Proxy SSL tunelling

Hello.
I'm having a problem with a distributed application where the client connects via a proxy server (Squid 2.5 in my case) to a server using SSL (port 443).
Sometimes the tunneling works fine and sometimes it doesn't. Doing some debugging, it seems from the logs of both the client and server that their sockets are disconnected by something. Now, I suspect that the proxy server is disconnecting them but I can't really prove it.
I have tried using a different free proxy server (Proxy+ I think it's called) and the problem persists.
Have any of you guys experienced problems with the proxy disconnecting the tunnel?

In article <[email protected]>, Tsougleris
wrote:
> When a non-priv user attempts login, login page timesout
> When a non-priv user, running IE as priv a/c attempts login, all is
>
If you have client32 running, you will have an easier time using
CLNTRUST...
For browser-specific issues, try disabling TLS 1.0 support on the
browsers.
OK - if I understand you, normal users get a login prompt, log in, and
browse. Which is as it should be. If users not in the tree try to log
in, they should be denied, but not just time out. Is that what is
happening here - that users not in a tree aren't getting a failure
message, but just a timeout?
Or do you mean privileged in terms of Windows rights?
Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***

Similar Messages

  • Can I query for WL-Proxy-SSL header?

    I want to be able to enforce certain pages to be loaded via https.
    Is it ok to query for the WL-Proxy-SSL header in order to detect if a request
    was via https, or is there a better way? I cannot find any documentation on this.
    TIA,
    -graham

    You should read the Servlet spec, Graham:
    ServletRequest.isSecure() returns true and ServletRequest.getScheme() returns
    https
    Glad to be of help ;)
    -graham
    "Graham Lyus" <[email protected]> wrote:
    >
    I want to be able to enforce certain pages to be loaded via https.
    Is it ok to query for the WL-Proxy-SSL header in order to detect if a
    request
    was via https, or is there a better way? I cannot find any documentation
    on this.
    TIA,
    -graham

  • WebLogic SAML 1.1 & Apache as proxy & SSL between browser and Apache

    Hi,
    I'm trying to configure SAML 1.1 to work with WebLogic Server 10.3.
    Here is a short description of the configuration
    - Browser connects to Apache front end with ssl https://myserver:444/...
    - Apache proxies requests to WebLogic Server instances in http. In the following example one of the WLS instances is listening on the port 555 on myserver.
    During the SAML 1.1 requests the following url appears:
         https://myserver:444/mysamlits?RPID=rp_00001&TARGET=http://myserver:555/myapp
    Here http://myserver:555/myapp is the backend server listening address. Instead it should be the frontend server address instead:
         https://myserver:444/mysamlits?RPID=rp_00001&TARGET=https://myserver:444/myapp
    Problem:
    Despite of all My efforts, WLS picks up the backend protocol and port and puts them in the TARGET. I can't find how to set up WebLogic Server to supply the frontend address as TARGET, so I'm asking help here.
    Details:
    I try to describe the setup in more detail below.
    I have NOT installed mod_wl to Apache because My intention is to employ Apache to simulate a hardware load balancer (HLB).
    I have appended the following lines to Apache httpd.conf:
    # Added so that we can set the "WL-Proxy-SSL: true"
    # HTTP header which tells a back-end WebLogic Server
    # that requests are being proxied through a front-end
    # SSL load-balancer or proxy server.
    <IfModule headers_module>
    RequestHeader set WL-Proxy-SSL true
    </IfModule>
    I have also verified that the header WL-Proxy-SSL is present in requests arriving at the backend WebLogic Server.
    On the WebLogic Server side I have
    - Frontend Host: myserver
    - Frontend HTTP Port:0
    - Frontend HTTPS Port:444
    I have also tried setting WebLogic Plugin Enabled:true.
    Regards,
    Kari
    Edited by: 858107 on May 11, 2011 10:00 PM: Removed a duplicated subject line.

    I was mistaken. TARGET can very well be the backend address. The actual problem was that the browser was getting redirected to the backend address.
    That was fixed by resetting the frontend settings:
    Frontend Host: <empty>
    Frontend HTTP Port:0
    Frontend HTTPS Port:0
    Kari

  • Proxy SSL tunneling

    Hello.
    I'm having a problem with a distributed application where the client connects via a proxy server (Squid 2.5 in my case) to a server using SSL (port 443).
    Sometimes the tunneling works fine and sometimes it doesn't. Doing some debugging, it seems from the logs of both the client and server that their sockets are disconnected by something. Now, I suspect that the proxy server is disconnecting them but I can't really prove it.
    I have tried using a different free proxy server (Proxy+ I think it's called) and the problem persists.
    Have any of you guys experienced problems with the proxy disconnecting the tunnel?

    You might do better to post in the "Java Secure Socket Extension" forum!

  • Sunone webserver(proxy) --SSL- weblogic

    In our environment we are using Sunone webserver 7.0.9 as a proxy server to forward the request to the weblogic server 10.3.3. Now the requirement is to secure the communication between the proxy and weblogic server. As a standard way we can configure the proxy server to use SSL in obj.conf as below:
    <Object name=”weblogic” ppath=”*/DefaultWebApp/*”>
    Service fn=wl_proxy WebLogicHost=”myIP WebLogicPort=”mySSLPort SecureProxy=”ON” Debug=”ALL” WLLogFile=”/home/support/IPlanet60SP5/server/logsupport.txt” TrustedCAFile=”/home/support/IPlanet60SP5/TrustedCA.pem” RequireSSLHostMatch=”true”
    </Object>
    My question is when we have installed a self signed certificate on weblogic, how do we trust that certificate in the proxy server. If it was a third party certificate we can get the root CA certificate that can be added as trust entry in the obj.conf. But in self signed case we do not have a intermediate or root certificate. So how do we trust the self signed server certificate in the proxy server.

    851935 wrote:
    In our environment we are using Sunone webserver 7.0.9 as a proxy server to forward the request to the weblogic server 10.3.3. Now the requirement is to secure the communication between the proxy and weblogic server. As a standard way we can configure the proxy server to use SSL in obj.conf as below:
    <Object name=”weblogic” ppath=”*/DefaultWebApp/*”>
    Service fn=wl_proxy WebLogicHost=”myIP WebLogicPort=”mySSLPort SecureProxy=”ON” Debug=”ALL” WLLogFile=”/home/support/IPlanet60SP5/server/logsupport.txt” TrustedCAFile=”/home/support/IPlanet60SP5/TrustedCA.pem” RequireSSLHostMatch=”true”
    </Object>
    My question is when we have installed a self signed certificate on weblogic, how do we trust that certificate in the proxy server. If it was a third party certificate we can get the root CA certificate that can be added as trust entry in the obj.conf. But in self signed case we do not have a intermediate or root certificate. So how do we trust the self signed server certificate in the proxy server.Just import the self signed cert as trusted.

