Portal SSL and HTTPS

Has anyone configured Portal Version: 9.0.2.2.22 to run in SSL on a Windows 2000 Machine with the Infrastructure and the Applications Server running on the same Machine?

Similar Messages

WWSAPI - Cannot connect to web service via SSL and HTTP proxy authentication with NTLM, errorCode 0x803d0016, HTTP status 407

Hi,
I built a web service client using WWSAPI. The connection works via SSL (without HTTP proxy) and it works with SSL and proxy with basic authentication as well. When I try to connect using a proxy with NTLM authentication, then I get the errorCode
0x803d0016, HTTP status "407 (0x197)", "Proxy Authentication Required".
In WireShark I see only one HTTP request to connect to the proxy with NTLM Message Type: NTLMSSP_NEGOTIATE. The HTTP Response returns Status 407 and the connection ist closed. Comparing this to Internet Explorer - the Connection is not closed and
a second request with NTLMSSP_AUTH is sent.
Why doesn't it make the complete NTLM handshake? Why wasn't sent the NTLMSSP_AUTH directly?
I oriented in the HttpCalculatorWithKerberosOverSslClientExample.
Using WS_HTTP_HEADER_AUTH_SECURITY_BINDING,
WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_SCHEME was set to WS_HTTP_HEADER_AUTH_SCHEME_NTLM, WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_TARGET to WS_HTTP_HEADER_AUTH_TARGET_PROXY. I tried WS_DEFAULT_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE but also WS_STRING_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE.
Any idea?
Thanks

Hi,
I built a web service client using WWSAPI. The connection works via SSL (without HTTP proxy) and it works with SSL and proxy with basic authentication as well. When I try to connect using a proxy with NTLM authentication, then I get the errorCode
0x803d0016, HTTP status "407 (0x197)", "Proxy Authentication Required".
In WireShark I see only one HTTP request to connect to the proxy with NTLM Message Type: NTLMSSP_NEGOTIATE. The HTTP Response returns Status 407 and the connection ist closed. Comparing this to Internet Explorer - the Connection is not closed and
a second request with NTLMSSP_AUTH is sent.
Why doesn't it make the complete NTLM handshake? Why wasn't sent the NTLMSSP_AUTH directly?
I oriented in the HttpCalculatorWithKerberosOverSslClientExample.
Using WS_HTTP_HEADER_AUTH_SECURITY_BINDING,
WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_SCHEME was set to WS_HTTP_HEADER_AUTH_SCHEME_NTLM, WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_TARGET to WS_HTTP_HEADER_AUTH_TARGET_PROXY. I tried WS_DEFAULT_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE but also WS_STRING_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE.
Any idea?
Thanks

Delete or disable ssl and https on exchange web url

Hi,
I disable by clear check box on Default Web Site --> SSL Settiings --> Require SSL
and also inseret my domain name example: http://mail.myexchange.com/owa in Exchange admin center Console --> Servers --> Virtual Directory --> owa
and also i change <add key="UseHttpsForWacUrl" value="true" /> to <add key="UseHttpsForWacUrl" value="false" /> in C:\Program Files\Microsoft\Exchange
Server\V15\ClientAccess\Owa\web
But, after this steps for removing https on my url i can use it. and after loggin in https mode i can delete https on my url manually but did't work good and i get this error when i want see my email body "Error: Your
request can't be completed right now. Please try again later."

Hi S.Ali,
Have you restarted IIS after changing all the settings?
If not, please try to restart iis and check again.
Best regards,
Niko Cheng
TechNet Community Support

SSL and HTTPS

Hello,
since a few days I cannot connect via email (SSL) or internet/opera mobile to HTTPS pages. I have no idea what I have changed. It was working fine and changed from one day to the next. What could be the problem? Are there any files I have deleted by mistake or do I need change configuration files? By the way HTTPS on opera mini is working.
Regards,
Joern

Hi GOPINATH V,
What's the version of your CSS?
About SSL, do you want to do termination, initialization or end-to-end?

