Problem with SSL

Similar Messages

• Getting error "Problem with SSL Certificate" but I'm connecting to my private server without SSL

  I wanted to create a PDF from a subtree at a website. The first problem was that Acrobat Pro (11.0.7) wouldn't spider it (probably because there was a robot.txt file there) so I had to use SiteSucker to pull the pages down to my Mac.
  Then I discovered that Acrobat Pro can't handle file:/// URLs so that was no good either
  So then I copied all the pages to a folder on my Linux server where I use a non-standard port (86) for http connection as a minor security precaution.
  When I tried to access that from Acrobat Pro, it bitched about a problem with SSL Certificate but gave me no option to do anything about it. More relevantly, all the files were accessible using http protocol, not https so there shouldn't have been any need to deal with SSL certificates at all
  I had to temporarily enable port 80 on my apache server at which point it's now pulling all the files in and hopefully converting them.
  A) We're at version 11 ---- these kinds of issues should have been fixed years ago
  B) While you're at it, fix the stupid UI issue where the download dialog disappears completely if Acrobat Pro doesn't have the focus. On a long download, I'd like to be able to see progress while working on other stuff. Acrobat Pro is not the center of the universe!

  Interesting point 2, I am working on a Mac plugin at the moment. It does not hide its dialogs when switching to a different app. I consider this a bug and will fix it so the dialog disappears. I hadn't considered the question of progress but there is a very strong reason to do this on the Mac.
  My tests seem to show that
  (a) to get a dialog to sit above PDF documents all the time, it must be on a higher "level".
  (b) if a dialog is at a higher level, this is a global setting.
  So, if the dialog is not hidden when switching all, it will typically sit on top of the other app's document windows. This would not be popular, as the end user, unless they have mountains of screen space and choose to use it that way, must either close or move the dialog when switching app, then bring the dialog back.  So, because Acrobat Pro is not the centre of the universe, it will hide dialogs (or rather, the Mac will, as it's a standard option when creating a window).

• TS3899 iPad mail account says problem with 'ssl settings' - can you help me?

  iPad mail account says problem with 'ssl settings' - can you help me?

  The 4Gs hardware, only 256 MB of RAM, prohibits updating beyond 6.1.6.
  Starting when iOS 7 was released, Apple now allows downloading the last compatible version of some apps (iOS 4.2.1 and later only)
  App Store: Downloading Older Versions of Apps on iOS - Apple Club
  App Store: Install the latest compatible version of an app
  You first have to download the non-compatible version on your computer. Then when you try to purchase the version on your iPod you will be offered a compatible version if one exists.

• Problem with SSL Activated on SSO Login

  Hi Guys,
  One of my applications has recently hit a few problems when SSL was activated on several environments. My application requires you to login using a SSO username and password before you can use the application. Before SSL was implemented, when you pressed the main menu button the page would redirect to the login server and the SSO login would remember your details and log you in again and then take you to the 1st page with a new session id. However, with SSL implemented, when the main menu button is pressed it redirects you to the login server but this time it asks you to enter your username and password. This is a problem as every time authentication is required on my application, it will keep telling you to login even if you have already done so before.
  For extra information, the main menu button (which is a navigation bar entry) redirects you to a piece of javascript which is used to take you back to the 1st page depending on what page you are on.
  I am also using the latest version of APEX.
  Any help is much appreciated as I am not sure where to go with this problem.
  Also is it a problem with the SSL setup or my application?
  Thanks
  -Mark

  I have tried to pass the cookie through the URL to the login server but this does nothing.I can't imagine what you mean by that or what exactly you did.
  it just takes me to the login page and resets the session id after i have logged in again!What do you mean by "reset"?
  How can I make cookies be accepted by SSL?Have you constructed an experiment to prove that this is the problem?
  Is there something i can put in the application itself?Definitely not.
  Scott