  • Reverse proxy + SSL question

    Hi everyone.
    I try to setup a proxy for my organization (I downloaded the latest 4.0.x version of Sun Web Proxy Server). The idea is that, through it we need to offer acces to a part of our intranet.
    There is a public (internet) address available (with SSL activated, it's an Apache server).
    The idea is :
    - normal extranet : https://foo.bar.com
    - reverse proxy : https://foo.bar.com:4443/path/inside/intranet (which would be, for the proxy https://intranet.foo.bar.com/path/inside/intranet).
    Do you have any advice on how I should do that ? I tried to import the apache certificate inside the proxy, but it won't work. Is there something I'm missing ?
    Thanks in advance for your answers.
    Edited by: TiamatB5 on Dec 8, 2008 7:42 AM

    Alright, I found the solution :
    - apache is used as a front reverse proxy, accepting SSL requests
    - a specific url is used like : https://extranet.foo.bar/intranet that does the reverse proxy to http://extranet.foo.bar:8888 (on the same server as apache)
    - Sun Proxy Web server is used to do the real reverse proxying of http://extranet.foo.bar:8888 to http://intranet.foo.bar
    - the content rewriting is used to rewrite internal url to https ones like : http://intranet.foo.bar/foo/bar is rewritten to https://extranet.foo.bar/intranet/foo/bar
    After testing it works like a charm. No need to request a specific certificate for the Sun Proxy, and it's exactly what's been asked to me, that is : the client mustn't see the internal redirection. With this, they don't see that there is a proxy and they don't see the http://extranet.foo.bar:8888 part. It seems a bit complicated, but at least it works ;)
    Edited by: TiamatB5 on Dec 9, 2008 12:50 AM

  • SSL VPN Connection error with SA520

    Hi there,
    I have an SA520 setup and all my users can login to the SSL VPN tunnel except one user. The laptop is running windows 7 64bit and had IE9 installed. When I try to connect her to use an SSL VPN Tunnel, I get the following error: Cisco-SSLVPN-Tunnel Install Failed: Error in getting proxy settings!.
    I have made sure the firewall was turned off. Any idea on how to get the ssl tunel connected?
    Thanks

    Hihi,
    we have the same problem, running on Vista 32 bit, and IE9.
    On the same machine, using virtual PC and emulating an XP environment it works, what a paradox!
    It works also on Win 7 64 bit, although only with the 64 bit version of IE.
    Coming back to our Vista issue, we did not find any way to make it work properly.
    Tried to turn off firewall, disinstall a lot of stuff that may interphere, etc. , still same problem.
    We are a bit annoyed there seems to be no documentation about this error nor troubleshooting help.
    Anyone has any suggestion ??
    Tks