Portal SRA and HTTP Basic Auth

hi all
i know that there is a LDAP attribute to store information for BASIC AUTHENTICATION : "sunPortalGatewayWWWAuthorization"
i would like to do some batch process, mapping user in IIS server to JES.
the problem is data in sunPortalGatewayWWWAuthorization attribute encrypted and i don't know what mechanism is used.
Please help me to find out what method is been used
or is there any tools to do encrypt?
many thanks in advance

Hello,
Sorry for "waking up" this old message, but I have exactly the same probem and I can't find a solution.
I know how to send Authorization in the HTTP headers with a HTTPService, but not with a RemoteObject.
Do you know that, or have any other solution for the problem ?
Etienne

Issues deploying a cloud service with two endpoints (HTTP and HTTPS)

I ran into an issue this week in the azure portal when I tried to deploy a cloud service with two endpoints. (I am using the azure sdk 2.2). I deployed the cloud service to production with the following endpoints in the ServiceDefinition.csdef:
<WebRole name="NameChanged.Web" vmsize="Small">
<Sites>
<Site name="Web">
<Bindings>
<Binding name="HttpsIn" endpointName="HttpsIn" />
<Binding name="HttpIn" endpointName="HttpIn" />
</Bindings>
</Site>
</Sites>
<Endpoints>
<InputEndpoint name="HttpIn" protocol="http" port="80" />
<InputEndpoint name="HttpsIn" protocol="https" port="443" certificate="NameChangedCertificate" />
</Endpoints>
<Imports>
<Import moduleName="Diagnostics" />
</Imports>
<Certificates>
<Certificate name="NameChangedCertificate" storeLocation="LocalMachine" storeName="My" />
</Certificates>
</WebRole>
I followed the directions here (http://azure.microsoft.com/en-us/documentation/articles/cloud-services-configure-ssl-certificate/)
in Step 3 for deploying the cloud service to the azure portal. And HTTP worked just fine, but the HTTPS endpoint didn't work, we would get a 502 error whenever we tried to access the service via HTTPS.
We spent a lot of time to debug and see why HTTPS wasn't working, but everything we tried resulted in the same result: 502 error code when accessing the site
via HTTPS.
The only way that we were able to get HTTPS working for the cloud service in azure, was to completely delete our instance in the azure portal, and then do a two step deployment:
Step 1 - Remove the HTTP endpoint from our ServiceDefinition.csdef, like so:
<Site name="Web">
<Bindings>
<Binding name="HttpsIn"
</Bindings>
</Site>
</Sites>
<Endpoints>
<InputEndpoint name="HttpsIn" protocol="https" port="443" certificate="staging" />
</Endpoints>
</WebRole>
We then deployed the service to the azure portal. AND THE SERVICE WORKED WITH HTTPS!!!
Step 2 - We added the HTTP endpoint back into the ServiceDefinition.csdef, redeployed and both HTTP and HTTPS worked on the site.
I wanted to post this to help others that may have the same issue, and to see if anyone else has experienced this same thing? Is this an issue in the azure 2.2 SDK? This seems like a work around for getting both HTTP and HTTPS endpoints for a
cloud service, and it seems "wrong". Does anyone have a better way to do this?
Tim

Hi Tim;
This seems to be an very useful workaround thanks for sharing it. Hopefully this will come in handy for many of us.
Warm Regards
Prasant

PORTAL ACCESS THROUGH HTTP and HTTPS BOTH

Hi,
Is it possible to make the portal listen on both http and https ports at the same time? What is the required configuration for the same?
Please let me know for any other details.
Any input is highly appreciated.
regards,
Chandra

Hello Chandra,
you can activate SSL in the J2EE engine and then you have both Protocolls avaliable. The documentaiton can be found at <a href="http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm">Configuring the Use of SSL on the SAP J2EE Engine</a>.
Regards
Gregor

HTTP and HTTPS (SSL) at the same time?

Hi
In our company we will use SAP Portal as a external facing portal and as portal that uses authorisation and authentication (logon) . The question for us is: Is it possible to run the EFP without SSL and the securede portal with SSL? Where do I find documentation?
Thanks
Christian Thulstrup

Hi Christian,
yes, you can run the portal with HTTP and HTTPS at the same time - it's just a question of the URL you are entering in the browser...
BUT:
If you access your portal with HTTPS all content provided by the portal should be accessed with HTTPS too - otherwise you will get security warnings in IE and maybe some strange behavior of the integrated content. Session Management to SAP backend systems will not work also...
Vice-versa: if you access you portal with HTTP all content should be accessed with HTTP... obviously...
So if your content for the external facing portal is completely seperated from the internal content - yes you can access the portal with differen protocolls.
If it is not seperated - and that includes KM objects also - then better use one protocoll for both only!!
Hth,
Michael

Can one portal 11g middletier listen on both https and http simultaneously?