• Problem with SSL weblogic plug in and Apache

  We're using mod_wl_22.so with Apache, and after some problems with the mod failing on startup it is now working. We can access the weblogic SSL page fine directly on port 16101 with no warning, when we try via the proxy we get a failure of server Apache bride --------------------------------------------------------------------------------
  No backend server available for connection: timed out after 10 seconds or idempotent set to OFF. And in the wl_proxy.log there is a message that I think relates to the trustedcertfile in our http.conf file. We have a root certificate in pem format as the trustedcertfile.
  ================New Request: [GET /irm_desktop HTTP/1.1] =================
  Thu Jan 27 21:52:15 2011 <258812961651354> INFO: SSL is configured
  Thu Jan 27 21:52:15 2011 <258812961651354> INFO: SSL configured successfully
  Thu Jan 27 21:52:15 2011 <258812961651354> Using Uri /irm_desktop
  Thu Jan 27 21:52:15 2011 <258812961651354> After trimming path: '/irm_desktop'
  Thu Jan 27 21:52:15 2011 <258812961651354> The final request string is '/irm_desktop'
  Thu Jan 27 21:52:15 2011 <258812961651354> SEARCHING id=[sealedinfo-prod:16101] from current ID=[sealedinfo-prod:16101]
  Thu Jan 27 21:52:15 2011 <258812961651354> The two ids matched
  Thu Jan 27 21:52:15 2011 <258812961651354> @@@FOUND...id=[sealedinfo-prod:16101], server_name=[uat.sealedinfo.com], server_port=[443]
  Thu Jan 27 21:52:15 2011 <258812961651354> attempt #0 out of a max of 5
  Thu Jan 27 21:52:15 2011 <258812961651354> Trying a pooled connection for '10.10.10.10/16101/16101'
  Thu Jan 27 21:52:15 2011 <258812961651354> getPooledConn: No more connections in the pool for Host[10.10.10.10] Port[16101] SecurePort[16101]
  Thu Jan 27 21:52:15 2011 <258812961651354> general list: trying connect to '10.10.10.10'/16101/16101 at line 2658 for '/irm_desktop'
  Thu Jan 27 21:52:15 2011 <258812961651354> New SSL URL: match = 0 oid = 22
  Thu Jan 27 21:52:15 2011 <258812961651354> Connect returns -1, and error no set to 10035, msg 'Unknown error'
  Thu Jan 27 21:52:15 2011 <258812961651354> EINPROGRESS in connect() - selecting
  Thu Jan 27 21:52:15 2011 <258812961651354> Setting peerID for new SSL connection
  Thu Jan 27 21:52:15 2011 <258812961651354> 0a0a 0a0a e53e 0000 .....>..
  Thu Jan 27 21:52:15 2011 <258812961651354> Local Port of the socket is 63867
  Thu Jan 27 21:52:15 2011 <258812961651354> Remote Host 10.10.10.10 Remote Port 16101
  Thu Jan 27 21:52:15 2011 <258812961651354> general list: created a new connection to '10.10.10.10'/16101 for '/irm_desktop', Local port:63867
  Thu Jan 27 21:52:15 2011 <258812961648171> WARN: GetSessionCallback: No session match found
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: SSL certificate chain validation failed: 3015
  Thu Jan 27 21:52:16 2011 <258812961651354> trusted certs = 0
  Thu Jan 27 21:52:16 2011 <258812961651354> dumping cert chain
  Thu Jan 27 21:52:16 2011 <258812961651354> commonName is uat.sealedinfo.com
  Thu Jan 27 21:52:16 2011 <258812961648171> WARN: DeleteSessionCallback: No match found!!
  Thu Jan 27 21:52:16 2011 <258812961651354> ERROR: SSLWrite failed
  Thu Jan 27 21:52:16 2011 <258812961651354> SEND failed (ret=-1) at 793 of file ../nsapi/URL.cpp
  Thu Jan 27 21:52:16 2011 <258812961651354> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 794 of ../nsapi/URL.cpp
  Thu Jan 27 21:52:16 2011 <258812961651354> Marking 10.10.10.10:16101 as bad
  Thu Jan 27 21:52:16 2011 <258812961651354> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0,  line 794 of ../nsapi/URL.cpp]: at line 3094
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Closing SSL context
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Error after SSLClose, socket may already have been closed by peer
  Thu Jan 27 21:52:16 2011 <258812961651354> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
  Thu Jan 27 21:52:16 2011 <258812961651354> attempt #1 out of a max of 5
  Thu Jan 27 21:52:16 2011 <258812961651354> general list: trying connect to '10.10.10.10'/16101/16101 at line 2658 for '/irm_desktop'
  Thu Jan 27 21:52:16 2011 <258812961651354> New SSL URL: match = 0 oid = 22
  Thu Jan 27 21:52:16 2011 <258812961651354> Connect returns -1, and error no set to 10035, msg 'Unknown error'
  Thu Jan 27 21:52:16 2011 <258812961651354> EINPROGRESS in connect() - selecting
  Thu Jan 27 21:52:16 2011 <258812961651354> Setting peerID for new SSL connection
  Thu Jan 27 21:52:16 2011 <258812961651354> 0a0a 0a0a e53e 0000 .....>..
  Thu Jan 27 21:52:16 2011 <258812961651354> Local Port of the socket is 63868
  Thu Jan 27 21:52:16 2011 <258812961651354> Remote Host 10.10.10.10 Remote Port 16101
  Thu Jan 27 21:52:16 2011 <258812961651354> general list: created a new connection to '10.10.10.10'/16101 for '/irm_desktop', Local port:63868
  Thu Jan 27 21:52:16 2011 <258812961648171> WARN: GetSessionCallback: No session match found
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: SSL certificate chain validation failed: 3015
  Thu Jan 27 21:52:16 2011 <258812961651354> trusted certs = 0
  Thu Jan 27 21:52:16 2011 <258812961651354> dumping cert chain
  Thu Jan 27 21:52:16 2011 <258812961651354> commonName is uat.sealedinfo.com
  Thu Jan 27 21:52:16 2011 <258812961648171> WARN: DeleteSessionCallback: No match found!!
  Thu Jan 27 21:52:16 2011 <258812961651354> ERROR: SSLWrite failed
  Thu Jan 27 21:52:16 2011 <258812961651354> SEND failed (ret=-1) at 793 of file ../nsapi/URL.cpp
  Thu Jan 27 21:52:16 2011 <258812961651354> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 794 of ../nsapi/URL.cpp
  Thu Jan 27 21:52:16 2011 <258812961651354> Marking 10.10.10.10:16101 as bad
  Thu Jan 27 21:52:16 2011 <258812961651354> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0,  line 794 of ../nsapi/URL.cpp]: at line 3094
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Closing SSL context
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Error after SSLClose, socket may already have been closed by peer
  Thu Jan 27 21:52:16 2011 <258812961651354> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
  Thu Jan 27 21:52:16 2011 <258812961651354> attempt #2 out of a max of 5
  Thu Jan 27 21:52:16 2011 <258812961651354> general list: trying connect to '10.10.10.10'/16101/16101 at line 2658 for '/irm_desktop'
  Thu Jan 27 21:52:16 2011 <258812961651354> New SSL URL: match = 0 oid = 22
  Thu Jan 27 21:52:16 2011 <258812961651354> Connect returns -1, and error no set to 10035, msg 'Unknown error'
  Thu Jan 27 21:52:16 2011 <258812961651354> EINPROGRESS in connect() - selecting
  Thu Jan 27 21:52:16 2011 <258812961651354> Setting peerID for new SSL connection
  Thu Jan 27 21:52:16 2011 <258812961651354> 0a0a 0a0a e53e 0000 .....>..
  Thu Jan 27 21:52:16 2011 <258812961651354> Local Port of the socket is 63869
  Thu Jan 27 21:52:16 2011 <258812961651354> Remote Host 10.10.10.10 Remote Port 16101
  Thu Jan 27 21:52:16 2011 <258812961651354> general list: created a new connection to '10.10.10.10'/16101 for '/irm_desktop', Local port:63869
  Thu Jan 27 21:52:16 2011 <258812961648171> WARN: GetSessionCallback: No session match found
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: SSL certificate chain validation failed: 3015
  Thu Jan 27 21:52:16 2011 <258812961651354> trusted certs = 0
  Thu Jan 27 21:52:16 2011 <258812961651354> dumping cert chain
  Thu Jan 27 21:52:16 2011 <258812961651354> commonName is uat.sealedinfo.com
  Thu Jan 27 21:52:16 2011 <258812961648171> WARN: DeleteSessionCallback: No match found!!