  • Problem with WebLogic 10.3.3, Apache 2.2.3 and WebLogic Apache proxy plugin

    I have a problem with using Apache 2.2.3 as a WebLogic SSL proxy. I have Apache 2.2 running and successfully configured an SSL cert, config in ssl.conf is...
    <VirtualHost secure.daftdonkey.com>
    # Setup SSL for secure.daftdonkey.com
    ServerName secure.daftdonkey.com
    SSLEngine On
    SSLCertificateFile /oracle/secure/secure.daftdonkey.com.crt
    SSLCertificateKeyFile /oracle/secure/secure.daftdonkey.com.key
    SSLCertificateChainFile /oracle/secure/gd_bundle.crt
    </VirtualHost>
    This works fine
    Now I want Apache to proxy requests to my WebLogic Server and secure them over SSL as well
    e.g. a request to https://secure.daftdonkey.com/service goes to https://weblogic.internal.site/service
    I have downloaded and configured the weblogic module and tested it handling traffic for HTTP and that worked, then I switched the WebLogic module to use SSL.
    LoadModule weblogic_module modules/mod_wl.so
    <IfModule mod_weblogic.c>
    WebLogicHost weblogic.internal.site
    WebLogicPort 16101
    Debug ALL
    SecureProxy ON
    WLSSLWallet /oracle/secure/my-wallet
    WLLogFile /tmp/wl-proxy.log
    </IfModule>
    <Location /service>
    SetHandler weblogic-handler
    </Location>
    Starting Apache throws the error. I think this is my main problem, i've searched support.oracle.com and not found anything.
    [Mon Jun 07 23:00:48 2010] [crit] (20014)Internal error: WL SSL Init failed for server: (null) on 0
    but Apache starts... I get this error when I make a request to https://secure.daftdonkey.com/service
    Failure of server APACHE bridge:
    No backend server available for connection: timed out after 10 seconds or idempotent set to OFF.
    Looking into the log /tmp/wl-proxy.log I see....
    Mon Jun 7 22:30:10 2010 <393212759749971> URLfactory Created
    Mon Jun 7 22:30:10 2010 <393312759750102> ================New Request: [GET /service HTTP/1.1] =================
    Mon Jun 7 22:30:10 2010 <393312759750102> INFO: SSL is configured
    Mon Jun 7 22:30:10 2010 <393312759750102> Using Uri /service
    Mon Jun 7 22:30:10 2010 <393312759750102> After trimming path: '/service'
    Mon Jun 7 22:30:10 2010 <393312759750102> The final request string is '/service'
    Mon Jun 7 22:30:10 2010 <393312759750102> parseServerList: Socket Address hostnames 'weblogic.internal.site:16101'
    Mon Jun 7 22:30:10 2010 <393312759750102> Host extracted from serverlist is [weblogic.internal.site]
    Mon Jun 7 22:30:10 2010 <393312759750102> parseServerList: IP from socket Address [192.168.100.15]
    Mon Jun 7 22:30:10 2010 <393312759750102> Initializing lastIndex=0 for a list of length=1
    Mon Jun 7 22:30:10 2010 <393312759750102> getListNode: created a new server node: id='weblogic.internal.site:16101' server_name='secure.daftdonkey.com', port='443'
    Mon Jun 7 22:30:10 2010 <393312759750102> attempt #0 out of a max of 5
    Mon Jun 7 22:30:10 2010 <393312759750102> Trying a pooled connection for '192.168.100.15/16101/16101'
    Mon Jun 7 22:30:10 2010 <393312759750102> getPooledConn: found a host and port/securePort match
    Mon Jun 7 22:30:10 2010 <393312759750102> getPooledConn: No more connections in the pool for Host[192.168.100.15] Port[16101] SecurePort[16101]
    Mon Jun 7 22:30:10 2010 <393312759750102> general list: trying connect to '192.168.100.15'/16101/16101 at line 3188 for '/service'
    Mon Jun 7 22:30:10 2010 <393312759750102> SSL is not configured for this connection
    Mon Jun 7 22:30:10 2010 <393312759750102> Local Port of the socket is 45580
    Mon Jun 7 22:30:10 2010 <393312759750102> Remote Host 192.168.100.15 Remote Port 16101
    Mon Jun 7 22:30:10 2010 <393312759750102> URL::connect SSLConn for reader is not set as it is NULL
    Mon Jun 7 22:30:10 2010 <393312759750102> general list: created a new connection to '192.168.100.15'/16101 for '/service', Local port:0
    Mon Jun 7 22:30:10 2010 <393312759750102> Hdrs from clnt:[Host]=[secure.daftdonkey.com]
    Mon Jun 7 22:30:10 2010 <393312759750102> Hdrs from clnt:[User-Agent]=[Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 ( .NET CLR 3.5.30729)]
    Mon Jun 7 22:30:10 2010 <393312759750102> Hdrs from clnt:[Accept]=[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
    Mon Jun 7 22:30:10 2010 <393312759750102> Hdrs from clnt:[Accept-Language]=[en-us,en;q=0.5]
    Mon Jun 7 22:30:10 2010 <393312759750102> Hdrs from clnt:[Accept-Encoding]=[gzip,deflate]
    Mon Jun 7 22:30:10 2010 <393312759750102> Hdrs from clnt:[Accept-Charset]=[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
    Mon Jun 7 22:30:10 2010 <393312759750102> Hdrs from clnt:[Keep-Alive]=[300]
    Mon Jun 7 22:30:10 2010 <393312759750102> Hdrs from clnt:[Connection]=[keep-alive]
    Mon Jun 7 22:30:10 2010 <393312759750102> parse_header is done
    Mon Jun 7 22:30:10 2010 <393312759750102> Method is GET
    Mon Jun 7 22:30:10 2010 <393312759750102> About to call parseHeaders
    Mon Jun 7 22:30:10 2010 <393312759750102> URL::parseHeaders: Value of parsedHeaders = [0]
    Mon Jun 7 22:30:10 2010 <393312759750102> URL::sendHeaders(): meth='GET' file='/service' protocol='HTTP/1.1'
    Mon Jun 7 22:30:10 2010 <393312759750102> Hdrs to WLS: [Host]=[secure.daftdonkey.com]
    Mon Jun 7 22:30:10 2010 <393312759750102> Hdrs to WLS: [User-Agent]=[Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 ( .NET CLR 3.5.30729)]
    Mon Jun 7 22:30:10 2010 <393312759750102> Hdrs to WLS: [Accept]=[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
    Mon Jun 7 22:30:10 2010 <393312759750102> Hdrs to WLS: [Accept-Language]=[en-us,en;q=0.5]
    Mon Jun 7 22:30:10 2010 <393312759750102> Hdrs to WLS: [Accept-Encoding]=[gzip,deflate]
    Mon Jun 7 22:30:10 2010 <393312759750102> Hdrs to WLS: [Accept-Charset]=[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
    Mon Jun 7 22:30:10 2010 <393312759750102> Hdrs to WLS: [Keep-Alive]=[300]
    Mon Jun 7 22:30:10 2010 <393312759750102> Hdrs to WLS: [Connection]=[Keep-Alive]
    Mon Jun 7 22:30:10 2010 <393312759750102> Hdrs to WLS: [WL-Proxy-SSL]=[true]
    Mon Jun 7 22:30:10 2010 <393312759750102> Hdrs to WLS: [WL-Proxy-Client-IP]=[192.168.100.245]
    Mon Jun 7 22:30:10 2010 <393312759750102> Hdrs to WLS: [Proxy-Client-IP]=[192.168.100.245]
    Mon Jun 7 22:30:10 2010 <393312759750102> Hdrs to WLS: [X-Forwarded-For]=[192.168.100.245]
    Mon Jun 7 22:30:10 2010 <393312759750102> Hdrs to WLS: [X-WebLogic-KeepAliveSecs]=[30]
    Mon Jun 7 22:30:10 2010 <393312759750102> Hdrs to WLS: [X-WebLogic-Force-JVMID]=[unset]
    Mon Jun 7 22:30:10 2010 <393312759750102> Reader::fill(): first=0 last=0 toRead=4096
    Mon Jun 7 22:30:10 2010 <393312759750102> Reader::fill(): sysRecv returned -1
    Mon Jun 7 22:30:10 2010 <393312759750102> *******Exception type [READ_ERROR_FROM_SERVER] (socket read failure) raised at line 251 of ../nsapi/Reader.cpp
    Mon Jun 7 22:30:10 2010 <393312759750102> caught exception in readStatus: READ_ERROR_FROM_SERVER [os error=104, line 251 of ../nsapi/Reader.cpp]: socket read failure at line 963
    Mon Jun 7 22:30:10 2010 <393312759750102> PROTOCOL_ERROR: Backend Server not responding - isRecycled:0
    Mon Jun 7 22:30:10 2010 <393312759750102> Marking 192.168.100.15:16101 as bad
    Mon Jun 7 22:30:10 2010 <393312759750102> got exception in sendRequest phase: Backend Server not responding at line 3702
    Mon Jun 7 22:30:10 2010 <393312759750102> Failing over after sendRequest() exception: PROTOCOL_ERROR as Idempotent is set to ON
    Mon Jun 7 22:30:10 2010 <393312759750102> attempt #1 out of a max of 5
    However connecting directly to https://192.168.100.15:16101/irm_rights is successful.
    Ouput from orapki seems to show a valid wallet.
    [root@content my-wallet]# /oracle/install/bin/orapki wallet display -wallet /oracle/secure/my-wallet/
    Oracle PKI Tool : Version 11.1.1.2.0
    Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights reserved.
    Requested Certificates:
    User Certificates:
    Trusted Certificates:
    Subject: OU=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
    Subject: OU=Secure Server Certification Authority,O=RSA Data Security\, Inc.,C=US
    Subject: OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
    Subject: OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
    Subject: CN=weblogic.internal.site,OU=FOR TESTING ONLY,O=MyOrganization,L=MyTown,ST=MyState,C=US
    Subject: CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US
    Also the apache log at /var/log/httpd/ssl_error_log shows.