Specifically behind a reverse proxy?
I know in 10G I was able to do this but in 11G there is a configuration item in the weblogic enterprise manager (Portal Farm) where you configure the:
Portal Wire Congiguration
- Portal Middle Tier
Specify the Middle Tier settings that Portal should use.
     Published Host
Listening Port
SSL Protocol     (is a checkbox whose hover over text is: "Specifies the protocol of the Portal URL. It can be either HTTP (NONSSL) or HTTPS (SSL)")
These setting would indicate to me that for a given portal middle tier you can not have it listen and respond to requests on http and https at the same time.
IE...
https://myhost/portal/pls/portal/
http://myhost/portal/pls/portal/
Can someone verify if this is indeed true?
D

Have you tired using wlw-runtime-config.xml?
http://e-docs.bea.com/workshop/docs81/doc/en/workshop/reference/configfiles/con_wlw-runtime-config_xml_ConfigurationFile.html?skipReload=true
-D

Both http and https on struts in tomcat using SSL

I want to apply both http and https as need, on a single web application on struts. My server is tomcat. I need a complete documentation. Some help me please.

If you are terminating SSL on ACE then there is no way to do it with one policy because of ssl-proxy command. However it is possible to use same serverfarms with two VIP like this:
access-list ACL line 10 extended permit ip any any
rserver host TEST
ip address 20.20.2.11
inservice
serverfarm host TEST
rserver TEST
    inservice
ssl-proxy service SSL_SERVER
key KEY12.PEM
cert CERT12.PEM
class-map match-any SSL
2 match virtual-address 10.10.2.101 tcp eq https
class-map match-any HTTP
2 match virtual-address 10.10.2.101 tcp eq http
policy-map type loadbalance first-match L7_POL
   class class-default
     serverfarm TEST
policy-map multi-match L7
   class SSL
     loadbalance vip inservice
     loadbalance policy L7_POL
     loadbalance vip icmp-reply
     ssl-proxy server SSL_SERVER
    class HTTP
    loadbalance vip inservice
    loadbalance policy L7_POL
    loadbalance vip icmp-reply
interface vlan 210
   ip address 10.10.2.1 255.255.255.0
   service-policy input L7
   access-group input ACL
   no shutdown
interface vlan 220
   ip address 20.20.2.1 255.255.255.0
   no shutdown
ip route 0.0.0.0 0.0.0.0 10.90.15.1
However, if you are not doing SSL termination on ACE and you are just doing L4 load-balancing, you will most likely need to configure SSL stickiness, which again leads to having separate policies because of the sticky serverfarms which need separate loadbalance policy lines.

SSL Installation for AS2 and HTTPS

Hi b2bgurus,
Please let me know the steps to install SSL for various trading partners.
Does the B2B server need a bounce after every certificate install/change.
I would like to install the certificates for AS2[EDI] and HTTPS protocals.

Does the B2B server need a bounce after every certificate install/change.B2B supports SSL via Weblogic SSL implementation and hence if you are making any change with respect to identity certificate then you may need a server bounce. If you are just adding/removing a trust certificate (partner's certificate) then no bounce is required.
I would like to install the certificates for AS2[EDI] and HTTPS protocals.Please refer below posts -
http://anuj-dwivedi.blogspot.in/2010/10/enabling-ssl-on-oracle-b2b-11g.html
http://anuj-dwivedi.blogspot.in/2011/04/implementing-message-security-in-oracle.html
Regards,
Anuj

Portal Components and SSL

I have my solaris 3.0.8 portal environment accessible via https and http connections by using Apache virtual hosts. Ideally I'd like to be able to force an https protocol when users access some sensitive application components. Is this possible? If not, does anyone have any suggestions for a workaround that could produce the same results?