  Thu Jan 27 21:52:16 2011 <258812961651354> ERROR: SSLWrite failed
  Thu Jan 27 21:52:16 2011 <258812961651354> SEND failed (ret=-1) at 793 of file ../nsapi/URL.cpp
  Thu Jan 27 21:52:16 2011 <258812961651354> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 794 of ../nsapi/URL.cpp
  Thu Jan 27 21:52:16 2011 <258812961651354> Marking 10.10.10.10:16101 as bad
  Thu Jan 27 21:52:16 2011 <258812961651354> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0,  line 794 of ../nsapi/URL.cpp]: at line 3094
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Closing SSL context
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Error after SSLClose, socket may already have been closed by peer
  Thu Jan 27 21:52:16 2011 <258812961651354> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
  Thu Jan 27 21:52:16 2011 <258812961651354> attempt #3 out of a max of 5
  Thu Jan 27 21:52:16 2011 <258812961651354> general list: trying connect to '10.10.10.10'/16101/16101 at line 2658 for '/irm_desktop'
  Thu Jan 27 21:52:16 2011 <258812961651354> New SSL URL: match = 0 oid = 22
  Thu Jan 27 21:52:16 2011 <258812961651354> Connect returns -1, and error no set to 10035, msg 'Unknown error'
  Thu Jan 27 21:52:16 2011 <258812961651354> EINPROGRESS in connect() - selecting
  Thu Jan 27 21:52:16 2011 <258812961651354> Setting peerID for new SSL connection
  Thu Jan 27 21:52:16 2011 <258812961651354> 0a0a 0a0a e53e 0000 .....>..
  Thu Jan 27 21:52:16 2011 <258812961651354> Local Port of the socket is 63870
  Thu Jan 27 21:52:16 2011 <258812961651354> Remote Host 10.10.10.10 Remote Port 16101
  Thu Jan 27 21:52:16 2011 <258812961651354> general list: created a new connection to '10.10.10.10'/16101 for '/irm_desktop', Local port:63870
  Thu Jan 27 21:52:16 2011 <258812961648171> WARN: GetSessionCallback: No session match found
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: SSL certificate chain validation failed: 3015
  Thu Jan 27 21:52:16 2011 <258812961651354> trusted certs = 0
  Thu Jan 27 21:52:16 2011 <258812961651354> dumping cert chain
  Thu Jan 27 21:52:16 2011 <258812961651354> commonName is uat.sealedinfo.com
  Thu Jan 27 21:52:16 2011 <258812961648171> WARN: DeleteSessionCallback: No match found!!
  Thu Jan 27 21:52:16 2011 <258812961651354> ERROR: SSLWrite failed
  Thu Jan 27 21:52:16 2011 <258812961651354> SEND failed (ret=-1) at 793 of file ../nsapi/URL.cpp
  Thu Jan 27 21:52:16 2011 <258812961651354> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 794 of ../nsapi/URL.cpp
  Thu Jan 27 21:52:16 2011 <258812961651354> Marking 10.10.10.10:16101 as bad
  Thu Jan 27 21:52:16 2011 <258812961651354> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0,  line 794 of ../nsapi/URL.cpp]: at line 3094
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Closing SSL context
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Error after SSLClose, socket may already have been closed by peer
  Thu Jan 27 21:52:16 2011 <258812961651354> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
  Thu Jan 27 21:52:16 2011 <258812961651354> attempt #4 out of a max of 5
  Thu Jan 27 21:52:16 2011 <258812961651354> general list: trying connect to '10.10.10.10'/16101/16101 at line 2658 for '/irm_desktop'
  Thu Jan 27 21:52:16 2011 <258812961651354> New SSL URL: match = 0 oid = 22
  Thu Jan 27 21:52:16 2011 <258812961651354> Connect returns -1, and error no set to 10035, msg 'Unknown error'
  Thu Jan 27 21:52:16 2011 <258812961651354> EINPROGRESS in connect() - selecting
  Thu Jan 27 21:52:16 2011 <258812961651354> Setting peerID for new SSL connection
  Thu Jan 27 21:52:16 2011 <258812961651354> 0a0a 0a0a e53e 0000 .....>..
  Thu Jan 27 21:52:16 2011 <258812961651354> Local Port of the socket is 63871
  Thu Jan 27 21:52:16 2011 <258812961651354> Remote Host 10.10.10.10 Remote Port 16101
  Thu Jan 27 21:52:16 2011 <258812961651354> general list: created a new connection to '10.10.10.10'/16101 for '/irm_desktop', Local port:63871
  Thu Jan 27 21:52:16 2011 <258812961648171> WARN: GetSessionCallback: No session match found
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: SSL certificate chain validation failed: 3015
  Thu Jan 27 21:52:16 2011 <258812961651354> trusted certs = 0
  Thu Jan 27 21:52:16 2011 <258812961651354> dumping cert chain
  Thu Jan 27 21:52:16 2011 <258812961651354> commonName is uat.sealedinfo.com
  Thu Jan 27 21:52:16 2011 <258812961648171> WARN: DeleteSessionCallback: No match found!!
  Thu Jan 27 21:52:16 2011 <258812961651354> ERROR: SSLWrite failed
  Thu Jan 27 21:52:16 2011 <258812961651354> SEND failed (ret=-1) at 793 of file ../nsapi/URL.cpp
  Thu Jan 27 21:52:16 2011 <258812961651354> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 794 of ../nsapi/URL.cpp
  Thu Jan 27 21:52:16 2011 <258812961651354> Marking 10.10.10.10:16101 as bad
  Thu Jan 27 21:52:16 2011 <258812961651354> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0,  line 794 of ../nsapi/URL.cpp]: at line 3094
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Closing SSL context
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Error after SSLClose, socket may already have been closed by peer
  Thu Jan 27 21:52:16 2011 <258812961651354> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
  Thu Jan 27 21:52:16 2011 <258812961651354> attempt #5 out of a max of 5
  Thu Jan 27 21:52:16 2011 <258812961651354> general list: trying connect to '10.10.10.10'/16101/16101 at line 2658 for '/irm_desktop'
  Thu Jan 27 21:52:16 2011 <258812961651354> New SSL URL: match = 0 oid = 22
  Thu Jan 27 21:52:16 2011 <258812961651354> Connect returns -1, and error no set to 10035, msg 'Unknown error'
  Thu Jan 27 21:52:16 2011 <258812961651354> EINPROGRESS in connect() - selecting
  Thu Jan 27 21:52:16 2011 <258812961651354> Setting peerID for new SSL connection
  Thu Jan 27 21:52:16 2011 <258812961651354> 0a0a 0a0a e53e 0000 .....>..
  Thu Jan 27 21:52:16 2011 <258812961651354> Local Port of the socket is 63872
  Thu Jan 27 21:52:16 2011 <258812961651354> Remote Host 10.10.10.10 Remote Port 16101
  Thu Jan 27 21:52:16 2011 <258812961651354> general list: created a new connection to '10.10.10.10'/16101 for '/irm_desktop', Local port:63872
  Thu Jan 27 21:52:16 2011 <258812961648171> WARN: GetSessionCallback: No session match found
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: SSL certificate chain validation failed: 3015
  Thu Jan 27 21:52:16 2011 <258812961651354> trusted certs = 0
  Thu Jan 27 21:52:16 2011 <258812961651354> dumping cert chain
  Thu Jan 27 21:52:16 2011 <258812961651354> commonName is uat.sealedinfo.com
  Thu Jan 27 21:52:16 2011 <258812961648171> WARN: DeleteSessionCallback: No match found!!
  Thu Jan 27 21:52:16 2011 <258812961651354> ERROR: SSLWrite failed
  Thu Jan 27 21:52:16 2011 <258812961651354> SEND failed (ret=-1) at 793 of file ../nsapi/URL.cpp
  Thu Jan 27 21:52:16 2011 <258812961651354> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 794 of ../nsapi/URL.cpp
  Thu Jan 27 21:52:16 2011 <258812961651354> Marking 10.10.10.10:16101 as bad
  Thu Jan 27 21:52:16 2011 <258812961651354> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0,  line 794 of ../nsapi/URL.cpp]: at line 3094
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Closing SSL context
  Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Error after SSLClose, socket may already have been closed by peer
  Thu Jan 27 21:52:16 2011 <258812961651354> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
  Thu Jan 27 21:52:16 2011 <258812961651354> request [irm_desktop] did NOT process successfully..................