    [Mon Jun 07 23:59:03 2010] [error] [client 192.168.100.245] ap_proxy: trying GET /service/ at backend host '192.168.100.15/16101; got exception 'Backend Server not responding'
    [Mon Jun 07 23:59:03 2010] [error] [client 192.168.100.245] ap_proxy: trying GET /service/ at backend host '192.168.100.15/16101; got exception 'Backend Server not responding'
    [Mon Jun 07 23:59:03 2010] [error] [client 192.168.100.245] ap_proxy: trying GET /service/ at backend host '192.168.100.15/16101; got exception 'Backend Server not responding'
    [Mon Jun 07 23:59:03 2010] [error] [client 192.168.100.245] ap_proxy: trying GET /service/ at backend host '192.168.100.15/16101; got exception 'Backend Server not responding'
    [Mon Jun 07 23:59:03 2010] [error] [client 192.168.100.245] ap_proxy: trying GET /service/ at backend host '192.168.100.15/16101; got exception 'Backend Server not responding'
    [Mon Jun 07 23:59:03 2010] [error] [client 192.168.100.245] ap_proxy: trying GET /service/ at backend host '192.168.100.15/16101; got exception 'Backend Server not responding'
    Editing the httpd.conf and sending traffic from Apache to WebLogic over regular HTTP works, config is...
    LoadModule weblogic_module modules/mod_wl.so
    <IfModule mod_weblogic.c>
    WebLogicHost weblogic.internal.site
    WebLogicPort 16100
    Debug ALL
    # SecureProxy ON
    # WLSSLWallet /oracle/secure/my-wallet
    WLLogFile /tmp/wl-proxy.log
    </IfModule>
    Resulting detail from /tmp/wl-proxy.log
    Mon Jun 7 23:20:50 2010 <415912759780351> URLfactory Created
    Mon Jun 7 23:20:50 2010 <416012759780502> ================New Request: [GET /service/ HTTP/1.1] =================
    Mon Jun 7 23:20:50 2010 <416012759780502> Using Uri /service/
    Mon Jun 7 23:20:50 2010 <416012759780502> After trimming path: '/service/'
    Mon Jun 7 23:20:50 2010 <416012759780502> The final request string is '/service/'
    Mon Jun 7 23:20:50 2010 <416012759780502> parseServerList: Socket Address hostnames 'weblogic.internal.site:16100'
    Mon Jun 7 23:20:50 2010 <416012759780502> Host extracted from serverlist is [weblogic.internal.site]
    Mon Jun 7 23:20:50 2010 <416012759780502> parseServerList: IP from socket Address [192.168.100.15]
    Mon Jun 7 23:20:50 2010 <416012759780502> Initializing lastIndex=0 for a list of length=1
    Mon Jun 7 23:20:50 2010 <416012759780502> getListNode: created a new server node: id='weblogic.internal.site:16100' server_name='secure.daftdonkey.com', port='443'
    Mon Jun 7 23:20:50 2010 <416012759780502> attempt #0 out of a max of 5
    Mon Jun 7 23:20:50 2010 <416012759780502> Trying a pooled connection for '192.168.100.15/16100/16100'
    Mon Jun 7 23:20:50 2010 <416012759780502> getPooledConn: found a host and port/securePort match
    Mon Jun 7 23:20:50 2010 <416012759780502> getPooledConn: No more connections in the pool for Host[192.168.100.15] Port[16100] SecurePort[16100]
    Mon Jun 7 23:20:50 2010 <416012759780502> general list: trying connect to '192.168.100.15'/16100/16100 at line 3188 for '/service/'
    Mon Jun 7 23:20:50 2010 <416012759780502> SSL is not configured for this connection
    Mon Jun 7 23:20:50 2010 <416012759780502> Local Port of the socket is 56647
    Mon Jun 7 23:20:50 2010 <416012759780502> Remote Host 192.168.100.15 Remote Port 16100
    Mon Jun 7 23:20:50 2010 <416012759780502> URL::connect SSLConn for reader is not set as it is NULL
    Mon Jun 7 23:20:50 2010 <416012759780502> general list: created a new connection to '192.168.100.15'/16100 for '/service/', Local port:0
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs from clnt:[Host]=[secure.daftdonkey.com]
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs from clnt:[User-Agent]=[Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 ( .NET CLR 3.5.30729)]
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs from clnt:[Accept]=[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs from clnt:[Accept-Language]=[en-us,en;q=0.5]
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs from clnt:[Accept-Encoding]=[gzip,deflate]
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs from clnt:[Accept-Charset]=[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs from clnt:[Keep-Alive]=[300]
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs from clnt:[Connection]=[keep-alive]
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs from clnt:[Cookie]=[JSESSIONID=YF4nMNfZ3lJ5ZrVV9HGpKwj3hf12yRvlf4zksQf6pkKx2LhJ2ywY!34167467]
    Mon Jun 7 23:20:50 2010 <416012759780502> parse_header is done
    Mon Jun 7 23:20:50 2010 <416012759780502> Method is GET
    Mon Jun 7 23:20:50 2010 <416012759780502> About to call parseHeaders
    Mon Jun 7 23:20:50 2010 <416012759780502> URL::parseHeaders: Value of parsedHeaders = [0]
    Mon Jun 7 23:20:50 2010 <416012759780502> URL::sendHeaders(): meth='GET' file='/service/' protocol='HTTP/1.1'
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs to WLS: [Host]=[secure.daftdonkey.com]
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs to WLS: [User-Agent]=[Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 ( .NET CLR 3.5.30729)]
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs to WLS: [Accept]=[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs to WLS: [Accept-Language]=[en-us,en;q=0.5]
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs to WLS: [Accept-Encoding]=[gzip,deflate]
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs to WLS: [Accept-Charset]=[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs to WLS: [Keep-Alive]=[300]
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs to WLS: [Cookie]=[JSESSIONID=YF4nMNfZ3lJ5ZrVV9HGpKwj3hf12yRvlf4zksQf6pkKx2LhJ2ywY!34167467]
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs to WLS: [Connection]=[Keep-Alive]
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs to WLS: [WL-Proxy-SSL]=[true]
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs to WLS: [WL-Proxy-Client-IP]=[192.168.100.245]
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs to WLS: [Proxy-Client-IP]=[192.168.100.245]
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs to WLS: [X-Forwarded-For]=[192.168.100.245]
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs to WLS: [X-WebLogic-KeepAliveSecs]=[30]
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs to WLS: [X-WebLogic-Force-JVMID]=[unset]
    Mon Jun 7 23:20:50 2010 <416012759780502> Reader::fill(): first=0 last=0 toRead=4096
    Mon Jun 7 23:20:50 2010 <416012759780502> Reader::fill(): sysRecv returned 568
    Mon Jun 7 23:20:50 2010 <416012759780502> URL::parseHeaders: CompleteStatusLine set to [HTTP/1.1 302 Moved Temporarily]
    Mon Jun 7 23:20:50 2010 <416012759780502> URL::parseHeaders: StatusLine set to [302 Moved Temporarily]
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs from WLS:[Date]=[Tue, 08 Jun 2010 06:20:50 GMT]
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs from WLS:[Transfer-Encoding]=[chunked]
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs from WLS:[Location]=[https://secure.daftdonkey.com/service/faces/LoginPage.jspx]
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs from WLS:[X-WebLogic-JVMID]=[34167467]
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs from WLS:[X-Powered-By]=[Servlet/2.5 JSP/2.1]
    Mon Jun 7 23:20:50 2010 <416012759780502> parsed all headers OK
    Mon Jun 7 23:20:50 2010 <416012759780502> done with sendRequest
    Mon Jun 7 23:20:50 2010 <416012759780502> sendResponse() : r->status = '302'
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs to client (add):[Date]=[Tue, 08 Jun 2010 06:20:50 GMT]
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs to client (add):[Location]=[https://secure.daftdonkey.com/service/faces/LoginPage.jspx]
    Mon Jun 7 23:20:50 2010 <416012759780502> for 192.168.100.15/16100/16100, updated JVMID: 34167467
    Mon Jun 7 23:20:50 2010 <416012759780502> Hdrs to client (add):[X-Powered-By]=[Servlet/2.5 JSP/2.1]
    Mon Jun 7 23:20:50 2010 <416012759780502> calling closeConn() with non-null URL* at 3826
    Mon Jun 7 23:20:50 2010 <416012759780502> canRecycle: conn=1 status=302 isKA=1 clen=-1 isCTE=1
    Mon Jun 7 23:20:50 2010 <416012759780502> closeConn: pooling for '192.168.100.15/16100'
    Mon Jun 7 23:20:50 2010 <416012759780502> closeConn: pooling '0'
    Mon Jun 7 23:20:50 2010 <416012759780502> request [irm_rights/] processed successfully..................
    Mon Jun 7 23:20:50 2010 <415912759780351> Cleaning up the list node 'weblogic.internal.site:16100'list Length '1'

