCertificateChainFileName,
ServerCertificateFileName, ServerKeyFileName into config.xml.
-launch weblogicServer
     -> server certificate is recognized
     -> listening port 7001 and 7002.
(-stop weblogicServer!)
At now, all is all right, errors come hereafter:
Then I follow the guideline "Programming weblogic Security" (version of 30/07/2001).
"To use RMI over IIOP over SSL with a Java client, do the following:
2. Extend the java.rmi.server.RMISocketFactory class to handle SSL socket
connections. Be sure to specify the port on which WebLogic Server listens for
SSL connections. For an example of a class that extends the
java.rmi.server.RMISocketFactory class, see Listing 4-22.
3. Run the ejbc compiler with the -d option.
4. Add your extension of the java.rmi.server.RMISocketFactory class to the
CLASSPATH of the Java client.
5. Use the following command options when starting the Java client:
-xbootclasspath/a:%CLASSPATH%
-Dorg.omg.CORBA.ORBSocketFactoryClass=implementation of java.rmi.server.RMISocketFactory
-Dssl.certs=directory location of digital certificate for Java client
-Dssl.key=directory location of private key for Java client"
At step 3. I found into documentation that -d is linked to a directory name.
When I run ejbc with this option -d I have the message:
"ERROR: You must specify an output directory or jar with the -d option to weblogic.ejbc."
% So what option can I use to run ejbc for secure usage?
At step 5. Whatever I write for -Dorg.omg.CORBA.ORBSocketFactoryClass,
this pointed class is not instanciated.
Then I can not create a socket with my client.
The folowing exception is raised:
javax.naming.CommunicationException [Root exception is java.net.ConnectException:
No server found at T3S://localhost:7002]
So, my questions are:
% Why -Dorg.omg.CORBA.ORBSocketFactoryClass must be known by the client and not
the server?
My java client part, managing connection is:
-------------------BEGIN OF CONNECTION MANAGER-------------------
Properties env = new Properties ();
// Shouldn't have to do this, but for now you must
if ( factory.equals ("weblogic.jndi.WLInitialContextFactory") ) {
env.put ("java.naming.provider.url", "t3s://localhost:7002");
} else {
env.put ("java.naming.provider.url", "rmi://localhost:7002");
InitialContext context = new InitialContext (env);
BankSessionServerHome bssh = (BankServerHome) context.lookup("BankServerHome");
BankServer = bssh.create();
-------------------END OF CONNECTION MANAGER-------------------
% What is the code for the java client allowing connection with the ejb?
% And better, can I have a sample example for rmi-iiop over ssl?
(...wlserver6.1\samples\examples\iiop\ejb\stateless\rmiclient\client.java do not
speak ssl!)
Any help will be appreciate from you...
Best Regards.
Oliver

"oliver" <[email protected]> writes:
First off 1.4 isn't supported as yet. That is probably part of the problem.
You also must use a corba URL from the client in order for this to work for instance:
If you are using WLInitialContextFactory:
corbaloc:iiop:localhost:7001/NameService
If you are using CNCtxFactory:
iiop://localhost:7001
Using rmi: is the wrong thing to do - that will use jrmp or t3.
However, I suggest that you raise a call with support since there is
some other trickiness with getting SSL working. We hope to have this
much improved in SP2.
andy
Hello,
I have written an appication like this:
- An EJB server running on Weblogic server 6.1
(named: BankServerHome)
-A java client calling the BankServer.
Platform: windows 2000 - jdk1.4
Now I want to secure the communication with SSL protocol.
I have done this:
-generate a key peer with weblogic service named certificate.
-send the CSR to a CA and place the answer into the weblogic
server certificate directory.
-update path for ServerCertificateChainFileName,
ServerCertificateFileName, ServerKeyFileName into config.xml.
-launch weblogicServer
     -> server certificate is recognized
     -> listening port 7001 and 7002.
(-stop weblogicServer!)
At now, all is all right, errors come hereafter:
Then I follow the guideline "Programming weblogic Security" (version of 30/07/2001).
"To use RMI over IIOP over SSL with a Java client, do the following:
2. Extend the java.rmi.server.RMISocketFactory class to handle SSL socket
connections. Be sure to specify the port on which WebLogic Server listens for
SSL connections. For an example of a class that extends the
java.rmi.server.RMISocketFactory class, see Listing 4-22.
3. Run the ejbc compiler with the -d option.
4. Add your extension of the java.rmi.server.RMISocketFactory class to the
CLASSPATH of the Java client.
5. Use the following command options when starting the Java client:
-xbootclasspath/a:%CLASSPATH%
-Dorg.omg.CORBA.ORBSocketFactoryClass=implementation of java.rmi.server.RMISocketFactory
-Dssl.certs=directory location of digital certificate for Java client
-Dssl.key=directory location of private key for Java client"
At step 3. I found into documentation that -d is linked to a directory name.
When I run ejbc with this option -d I have the message:
"ERROR: You must specify an output directory or jar with the -d option to weblogic.ejbc."
% So what option can I use to run ejbc for secure usage?
At step 5. Whatever I write for -Dorg.omg.CORBA.ORBSocketFactoryClass,
this pointed class is not instanciated.
Then I can not create a socket with my client.
The folowing exception is raised:
javax.naming.CommunicationException [Root exception is java.net.ConnectException:
No server found at T3S://localhost:7002]
So, my questions are:
% Why -Dorg.omg.CORBA.ORBSocketFactoryClass must be known by the client and not
the server?
My java client part, managing connection is:
-------------------BEGIN OF CONNECTION MANAGER-------------------
Properties env = new Properties ();
// Shouldn't have to do this, but for now you must
if ( factory.equals ("weblogic.jndi.WLInitialContextFactory") ) {
env.put ("java.naming.provider.url", "t3s://localhost:7002");
} else {
env.put ("java.naming.provider.url", "rmi://localhost:7002");
InitialContext context = new InitialContext (env);
BankSessionServerHome bssh = (BankServerHome) context.lookup("BankServerHome");
BankServer = bssh.create();
-------------------END OF CONNECTION MANAGER-------------------
% What is the code for the java client allowing connection with the ejb?
% And better, can I have a sample example for rmi-iiop over ssl?
(...wlserver6.1\samples\examples\iiop\ejb\stateless\rmiclient\client.java do not
speak ssl!)
Any help will be appreciate from you...
Best Regards.
Oliver

POP over SSL in Messaging 5.2

Similar Messages

Maybe you are looking for