  I see that it is six months ago that I first posted this. Nothing has changed. When I use affixa to create a message with an attachment from my gmail account in firefox, the message is created in drafts, but the gmail window is closed and I have to re-open it. Not critical, but annoying.
  Now there is a plug-in on the affixa site that is supposed to be designed for Firefox, and which affixa support claims should take care of this. And I've downloaded it twice. When you download it and open it, it says that it will be installed when Firefox restarts, and gives you a button to restart Firefox. But after you click that button and firefox disappears and re-appears, the affixa plug-in is NOT in the plugin list.
  Please, somebody, HELP.

• Windows Server 2003 and problem with SSL connection (TLS)

  Hi,
  We are forcing a problem with SLL/TLS connection on a machine Windows Server 2003 SP2.
  We spent hours trying to solve it without any result. 
  SYMPTOMS
  No SSL connection can be established in any application since last year, e.g.:
  we cannot do any windows update, because there is a time verification over SSL on the windows update website (there is an error that the time is incorrect while it is up-to-date)
  we cannot open any website in Internet Explorer over https
  when we try to connect to the SQL Server (database SQL 2008 hosted on the same server) with Management Studio it fails with an error: "A connection
  was successfully established with the server, but then an error occurred during the pre-login handshake.(provider: SSL Provider, error: 0 - Could not
  contact LSA)(Microsoft SQL Server)"
  in a custom applications which sends requests over https we receive an error: "Could not establish trust relationship for SSL/TLS secure channel"
  Everything seems to point at some SSL problem somewhere deep inside Windows.
  We installed several patches, but without any result. 
  Can anybody help?
  Regards,
  Dawid

  Hi, thanks for answers,
  - In IE both SSL2.0 and TLS1.0 are checked. We tried to disable TLS1.0 - with no results. 
  - In  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel both SSL2.0
  and TLS1.0 are enabled. We also tried to dislable TLS1.0 on the Client side - with no resuts. 
  - In
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL EventLogging is set to 3, so it should log warnings
  and errors. But we cannot find any related logs in EventLog
  Unfortunately we are still in the same place.

• [solved]partially working network, problems with ssl and irc

  Hi,
  for a weird reason I can't access any websites with https anymore nor can i connect to any irc servers with irssi and connection attempts with ssh time out. The system is up2date and I am using kdemod as DE.
  My rc.conf looks like this:
  # /etc/rc.conf - Main Configuration for Arch Linux
  # LOCALIZATION
  # LOCALE: available languages can be listed with the 'locale -a' command
  # HARDWARECLOCK: set to "UTC" or "localtime", any other value will result
  # in the hardware clock being left untouched (useful for virtualization)
  # TIMEZONE: timezones are found in /usr/share/zoneinfo
  # KEYMAP: keymaps are found in /usr/share/kbd/keymaps
  # CONSOLEFONT: found in /usr/share/kbd/consolefonts (only needed for non-US)
  # CONSOLEMAP: found in /usr/share/kbd/consoletrans
  # USECOLOR: use ANSI color sequences in startup messages
  LOCALE="de_DE.utf8"
  HARDWARECLOCK="localtime"
  TIMEZONE="Europe/Berlin"
  KEYMAP="de"
  CONSOLEFONT=
  CONSOLEMAP=
  USECOLOR="yes"
  # HARDWARE
  # MOD_AUTOLOAD: Allow autoloading of modules at boot and when needed
  # MOD_BLACKLIST: Prevent udev from loading these modules
  # MODULES: Modules to load at boot-up. Prefix with a ! to blacklist.
  # NOTE: Use of 'MOD_BLACKLIST' is deprecated. Please use ! in the MODULES array.
  MOD_AUTOLOAD="yes"
  #MOD_BLACKLIST=() #deprecated
  MODULES=(!b44 !mii !ipw2200 !libipw !ac97_bus !snd-mixer-oss !snd-pcm-oss !snd-page-alloc !snd-pcm !snd-timer !snd !snd-ac97-codec !snd-intel8x0 !snd-intel8x0m !soundcore b44 mii ipw2200 libipw ac97_bus snd-mixer-oss snd-pcm-oss snd-page-alloc snd-pcm snd-timer snd snd-ac97-codec snd-intel8x0 snd-intel8x0m soundcore)
  # Scan for LVM volume groups at startup, required if you use LVM
  USELVM="no"
  # NETWORKING
  # HOSTNAME: Hostname of machine. Should also be put in /etc/hosts
  HOSTNAME="horst-lp"
  # Use 'ifconfig -a' or 'ls /sys/class/net/' to see all available interfaces.
  # Interfaces to start at boot-up (in this order)
  # Declare each interface then list in INTERFACES
  # - prefix an entry in INTERFACES with a ! to disable it
  # - no hyphens in your interface names - Bash doesn't like it
  eth0="dhcp"
  # Wireless: See network profiles below
  #Static IP example
  #eth0="dhcp"
  eth0="dhcp"
  INTERFACES=(!eth0 !eth1 !wlan0)
  # Routes to start at boot-up (in this order)
  # Declare each route then list in ROUTES
  # - prefix an entry in ROUTES with a ! to disable it
  gateway="default gw 192.168.0.1"
  ROUTES=(!gateway)
  # Enable these network profiles at boot-up. These are only useful
  # if you happen to need multiple network configurations (ie, laptop users)
  # - set to 'menu' to present a menu during boot-up (dialog package required)
  # - prefix an entry with a ! to disable it
  # Network profiles are found in /etc/network.d
  # This now requires the netcfg package
  #NETWORKS=(main)
  # DAEMONS
  # Daemons to start at boot-up (in this order)
  # - prefix a daemon with a ! to disable it
  # - prefix a daemon with a @ to start it up in the background
  DAEMONS=(syslog-ng hal !network networkmanager avahi-daemon avahi-dnsconfd alsa cdemud kdm samba mpd lighttpd)
  Earlier I had some problems with not resolving addresses, which I somehow got rid of. At the time I blamed my isp.
  Perhaps something broke when I had a program running in wine to play with a car too and I had to switch the laptop off bc it didn't want to react anymore.
  thx for reading
  e: I don't know why, but it worked when I started Arch this morning.. while it didn't yesterday although everything worked correctly on my other PCs.
  Last edited by dt (2009-11-07 09:02:46)