    I found the answer to this. The documentation is not clear enough, LD_LIBRARY_PATH MUST be set and MUST have a pointer to the directory where the SSL .so modules are. I wrote up a blog article explaining the configuration and detailed this issue.
    http://blogs.oracle.com/irm/2010/06/quick_guide_to_oracle_irm_11g_1.html

  • SSL Connection Configuration between Apache and Weblogic 8,1

    I'm currently using Apache web server as a front end server for Weblogic server 8.1 and now i' facing some configuration problem to setting up the SSL connection between this 2 server. When i open my web application page, it shows
    Failure of Server Apache bridge
    No backend server available for connection: timed out after 10 seconds or idempotent set to OFF.
    and my proxy.log shows:
    Thu Nov 03 09:36:41 2011 <182413202842013> INFO: SSL is configured
    Thu Nov 03 09:36:41 2011 <182413202842013> INFO: SSL configured successfully
    Thu Nov 03 09:36:41 2011 <182413202842013> Using Uri /favicon.ico
    Thu Nov 03 09:36:41 2011 <182413202842013> After trimming path: '/favicon.ico'
    Thu Nov 03 09:36:41 2011 <182413202842013> The final request string is '/favicon.ico'
    Thu Nov 03 09:36:41 2011 <182413202842013> SEARCHING id=[ebwdsk298.ebworx.com:7002] from current ID=[ebwdsk298.ebworx.com:7002]
    Thu Nov 03 09:36:41 2011 <182413202842013> The two ids matched
    Thu Nov 03 09:36:41 2011 <182413202842013> @@@FOUND...id=[ebwdsk298.ebworx.com:7002], server_name=[10.122.50.218], server_port=[80]
    Thu Nov 03 09:36:41 2011 <182413202842013> attempt #0 out of a max of 5
    Thu Nov 03 09:36:41 2011 <182413202842013> general list: trying connect to '10.122.50.48'/7002/7002 at line 2696 for '/favicon.ico'
    Thu Nov 03 09:36:41 2011 <182413202842013> New SSL URL: match = 0 oid = 22
    Thu Nov 03 09:36:41 2011 <182413202842013> Connect returns -1, and error no set to 10035, msg 'Unknown error'
    Thu Nov 03 09:36:41 2011 <182413202842013> EINPROGRESS in connect() - selecting
    Thu Nov 03 09:36:41 2011 <182413202842013> Setting peerID for new SSL connection
    Thu Nov 03 09:36:41 2011 <182413202842013> 0a7a 3230 5a1b 0000 .z20Z...
    Thu Nov 03 09:36:41 2011 <182413202842013> Local Port of the socket is 2121
    Thu Nov 03 09:36:41 2011 <182413202842013> Remote Host 10.122.50.48 Remote Port 7002
    Thu Nov 03 09:36:41 2011 <182413202842013> general list: created a new connection to '10.122.50.48'/7002 for '/favicon.ico', Local port:2121
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Host]=[10.122.50.218]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Connection]=[keep-alive]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept]=[*/*]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[User-Agent]=[Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Encoding]=[gzip,deflate,sdch]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Language]=[en-US,en;q=0.8]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Charset]=[ISO-8859-1,utf-8;q=0.7,*;q=0.3]
    Thu Nov 03 09:36:41 2011 <182413202842013> URL::sendHeaders(): meth='GET' file='/favicon.ico' protocol='HTTP/1.1'
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Host]=[10.122.50.218]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept]=[*/*]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[User-Agent]=[Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Encoding]=[gzip,deflate,sdch]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Language]=[en-US,en;q=0.8]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Charset]=[ISO-8859-1,utf-8;q=0.7,*;q=0.3]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Connection]=[Keep-Alive]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[WL-Proxy-SSL]=[false]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[WL-Proxy-Client-IP]=[10.122.50.48]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Proxy-Client-IP]=[10.122.50.48]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[X-Forwarded-For]=[10.122.50.48]
    Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[X-WebLogic-Force-JVMID]=[unset]
    Thu Nov 03 09:36:41 2011 <182413202841921> INFO: No session match found
    Thu Nov 03 09:36:41 2011 <182413202842013> INFO: No CA was trusted, validation failed
    Thu Nov 03 09:36:41 2011 <182413202841921> INFO: DeleteSessionCallback
    Thu Nov 03 09:36:41 2011 <182413202842013> ERROR: SSLWrite failed
    Thu Nov 03 09:36:41 2011 <182413202842013> SEND failed (ret=-1) at 789 of file ../nsapi/URL.cpp
    Thu Nov 03 09:36:41 2011 <182413202842013> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 790 of ../nsapi/URL.cpp
    Thu Nov 03 09:36:41 2011 <182413202842013> Marking 10.122.50.48:7002 as bad
    Thu Nov 03 09:36:41 2011 <182413202842013> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0,  line 790 of ../nsapi/URL.cpp]: at line 3078
    Thu Nov 03 09:36:41 2011 <182413202842013> INFO: Closing SSL context
    Thu Nov 03 09:36:41 2011 <182413202842013> INFO: Error after SSLClose, socket may already have been closed by peer
    Thu Nov 03 09:36:41 2011 <182413202842013> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
    Can anyone tell me what should i do in order to correct this error? Your help is kindly appreciate!!! Please~

    1) Is the managed server up?
    2) from apache server are you able to bind the managed server port?
    3) can you pls send the weblogic ssl configuration?

  • WebDAV not working over SSL on CSS11503

    SOME HISTORY
    As you may recall we had an issue with interoperability between our WebCT Vista application and the Cisco CSS11503 Load Balancer. In a nutshell the Load Balancer would inject custom HTTP headers into HTTP packets, but only into the first HTTP packet of a TCP session. With your help we've learned that Cisco will change this in the August release of the CSS software.
    OUR NEW PROBLEM
    We are now having a related problem. In short, we cannot get WebDav to work over SSL. That is, when connect from Client to Load Balancer via SSL, and then Load Balancer to Web Server via plaintext, our application fails. Conversely, when we maintain a clear text connection straight through from Client to Web sever WebDav works.
    After doing some network traces of WebDav connections both with and without SSL I think we've discovered the cause of the problem: the Load Balancer fails to add our custom HTTP header "WL-Proxy-SSL: true" to HTTP "PROPFIND" requests, even though it correctly adds them to the HTTP "OPTIONS" requests.
    HOW WE CONFIGURED THE LOAD BALANCER
    We configured our Load Balancer with the Global configuration of
    http-method parse RFC2518-methods
    and with the command
    ssl-server 20 http-header static "WL-Proxy-SSL: true"
    so that the header "WL-Proxy-SSL: true" will be passed with the HTTP headers used for WebDav was well as with the 'standard' HTTP headers "GET, POST, HEAD", etc.
    Below is the relevant passage from the "CSS Command Reference" at
    http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_750/cmdrefgd/cmdgloba.htm#wp1432749
    ======================================================================
    "By default, a Layer 5 content rule supports the HTTP CONNECT, GET, HEAD, POST, and PUT methods. Unless configured, the CSS recognizes and forwards the following HTTP methods directly to the destination server in a transparent caching environment, but does not load balance them:
    OPTIONS, TRACE, PROPFIND, PROPPATCH, MKCOL, MOVE, LOCK, UNLOCK, COPY, and DELETE.
    When you enable the CSS to support all RFC-2518 methods, the CSS parses the Request-URI field in an attempt to match a Layer 5 rule. If the contents of the Request-URI field are not in a compliant format of an absolute URI or an absolute path, the CSS tries to match the field to the next best wildcard ("/*") rule. If the match fails, the CSS attempts to match the Layer 4 rule, and then the Layer 3 rule."
    ========================================================================
    I interpret this to mean that when we configure "http-method parse RFC2518-methods" that the load balancer will treat all the HTTP headers in the group "OPTIONS, TRACE, PROPFIND, ...", etc the same as the "standard" HTTP headers "GET, POST, HEAD", etc.
    As I said earlier our network traces show that the "WL-Proxy-SSL: true"
    header present in the HTTP header OPTIONS but *not* in the header "PROPFIND".
    A BUG IN THE CSS COMMAND PROCESSOR?
    By my reckoning, this behaviour must be a bug in the CSS Command processor, because whatever the CSS does for the "OPTIONS" header it should also do for the "PROFIND" header.
    ATTACHMENTS
    I've included three attachments.
    trace.txt
    - text output from Ethereal of the network trace
    on the web server, with comments.
    webdav.ssl.snoop
    - the original network trace in Sun's 'snoop' format.
    css.2.cfg
    - the running configuration on the CSS11503
    Thanks in advance for your help.