Hi Vali
PORTAL COMPONENT
from user point of view,a component that can be displayed into a portal page.from an apllication development perspective,a plug able to component designed to be executed into a portal environment
PORTAL SERVICE
A component offering a globally accessible function in the portal.the portal runtime development model offeres a way to implement a clear separation between a Service
API and its implementation
A Portal Application contain two types of resources :
1)Web Resources
 - Accessible via http / https requests to a web server
 - All files Not unber WEb-INF
2)Non-Web Resources
 - Not accessible via an http / https request
 - All files under WEB-INF
A portal Application can contain:
a) Several portal components and several portal services.Using several sections in DD these components and services are defined
b)only ONE Portal Component
c) only ONE Portal Service
All portal services of a portal application are declared in service sections within the services section
Regards
Chaitanya.A

Portal & SSL

Hi,
I'm using Oracle Portal (
Oracle Application Server 10g 9.0.4.0.0 + Metadata
repository Update 9.0.4.1.1 and Oracle Application Server 10g 9.0.4.0.0 + 9.0.4.1.1 Update) and it works fine.
Now I want to implement SSL. Firstly to secure the connections (logins; to avoid usercode/password travelling in plaintext across the nework). I would appreciate it very much if some one could point me to usefull doc's.
Thanks in advance.
regards,
Ivan

You'll want to reference the 9.0.4 documentation library at:
http://download-east.oracle.com/docs/cd/B10464_05/manage.htm
Specifically, if you only want to secure the login process, you can view the SSO Admin Guide for securing the SSO with SSL here:
http://download-east.oracle.com/docs/cd/B10464_05/manage.904/b13791/advconfg.htm#i1011679
If you want full SSL througout portal, you'll want to reference the portal admin guide.

SSL and security modes

We are getting ready to implement SSL on the Portal Server and after reading the documentation, I'm not sure which security mode we need to be in. Will mode 0 be fine as long we require SSL on IIS on the portal server?

Hi Eric,
You mentioned that your site is in mode 2. How was the performance? Are you using an accelerator? Please send me the link if that is alright. We have been playing with https (mode 2) but no success since all admin tasks stopped working. Our next step is to install a separate portal inside the firewall....Any tips would be appreciated.
Thanks,
Leona------- Eric Whitley wrote on 9/17/04 10:33 AM -------
I think you'll want to at least set SSL mode to 1. I'm going to just write out my understanding of things, and I only really have PT 4.5 WS in production, so if I'm off, well... somebody correct me. :)
Something to keep in mind - Plumtree needs to "know" which SSL mode you're setting up so it can construct the links for all click-throughs (http://myservervs https://myserver).
0 = no SSL. Even if you place SSL on IIS Plumtree won't care - in fact, if you click on 'require SSL' on IIS, I think you'll run into problems. Plumtree won't construct URLs with the appropriate "https" prefix, which will likely cause problems.
1 = apply security to pages that need it. Login pages, document click-throughs, etc. as defined in the secure activity spaces configuration. Plumtree will apply the "https" to only those pages/links.
2 = SSL everything, everywhere. Our portal current has this configuration.
Clicking on "require SSL" on the virtual directory will only deal with the IIS portion - you still need to indicate to Plumtree how much/where you want it applied so it can construct the links appropriately. Try setting "1" to see if it will get you where baseline security - our clients and global security team force us to SSL everything conceivable, so we use setting "2".
That help?
Eric

Portal integration and Windows Active Directory

Hello experts,
We have a SAP Netweaver Portal SP14 and the UME is configure in one Active Directory of Windows 2003. The UME is working correctly but the SSL connection between the two system doesn't work.
We have applied the help in the link:
"http://help.sap.com/saphelp_nw70/helpdata/en/7d/77fa735e5f47a2a50b5336fd1b5a61/content.htm"
but we got the error
"Peer certificate is not trusted or expired".
The Active Directory server has its own certificate.
We think that the problem is with the trusted certificate but we have not correct it.
In active directory server when we access to https:
myserverAD:636, we got the error that the page could not be show.
Thanks in advanced.
Paco Hernandis.

> https:
myserverAD:636, we got the error that the page could not be show.
The SAP Help is outdated: MS IE doesn't show those certs any more, as you have found.
I'm sure there's a better way, but here's how I get that when I need it: install an OLD version of Firefox (I keep the install EXE for Firefox 1.5.0.8 around just for this) because v.2 responds with an error the same as IE. I use Firefox for this (rather than an old version of IE) so that it doesn't clobber my IE config. Since it's an old release there are many security problems: so don't use it for anything else, and uninstall it immediately afterwards.
http://download.mozilla.org/?product=firefox-1.5.0.8&os=win&lang=en-US

Portal SSL and HTTPS

Similar Messages

Maybe you are looking for