  Hi,
  for a weird reason I can't access any websites with https anymore nor can i connect to any irc servers with irssi and connection attempts with ssh time out. The system is up2date and I am using kdemod as DE.
  My rc.conf looks like this:
  # /etc/rc.conf - Main Configuration for Arch Linux
  # LOCALIZATION
  # LOCALE: available languages can be listed with the 'locale -a' command
  # HARDWARECLOCK: set to "UTC" or "localtime", any other value will result
  # in the hardware clock being left untouched (useful for virtualization)
  # TIMEZONE: timezones are found in /usr/share/zoneinfo
  # KEYMAP: keymaps are found in /usr/share/kbd/keymaps
  # CONSOLEFONT: found in /usr/share/kbd/consolefonts (only needed for non-US)
  # CONSOLEMAP: found in /usr/share/kbd/consoletrans
  # USECOLOR: use ANSI color sequences in startup messages
  LOCALE="de_DE.utf8"
  HARDWARECLOCK="localtime"
  TIMEZONE="Europe/Berlin"
  KEYMAP="de"
  CONSOLEFONT=
  CONSOLEMAP=
  USECOLOR="yes"
  # HARDWARE
  # MOD_AUTOLOAD: Allow autoloading of modules at boot and when needed
  # MOD_BLACKLIST: Prevent udev from loading these modules
  # MODULES: Modules to load at boot-up. Prefix with a ! to blacklist.
  # NOTE: Use of 'MOD_BLACKLIST' is deprecated. Please use ! in the MODULES array.
  MOD_AUTOLOAD="yes"
  #MOD_BLACKLIST=() #deprecated
  MODULES=(!b44 !mii !ipw2200 !libipw !ac97_bus !snd-mixer-oss !snd-pcm-oss !snd-page-alloc !snd-pcm !snd-timer !snd !snd-ac97-codec !snd-intel8x0 !snd-intel8x0m !soundcore b44 mii ipw2200 libipw ac97_bus snd-mixer-oss snd-pcm-oss snd-page-alloc snd-pcm snd-timer snd snd-ac97-codec snd-intel8x0 snd-intel8x0m soundcore)
  # Scan for LVM volume groups at startup, required if you use LVM
  USELVM="no"
  # NETWORKING
  # HOSTNAME: Hostname of machine. Should also be put in /etc/hosts
  HOSTNAME="horst-lp"
  # Use 'ifconfig -a' or 'ls /sys/class/net/' to see all available interfaces.
  # Interfaces to start at boot-up (in this order)
  # Declare each interface then list in INTERFACES
  # - prefix an entry in INTERFACES with a ! to disable it
  # - no hyphens in your interface names - Bash doesn't like it
  eth0="dhcp"
  # Wireless: See network profiles below
  #Static IP example
  #eth0="dhcp"
  eth0="dhcp"
  INTERFACES=(!eth0 !eth1 !wlan0)
  # Routes to start at boot-up (in this order)
  # Declare each route then list in ROUTES
  # - prefix an entry in ROUTES with a ! to disable it
  gateway="default gw 192.168.0.1"
  ROUTES=(!gateway)
  # Enable these network profiles at boot-up. These are only useful
  # if you happen to need multiple network configurations (ie, laptop users)
  # - set to 'menu' to present a menu during boot-up (dialog package required)
  # - prefix an entry with a ! to disable it
  # Network profiles are found in /etc/network.d
  # This now requires the netcfg package
  #NETWORKS=(main)
  # DAEMONS
  # Daemons to start at boot-up (in this order)
  # - prefix a daemon with a ! to disable it
  # - prefix a daemon with a @ to start it up in the background
  DAEMONS=(syslog-ng hal !network networkmanager avahi-daemon avahi-dnsconfd alsa cdemud kdm samba mpd lighttpd)
  Earlier I had some problems with not resolving addresses, which I somehow got rid of. At the time I blamed my isp.
  Perhaps something broke when I had a program running in wine to play with a car too and I had to switch the laptop off bc it didn't want to react anymore.
  thx for reading
  e: I don't know why, but it worked when I started Arch this morning.. while it didn't yesterday although everything worked correctly on my other PCs.
  Last edited by dt (2009-11-07 09:02:46)

• Strange problem with SSL Sockets using more than 10 Clients

  Hi
  I�m using Jsse ( JDK 1.4.2_06 ). I have coded a Client/Server Applikation acting over SSLSockets or over unsecured Sockets. If I use unsecured Sockets everthing works fine, but if I use SSLSockets for the Connection and about 20 Clients, the Clients often can�t connect to the Server and the following Exception was thrown:
  java.net.ConnectException: Connection refused: connect
  Could it be that there is some strange problem with SSLServerSockets relating to this phenomenon?
  If I use only a few Clients the Exception occurs never or only sometimes.
  Has anyboby an idea what is happaning there?
  Regards Chrisli

  Hi
  From the description of your scenario, you have coded your own server side of the application. I would advise that you consider moving your application to run under Tomcat framework and test if you still get the same exception.