    Hi
    I finally discovered what is the issue here. In appears that in case of unsigned applets, the code is unable to access SunJCE provider which contains most of the ciphers used by SSL protocol. This means that a session with SSL server is broken and effectively applet is not initialised.
    This problem is related to configuration of JRE under linux due to export control restrictions. Unfortunately I don't know how to make JRE to use SunJCE by default.
    As a workaround I have set up the following policies using Policy Manager:
    grant {
    permission java.security.SecurityPermission "putProviderProperty.SunJCE";
    grant {
    permission java.lang.RuntimePermission "getProtectionDomain";
    grant {
    permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
    I don't know how insecure my actions are, but this definitely fixed problems with applets under SSL / HTTPS.
    Feel free to send me your ideas how to fix this issue in more elegant way.
    Best,
    Marcin

  • SSL-Tunneling Problem with Stronghold

    Hello,
    I installed HTTP-Tunneling between a Java-Client and a WLS 4.5.1SP 13
    throuch a Stronghold-Server using mod_wl_ssl.so.
    But when I'm trying to connect via HTTPS (port 443) to the Stronghold, the
    plugin is no longer working correctly. I get the following output in the log
    of the plug-in:
    --------------Begin--------------
    ========New Request: [GET
    /HTTPClntLogin/a.tun?wl-login=https+dummy+WLREQS+4.5.1+dummy+%0A&rand=634395
    5830116743121 HTTP/1.0] =========
    Thu Jan 4 18:46:57 2001 Cookie String missing in the Cookie
    Thu Jan 4 18:46:57 2001 queryStr =
    wl-login=https+dummy+WLREQS+4.5.1+dummy+%0A&rand=6343955830116743121
    Thu Jan 4 18:46:57 2001 The request string is
    '/HTTPClntLogin/a.tun?wl-login=https+dummy+WLREQS+4.5.1+dummy+%0A&rand=63439
    55830116743121'
    Thu Jan 4 18:46:57 2001 After trimming path:
    '/HTTPClntLogin/a.tun?wl-login=https+dummy+WLREQS+4.5.1+dummy+%0A&rand=63439
    55830116743121'
    Thu Jan 4 18:46:57 2001 Now trying whatever is on the list;
    ci->canUseSrvrList = 1
    Thu Jan 4 18:46:57 2001 AttemptConnect(): Srvr# [1] = [agni:7002]
    Thu Jan 4 18:46:57 2001 general list: trying connect to 'agni'/7002
    Thu Jan 4 18:46:57 2001 Connected to agni:7002
    Thu Jan 4 18:46:57 2001 Headers from the client [Accept]=[text/html,
    image/gif, image/jpeg, *; q=.2, */*; q=.2]
    Thu Jan 4 18:46:57 2001 Headers from the client [Host]=[sbcipx:443]
    Thu Jan 4 18:46:57 2001 Headers from the client [User-Agent]=[Java1.2.2]
    Thu Jan 4 18:46:57 2001 Sending header to WLS [Accept]=[text/html,
    image/gif, image/jpeg, *; q=.2, */*; q=.2]
    Thu Jan 4 18:46:57 2001 Sending header to WLS [Host]=[sbcipx:443]
    Thu Jan 4 18:46:57 2001 Sending header to WLS [User-Agent]=[Java1.2.2]
    Thu Jan 4 18:46:57 2001 Sending header to WLS
    [X-WebLogic-Force-Cookie]=[true]
    Thu Jan 4 18:46:57 2001 Sending header to WLS [WL-Proxy-SSL]=[true]
    Thu Jan 4 18:46:57 2001 Sending header to WLS
    [Proxy-Client-IP]=[192.168.17.116]
    Thu Jan 4 18:46:57 2001 Sending header to WLS
    [X-Forwarded-For]=[192.168.17.116]
    Thu Jan 4 18:47:12 2001 sysRecv failed, return val = [0] errno=0
    errmsg=[Error 0]
    Thu Jan 4 18:47:12 2001 Error reading WebLogic Response from agni:7002
    Return Value = -1
    Thu Jan 4 18:47:12 2001 Marking agni:7002 as bad
    Thu Jan 4 18:47:12 2001 Got FAILOVER response from sendRequest... will
    retry
    Thu Jan 4 18:47:12 2001 Attempting a connect with the forceCookie bit
    turned ON : [1]
    Thu Jan 4 18:47:12 2001 Now trying whatever is on the list;
    ci->canUseSrvrList = 1
    Thu Jan 4 18:47:12 2001 AttemptConnect(): Srvr# [1] = [agni:7002]
    Thu Jan 4 18:47:12 2001 Request timed out after 10 seconds
    Thu Jan 4 18:47:12 2001 Redirecting the error response to the errorPage =
    [http://www.finance.ch]
    Thu Jan 4 18:47:12 2001 r->status=302 returning 0
    Thu Jan 4 18:47:14 2001
    ---------------End
    Any Ideas, what I didn't configured correctly for the stronghold/plug-in/WLS
    Thank you
    Remo