• Problem with SSL and IAS 9.0.4.3.0

  Hi,
  I want to use SSL for my own webservice, but when I enabled SSL for my AS then I can't use my Forms-Applikation.
  I use a new installed Applikation Server Version 9.0.4.3.0 (Forms/Reports) on SLES 9 and the webservice is in a new OC4J-Container.
  Without SSL is everything fine.
  But when I made the changes to use SSL then I can use my Webservice with or without SSL, but I can't start the Test-Form-Mask (test.fmx) from the AS.
  In the Java-Console I see the following:
  oracle.forms.net.ConnectionException: 500
       at oracle.forms.net.ConnectionException.createConnectionException(Unknown Source)
       at oracle.forms.net.HTTPNStream.getResponse(Unknown Source)
       at oracle.forms.net.HTTPNStream.doFlush(Unknown Source)
       at oracle.forms.net.HTTPNStream.flush(Unknown Source)
       at java.io.DataOutputStream.flush(Unknown Source)
       at oracle.forms.net.HTTPConnection.connect(Unknown Source)
       at oracle.forms.engine.FormsDispatcher.initConnection(Unknown Source)
       at oracle.forms.engine.FormsDispatcher.init(Unknown Source)
       at oracle.forms.engine.Runform.initConnection(Unknown Source)
       at oracle.forms.engine.Runform.startRunform(Unknown Source)
       at oracle.forms.engine.Main.createRunform(Unknown Source)
       at oracle.forms.engine.Main.start(Unknown Source)
       at sun.applet.AppletPanel.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  And in the error log from the Apache I see the following:
  [Mon Nov  5 17:45:47 2007] [error] [client 127.0.0.2] [ecid: 84777561304,1] File does not exist: /opt/oracle/product/ias904/forms90/java/oracle/forms/registry/default.dat
  [Mon Nov  5 17:45:47 2007] [error] [client 127.0.0.2] [ecid: 84777561477,1] File does not exist: /opt/oracle/product/ias904/forms90/java/oracle/forms/engine/RunformBundle_de_DE.class
  [Mon Nov  5 17:45:47 2007] [error] [client 127.0.0.2] [ecid: 84777561497,1] File does not exist: /opt/oracle/product/ias904/forms90/java/oracle/forms/engine/RunformBundle_de_DE.properties
  [Mon Nov  5 17:45:52 2007] [error] [client 127.0.0.2] [ecid: 76187632590,1] File does not exist: /opt/oracle/product/ias904/forms90/java/oracle/ewt/alert/resource/AlertBundle_de_DE.class
  [Mon Nov  5 17:45:53 2007] [error] [client 127.0.0.2] [ecid: 76187632640,1] File does not exist: /opt/oracle/product/ias904/forms90/java/oracle/ewt/alert/resource/AlertBundle_de_DE.properties
  [Mon Nov  5 17:46:39 2007] [error] [client 127.0.0.2] [ecid: 1194281199:127.0.0.2:31638:0:36,0] MOD_OC4J_0095: mod_oc4j's SSL is enabled for communication with oc4j, but the oc4j process it gets has a non-SSL port. Possibly a configuration problem.
  [Mon Nov  5 17:46:39 2007] [error] [client 127.0.0.2] [ecid: 1194281199:127.0.0.2:31638:0:36,0] MOD_OC4J_0119: Failed to get an oc4j process for destination: home
  [Mon Nov  5 17:46:39 2007] [error] [client 127.0.0.2] [ecid: 1194281199:127.0.0.2:31638:0:36,0] MOD_OC4J_0013: Failed to call destination: home's service() to service the request.
  I think the first 5 messages are not so important, but I don't know what the last 3 messages mean.
  I can't find any mistakes in my configuration. I have tested it with the SUN-Java Plug-In and with the JIinitator, but is the same result.
  Have someone a hint for me or better idea to use SSL with a webservice?
  Thanks in advance.
  Knut

  I configured the HTTP-Server and the OC4J-Containers for Forms and my webservice for SSL.
  But for Forms I don't need SSL, only for the webservices.
  In the meantime I tested SSL with IAS 10.1.2.0.2 and there is the same problem.
  I think the last 3 messages come from Web Cache, because everytime when I try to test whether the Web Cache is working these messages shown in the error log from Apache.
  Sometimes are the following messages in the error log of the Apache:
  [Tue Nov  6 16:07:58 2007] [warn] [client 127.0.0.2] [ecid: 89154992130,1] MOD_OC4J_0184: Failed to find an oc4j process for destination: OC4J_BI_Forms
  [Tue Nov  6 16:07:58 2007] [error] [client 127.0.0.2] [ecid: 89154992130,1] MOD_OC4J_0145: There is no oc4j process (for destination: OC4J_BI_Forms) available to service request.
  [Tue Nov  6 16:07:58 2007] [error] [client 127.0.0.2] [ecid: 89154992130,1] MOD_OC4J_0119: Failed to get an oc4j process for destination: OC4J_BI_Forms
  [Tue Nov  6 16:07:58 2007] [error] [client 127.0.0.2] [ecid: 89154992130,1] MOD_OC4J_0013: Failed to call destination: OC4J_BI_Forms's service() to service the request.
  But I can not figure out when these messages are written
  Message was edited by:
  Melman

• Problem with SSL socket(SSLSocketFactoryImpl.createSocket())