    "Remo Schnidrig" <[email protected]> wrote:
    Hello,
    I installed HTTP-Tunneling between a Java-Client and a WLS 4.5.1SP 13
    throuch a Stronghold-Server using mod_wl_ssl.so.
    But when I'm trying to connect via HTTPS (port 443) to the Stronghold, the
    plugin is no longer working correctly. I get the following output in the log
    of the plug-in:
    --------------Begin--------------
    ========New Request: [GET
    /HTTPClntLogin/a.tun?wl-login=https+dummy+WLREQS+4.5.1+dummy+%0A&rand=634395
    5830116743121 HTTP/1.0] =========
    Thu Jan 4 18:46:57 2001 Cookie String missing in the Cookie
    Thu Jan 4 18:46:57 2001 queryStr =
    wl-login=https+dummy+WLREQS+4.5.1+dummy+%0A&rand=6343955830116743121
    Thu Jan 4 18:46:57 2001 The request string is
    '/HTTPClntLogin/a.tun?wl-login=https+dummy+WLREQS+4.5.1+dummy+%0A&rand=63439
    55830116743121'
    Thu Jan 4 18:46:57 2001 After trimming path:
    '/HTTPClntLogin/a.tun?wl-login=https+dummy+WLREQS+4.5.1+dummy+%0A&rand=63439
    55830116743121'
    Thu Jan 4 18:46:57 2001 Now trying whatever is on the list;
    ci->canUseSrvrList = 1
    Thu Jan 4 18:46:57 2001 AttemptConnect(): Srvr# [1] = [agni:7002]
    Thu Jan 4 18:46:57 2001 general list: trying connect to 'agni'/7002
    Thu Jan 4 18:46:57 2001 Connected to agni:7002
    Thu Jan 4 18:46:57 2001 Headers from the client [Accept]=[text/html,
    image/gif, image/jpeg, *; q=.2, */*; q=.2]
    Thu Jan 4 18:46:57 2001 Headers from the client [Host]=[sbcipx:443]
    Thu Jan 4 18:46:57 2001 Headers from the client [User-Agent]=[Java1.2.2]
    Thu Jan 4 18:46:57 2001 Sending header to WLS [Accept]=[text/html,
    image/gif, image/jpeg, *; q=.2, */*; q=.2]
    Thu Jan 4 18:46:57 2001 Sending header to WLS [Host]=[sbcipx:443]
    Thu Jan 4 18:46:57 2001 Sending header to WLS [User-Agent]=[Java1.2.2]
    Thu Jan 4 18:46:57 2001 Sending header to WLS
    [X-WebLogic-Force-Cookie]=[true]
    Thu Jan 4 18:46:57 2001 Sending header to WLS [WL-Proxy-SSL]=[true]
    Thu Jan 4 18:46:57 2001 Sending header to WLS
    [Proxy-Client-IP]=[192.168.17.116]
    Thu Jan 4 18:46:57 2001 Sending header to WLS
    [X-Forwarded-For]=[192.168.17.116]
    Thu Jan 4 18:47:12 2001 sysRecv failed, return val = [0] errno=0
    errmsg=[Error 0]
    Thu Jan 4 18:47:12 2001 Error reading WebLogic Response from agni:7002
    Return Value = -1
    Thu Jan 4 18:47:12 2001 Marking agni:7002 as bad
    Thu Jan 4 18:47:12 2001 Got FAILOVER response from sendRequest... will
    retry
    Thu Jan 4 18:47:12 2001 Attempting a connect with the forceCookie bit
    turned ON : [1]
    Thu Jan 4 18:47:12 2001 Now trying whatever is on the list;
    ci->canUseSrvrList = 1
    Thu Jan 4 18:47:12 2001 AttemptConnect(): Srvr# [1] = [agni:7002]
    Thu Jan 4 18:47:12 2001 Request timed out after 10 seconds
    Thu Jan 4 18:47:12 2001 Redirecting the error response to the errorPage =
    [http://www.finance.ch]
    Thu Jan 4 18:47:12 2001 r->status=302 returning 0
    Thu Jan 4 18:47:14 2001
    ---------------End
    Any Ideas, what I didn't configured correctly for the stronghold/plug-in/WLS
    Thank you
    Remo
    As far as I know, HTTPS-Tunneling through NES, APACHE, and IIS
    is not supported. You can setup HttpClusterServlet to do HTTPS-
    Tunneling.
    Jong

  • Mail - Exchange access via Proxy

    Hello!
    I'm using Mac OS X 10.6.1. with Mail Version 4.1 (1076).
    Setting up the connection of an Exchange 2007 mail server in an intern network works great.
    Now I want to have access from outside/external.
    The Windows setup is via a proxy server.
    In Mail I do not find such a setting. Only "external server", but this doesn't work.
    With this setting I get the error (console):
    Mail[141] -[SOAPParser:0x119d12360 parser:didStartElement:namespaceURI:qualifiedName:attributes:] Type not found in SOAPDocument for HTML (HTML)
    What's wrong here? What could I do so I can get access from extern via the proxy (ssl)?
    Thanks a lot in advance & regards.

    Oh sorry
    Well, Exchange 2007 uses the Autodiscover record you can setup in your DNS. You just make a CNAME that points to the exchange server.
    With that,you can just open up your Mac Mail client and set your Display name, email address and password. Then the mail client will go out and find the settings to connect to your Exchange server. once connected, no matter where you are, you just open up your mac mail client, and as long as you have an internet connection, you will be connected to your exchange server.
    It is a lot better then opening up a port in your firewall.

  • SSL between NSAPI and WLS with custom certificate and RequireSSLHostMatch=true fails