  Hello,
  I'm trying to create a ssl socket but I get an exception, I really don't know why. I have alredy include the certificate via keytool to my jdk. And I'm able to get html header with URLConnection with the code below
  import java.net.URL;
  import java.net.URLConnection;
  public class testClass {
       public static void main(String[] args) throws Exception {
            try{
                 URL url = new URL("https://ippbx1:8443/axl/");
                 String userPassword = "****" + ":" + "****";
                 String encoding = new sun.misc.BASE64Encoder().encode (userPassword.getBytes());
                 URLConnection c = url.openConnection();
                 c.setRequestProperty("Authorization", "Basic " + encoding);
                 for (int i=0; ; i++)
                      String name = c.getHeaderFieldKey(i);
                      String value = c.getHeaderField(i);
                      if (name == null && value == null)     // end of headers
                           break;        
                      if (name == null)     // first line of headers
                           System.out.println("Server HTTP version, Response code:");
                           System.out.println(value);
                           System.out.print("\n");
                      else
                           System.out.println(name + "=" + value);
            catch (Exception e) {}
  }and I get the following result :
  Server HTTP version, Response code:
  HTTP/1.1 200 OK
  Server=Apache-Coyote/1.1
  Pragma=No-cache
  Cache-Control=no-cache
  Expires=Thu, 01 Jan 1970 01:00:00 CET
  Set-Cookie=JSESSIONIDSSO=77670D5480DAD295C6519E812F9FED64; Path=/
  Set-Cookie=JSESSIONID=B71BDB730FA5B3B431D3B16C41E190E3; Path=/axl; Secure
  Content-Type=text/html;charset=ISO-8859-1
  Content-Length=233
  Date=Wed, 10 Jun 2009 15:17:10 GMTBut when I try to make a socket :
  import java.io.*;
  import java.net.*;
  import javax.net.SocketFactory;
  import javax.net.ssl.SSLSocketFactory;
  public class axlforward {
       public static void main(String[] args) {
  String address = "https://ippbx1:8443/axl/";        
            int portnum = 8443;
  try
                 SocketFactory socketFactory = SSLSocketFactory.getDefault();
                 Socket socket = socketFactory.createSocket(address, portnum);
  } catch (Exception e) {e.printStackTrace();} I get the following
  java.net.UnknownHostException: https://ippbx1/axl/
       at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:177)
       at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
       at java.net.Socket.connect(Socket.java:519)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:550)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:353)
       at com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:71)
       at axlforward.main(axlforward.java:89)I have a VB program that connects to the socket(with Inet1.Protocol = icHTTPS and Inet1.Execute strURL, "Post", strFormData, strFormHdr methods) and do what I want but I need to do it in Java but I'm not able to find the error.
  the server socket is a Cisco callManager Service(AXL Web Service) which receives and html+SOAP request and sends back an xml response and this server socket is running correctly with no problem.
  Thanks for your help.

  Jdevelopper8709 wrote:
  Thanks for your reply.
  I now can access to my socket and get the information I want with:
  SocketFactory socketFactory = SSLSocketFactory.getDefault();
                 socket = (SSLSocket) socketFactory.createSocket("ippbx1", 8443);In fact the problem was a username/password issue.
  Thanks.I quote from reply #1 "The address is just "ippbx1" and not "https://ippbx1:8443/axl/". The protocol is not part of the IP address.".

• Problem with ssl and tomcat

  Hi to all, I'm trying to do ssl in a intranet. I have tomcat 4.1 and JDK 4.1_02. I have following all steps thats indicate the tomcat ssl documentation, I have copied the jcert.jar jnet.jar and jsse.jar to the directorie jre\lib\ext I have generated the keystore and verisign have sent me the keys. I have modified the server.xml where I have put the new port and the factory tag but I cannot see a page through https.
  I have port 8080 that redirects to 8443, which have the scheme=https.
  if I put http:\\localhost:8080 appear the tomcat home page.
  if I put https:\\localhost:8443 not appear nothing.
  if I put http:\\localhost:8443 not appear error but don't show nothing.
  I have seen the log of tomcat and appear an exception:
  org.apache.commons.digester.Digester error
  Parse Error al line 89 column 11: the content element type "web-app" must match (icon?,display-name?....
  this exception don't appear previously,it seems that is a problem of xerces.
  Any idea or help it is welcome.
  THANKS.

  Obviously you have a syntax error in your one of your .xml files. Most likely in either the global web.xml or the application specific one.

• Problem with ssl in weblogic 10.3

  I would like to connect from web application on my weblogic to webservices(they are on https) on other server(IIS). What should I add to my weblogic?
  KeyStore with appropriate certificate?
  I got this kind of error when I set keysore prime.jks in weblogic keysotres for option custom identity and custom trust.
  <2009-02-13 14:09:42 CET> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias prime from the jks keystore file D:\Praca\BEA_10.3\user_projects\domains\domain1\security\prime.jks.>
  <2009-02-13 14:09:42 CET> <Alert> <Security> <BEA-090168> <No identity key/certificate entry was found under alias prime in keystore D:\Praca\BEA_10.3\user_projects\domains\domain1\security\prime.jks on server AdminServer>
  <2009-02-13 14:09:42 CET> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file D:\Praca\BEA_10.3\user_projects\domains\domain1\security\prime.jks.>
  javax.ejb.EJBTransactionRolledbackException: EJB Exception: ; nested exception is: javax.xml.ws.WebServiceException: javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
  Thanks for all responses.

  I turned on ssldebug and I get following errors:
  <2009-02-16 10:12:01 CET> <Debug> <SecuritySSL> <BEA-000000> <Cannot convert identity certificate
  java.security.cert.CertificateParsingException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.3.14.3.2.29
  <2009-02-16 10:12:01 CET> <Debug> <SecuritySSL> <BEA-000000> <Failed to load server trusted CAs
  java.lang.RuntimeException: Cannot convert identity certificate
  <2009-02-16 10:12:01 CET> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
  <2009-02-16 10:12:01 CET> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 2090001>
  <2009-02-16 10:12:01 CET> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
  <2009-02-16 10:12:01 CET> <Debug> <SecuritySSL> <BEA-000000> <write SSL_20_RECORD>
  <2009-02-16 10:12:01 CET> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
  <2009-02-16 10:12:01 CET> <Debug> <SecuritySSL> <BEA-000000> <961888 SSL3/TLS MAC>
  <2009-02-16 10:12:01 CET> <Debug> <SecuritySSL> <BEA-000000> <961888 received HANDSHAKE>
  <2009-02-16 10:12:01 CET> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
  <2009-02-16 10:12:01 CET> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
  <2009-02-16 10:12:01 CET> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
  java.lang.Exception: New alert stack
  I added to server keystore(as Custom Identity Keystore and Custom Trust Keystore) constaininig privatekey and certicfiacte(downloaded while trying to connect to this webservice by browser).
  Do I have to install IIS plug-in to connect with webservices on IIS?!
  Thanks for all responses.
  Edited by: lukep1984 on 2009-02-16 06:19

• Apache 2.4 problem with SSL

  hello,
  i have updated my configuration to apache 2.4, i replaced my httpd.conf with the pacnew one. I use mod_mpm_prefork.so.
  i can access regular websites (http) and php is ok.
  Nevertheless i have an handshake error when i try to access https website
  this is my ssl.conf
  AddType application/x-x509-ca-cert .crt
  AddType application/x-pkcs7-crl .crl
  SSLPassPhraseDialog builtin
  SSLSessionCache "shmcb:/var/run/httpd/ssl_scache(512000)"
  SSLSessionCacheTimeout 300
  Mutex sysvsem default
  my website in https
  <VirtualHost *:443>
  ServerName myadmin.com:443
  ServerAdmin [email protected]
  ServerSignature Off
  SSLEngine on
  SSLOptions +StrictRequire
  SSLProtocol all -SSLv2
  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
  SSLCACertificateFile /data/system/etc/httpd/ssl/ca.crt
  SSLCertificateFile /data/system/etc/httpd/ssl/hostadmin.myadmin.com.crt
  SSLCertificateKeyFile /data/system/etc/httpd/ssl/hostadmin.myadmin.com.key
  BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
  <Location />
  SSLRequireSSL
  SSLVerifyClient require
  SSLRenegBufferSize 524288000
  </Location>
  DocumentRoot "/data/www_ssl/hostadmin/_www"
  ErrorLog "/data/www_ssl/hostadmin/logs/error.log"
  TransferLog "/data/www_ssl/hostadmin/logs/access.log"
  CustomLog "/data/www_ssl/hostadmin/logs/access_ssl.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
  <FilesMatch "\.(cgi|shtml|phtml|php)$">
  SSLOptions +StdEnvVars +ExportCertData
  </FilesMatch>
  <Directory "/data/www_ssl/hostadmin/_www">
  DirectoryIndex index.php index.html index.htm
  Options ExecCGI Indexes FollowSymLinks MultiViews
  AllowOverride All
  Require all granted
  </Directory>
  Alias /phpmyadmin "/usr/share/webapps/phpMyAdmin"
  <Directory "/usr/share/webapps/phpMyAdmin">
  AllowOverride None
  Options FollowSymlinks
  Require all granted
  </Directory>
  </VirtualHost>
  if somebody can give me an example of ssl.conf
  thanks for your help
  Last edited by freaks (2014-03-18 10:37:02)

  freaks wrote:if somebody can give me an example of ssl.conf
  Hi freaks; you can find an example SSL configuration file here on your system:
  /etc/httpd/conf/extra/httpd-ssl.conf
  It’s full of comments describing what the different options are.
  Apache’s documentation on SSL is full of good stuff, including a howto.
  As far as selecting ciphers go, you could do worse than following Qualys’ advice on the subject.
  Paul
  Last edited by prelog (2014-03-19 04:05:40)

• Business Connector problem with SSL and Web Services

  Hi,
  I have generated a Web Connector Service and tested this in our DEV and QA environment with http and no credentials.
  All is fine.
  I now switched to SSL and was provided with an https WSDL by our Web Server developers. The Web Connector service generates fine however as soon as I execute the service I get a NumberFormatException. Exact error is:
  java.io.IOException:java.lang.NumberFormatException: null
  The error occurs in pub.client:http
  I traced through the working (in QA) and non-workinfg versions and checked the pipeline prior to the call and can see no different apart from the difference in protocol.
  Does anyone have any idea what the cause is? I cannot determine what value is null.
  Thanks
  Brian

  Hi,
  I have generated a Web Connector Service and tested this in our DEV and QA environment with http and no credentials.
  All is fine.
  I now switched to SSL and was provided with an https WSDL by our Web Server developers. The Web Connector service generates fine however as soon as I execute the service I get a NumberFormatException. Exact error is:
  java.io.IOException:java.lang.NumberFormatException: null
  The error occurs in pub.client:http
  I traced through the working (in QA) and non-workinfg versions and checked the pipeline prior to the call and can see no different apart from the difference in protocol.
  Does anyone have any idea what the cause is? I cannot determine what value is null.
  Thanks
  Brian

• Problem with ssl certificate

  Hello everyone!
  I have a scenario wherein I am trying to connect SRM to a marketsite through XI.
  SRM (Purchase Order) --->  XI (marketplace adapter) ---> Marketsite
  The URL of the marketsite is of the type HTTPS so I am using certificate logon as the method for authentication.
  Please tell me whether this is the right thing to do:
  1. Create a self-signed certificate in the "Key Storage" of the visual administrator.
  2. Export the certificate and have it installed in the marketsite.
  3. Configure the marketplace com. channel in the integration directory to use the private key I used to generate the certificate I sent to the marketsite.
  Having done that, I am get a "server rejected by chain verifier" error in the message monitoring tool.
  Here are some other questions:
  1. Should I create a new View for the certificate and private key, or should I create the certificate in the existing "service_ssl" and rename the new certificate "ssl-credentials-cert" and the private key "ssl_credentials"
  2. Will a self-signed certificate work or do I need to get it signed by a CA before importing the response.
  3. If a self-signed certificate will work, do I need to add another certificate in the "TrustedCAs" view?
  4. If I should import a certificate response from a CA, where can I get the certificate of the CA?
  I know these are a lot of questions, but I'd really appreciate all the help I can get from you guys. Please avoid posting links to other threads as I have pretty much read all of them..
  Warm regards,
  Glenn

  Hi Glenn,
  Let me explain the scenario without client certificate Logon (User and password) first .
  When you want to communicate with marketsite in secure manner, get the certificate of the CA (Certifying Authority) who has signed market site Cert. and add it to Trusted CAs view in Visual Admin of XI. Sometimes it may be a CA certificate chain.
  If that certificate is self-signed, add the market site certificate itself in to Trusted CAS of Vis.Admin of XI.
  Certificate Logon:
  This is for ur (XI servers) Identity to Marketsite.
  In Visual Admin KeyStorage create a view or in any of existing views create a Private Key and Public key (Certificate) pair representing XI Server (CN should be hostname of XI server). Get the public Key signed by CA and import the Certificate in Visual Admin.
  Now in Configuration select view and the Private Key just created for XI's Identity.
  PS: There may be some steps in Marketsite too in case of Certificate logon like Adding XI certificate to something like Trusted CAS of Marketsite.You can get better picture from guys administrating the Marketsite..
  Try these options and post the results in forum.
  Good Luck.
  Regards,
  Sudharshan N A