    I am trying to use SSL for communication between NSAPI and WebLogic
    server (server authentication at the NSAPI).
    Therefore, a custom server certificate is installed on WLS, containing this
    server's hostname. The NSAPI is configured (RequireSSLHostMatch=true) to
    check the hostname contained in the certificate against the WebLogicHost
    parameter in the "obj.conf" file. The corresponding TrustedCAFile is installed
    for NSAPI.
    The SSL setup seems to work ok, but when matching the hostname, it seems like
    NSAPI is trying to do a string-match against the numeric IP of the WebLogicHost,
    not on the hostname as configured in the WebLogicHost parameter.
    The relevant entry in the "obj.conf" file:
    <Object name="weblogic" ppath="*">
    Service fn=wl-proxy WebLogicHost=btsun2a.muc \
    WebLogicPort=7162 \
    Debug=ALL \
    SecureProxy=ON \
    TrustedCAFile=/home/qx13604/wls61/config/testdomain/TC_RootServer_PEM_Class0.pem
    RequireSSLHostMatch=true
    </Object>
    I am using WLS6.1 with NSAPI (both Solaris). The content of "wlproxy.log" is as
    follows.
    Any ideas?
    Content of "wlproxy.log":
    Thu Oct 11 12:30:22 2001 INFO: SSL is configured
    Thu Oct 11 12:30:22 2001 INFO: Initializing SSL library
    Thu Oct 11 12:30:22 2001 Loaded 1 trusted CA's
    Thu Oct 11 12:30:22 2001 INFO: Successfully initialized SSL
    Thu Oct 11 12:30:22 2001 INFO: SSL configured successfully
    Thu Oct 11 12:30:22 2001 ....relFile.../index.jsp...
    Thu Oct 11 12:30:22 2001 URI=[index.jsp]
    Thu Oct 11 12:30:22 2001 Initializing lastIndex=0 for a list of length=1
    Thu Oct 11 12:30:22 2001 attempt #0 out of a max of 5
    Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
    at line 1156 for '/index.jsp'
    Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
    Thu Oct 11 12:30:22 2001 Going to check the general server list
    Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
    (WinNT; U)]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
    image/jpeg, image/pjpeg, image/png, */*]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
    (WinNT; U)]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
    image/pjpeg, image/png, */*]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
    Thu Oct 11 12:30:22 2001 INFO: sysSend 52
    Thu Oct 11 12:30:22 2001 Partial read socket
    Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
    Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
    validation failed
    Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
    Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
    Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
    of URL.cpp
    Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
    line 550 of URL.cpp]: at line 944
    Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
    Thu Oct 11 12:30:22 2001 INFO: sysSend 14
    Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
    Thu Oct 11 12:30:22 2001 attempt #1 out of a max of 5
    Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
    at line 1156 for '/index.jsp'
    Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
    Thu Oct 11 12:30:22 2001 Going to check the general server list
    Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
    (WinNT; U)]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
    image/jpeg, image/pjpeg, image/png, */*]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
    (WinNT; U)]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
    image/pjpeg, image/png, */*]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
    Thu Oct 11 12:30:22 2001 INFO: sysSend 52
    Thu Oct 11 12:30:22 2001 Partial read socket
    Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
    Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
    validation failed
    Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
    Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
    Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
    of URL.cpp
    Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
    line 550 of URL.cpp]: at line 944
    Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
    Thu Oct 11 12:30:22 2001 INFO: sysSend 14
    Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
    Thu Oct 11 12:30:22 2001 attempt #2 out of a max of 5
    Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
    at line 1156 for '/index.jsp'
    Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
    Thu Oct 11 12:30:22 2001 Going to check the general server list
    Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
    (WinNT; U)]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
    image/jpeg, image/pjpeg, image/png, */*]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
    (WinNT; U)]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
    image/pjpeg, image/png, */*]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
    Thu Oct 11 12:30:22 2001 INFO: sysSend 52
    Thu Oct 11 12:30:22 2001 Partial read socket
    Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
    Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
    validation failed
    Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
    Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
    Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
    of URL.cpp
    Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
    line 550 of URL.cpp]: at line 944
    Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
    Thu Oct 11 12:30:22 2001 INFO: sysSend 14
    Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
    Thu Oct 11 12:30:22 2001 attempt #3 out of a max of 5
    Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
    at line 1156 for '/index.jsp'
    Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
    Thu Oct 11 12:30:22 2001 Going to check the general server list
    Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
    (WinNT; U)]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
    image/jpeg, image/pjpeg, image/png, */*]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
    (WinNT; U)]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
    image/pjpeg, image/png, */*]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
    Thu Oct 11 12:30:22 2001 INFO: sysSend 52
    Thu Oct 11 12:30:22 2001 Partial read socket
    Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
    Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
    validation failed
    Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
    Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
    Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
    of URL.cpp
    Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
    line 550 of URL.cpp]: at line 944
    Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
    Thu Oct 11 12:30:22 2001 INFO: sysSend 14
    Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
    Thu Oct 11 12:30:22 2001 attempt #4 out of a max of 5
    Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
    at line 1156 for '/index.jsp'
    Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
    Thu Oct 11 12:30:22 2001 Going to check the general server list
    Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
    (WinNT; U)]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
    image/jpeg, image/pjpeg, image/png, */*]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
    (WinNT; U)]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
    image/pjpeg, image/png, */*]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
    Thu Oct 11 12:30:22 2001 INFO: sysSend 52
    Thu Oct 11 12:30:22 2001 Partial read socket
    Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
    Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
    validation failed
    Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
    Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
    Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
    of URL.cpp
    Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
    line 550 of URL.cpp]: at line 944
    Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
    Thu Oct 11 12:30:22 2001 INFO: sysSend 14
    Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
    Thu Oct 11 12:30:22 2001 attempt #5 out of a max of 5
    Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
    at line 1156 for '/index.jsp'
    Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
    Thu Oct 11 12:30:22 2001 Going to check the general server list
    Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
    (WinNT; U)]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
    image/jpeg, image/pjpeg, image/png, */*]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
    Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
    (WinNT; U)]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
    image/pjpeg, image/png, */*]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
    Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
    Thu Oct 11 12:30:22 2001 INFO: sysSend 52
    Thu Oct 11 12:30:22 2001 Partial read socket
    Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
    Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
    validation failed
    Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
    Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
    Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
    of URL.cpp
    Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
    line 550 of URL.cpp]: at line 944
    Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
    Thu Oct 11 12:30:22 2001 INFO: sysSend 14
    Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
    Thu Oct 11 12:30:22 2001 request [index.jsp] processed ..................

    I tried some other case and configured a certificate containing
    the numeric IP as hostname. The authentication works fine then,
    but it wouldn't be nice to hard-code the IP in the certificate
    (btw. the WebLogicHost parameter is still given as DNS name, not
    as IP address).
    Has anyone got a solution for this?
    "Wolfgang Jodl" <[email protected]> wrote:
    >
    I am trying to use SSL for communication between NSAPI and WebLogic
    server (server authentication at the NSAPI).
    Therefore, a custom server certificate is installed on WLS, containing
    this
    server's hostname. The NSAPI is configured (RequireSSLHostMatch=true)
    to
    check the hostname contained in the certificate against the WebLogicHost
    parameter in the "obj.conf" file. The corresponding TrustedCAFile is
    installed
    for NSAPI.
    The SSL setup seems to work ok, but when matching the hostname, it seems
    like
    NSAPI is trying to do a string-match against the numeric IP of the WebLogicHost,
    not on the hostname as configured in the WebLogicHost parameter.
    The relevant entry in the "obj.conf" file:
    <Object name="weblogic" ppath="*">
    Service fn=wl-proxy WebLogicHost=btsun2a.muc \
    WebLogicPort=7162 \
    Debug=ALL \
    SecureProxy=ON \
    TrustedCAFile=/home/qx13604/wls61/config/testdomain/TC_RootServer_PEM_Class0.pem
    RequireSSLHostMatch=true
    </Object>
    I am using WLS6.1 with NSAPI (both Solaris). The content of "wlproxy.log"
    is as
    follows.
    Any ideas?

  • Please Help!! Weblogic 8.1.4 with apache 2.0.55 SSL

    Using Windows for Apache and Weblogic
    I see Client----Apache, Apache to Server, Server to Apache, but Apache to client failing
    Fri Feb 24 15:39:40 2006 *******Exception type [WRITE_ERROR_TO_CLIENT] raised at line 650 of ap_proxy.cpp
    I have seen many posts where people have seen this but no solutions or responses saying whats the problem or what is the solution?
    Can anyone please respond thanks
    uday
    ================New Request: [€b] =================
    Fri Feb 24 15:39:40 2006 INFO: SSL is configured
    Fri Feb 24 15:39:40 2006 SSL Main Context not set. Calling InitSSL
    Fri Feb 24 15:39:40 2006 INFO: Initializing SSL library
    Fri Feb 24 15:39:40 2006 Loaded 1 trusted CA's
    Fri Feb 24 15:39:40 2006 INFO: Successfully initialized SSL
    Fri Feb 24 15:39:40 2006 INFO: SSL configured successfully
    Fri Feb 24 15:39:40 2006 The final request string is '/'
    Fri Feb 24 15:39:40 2006 Host extracted from serverlist is [localhost]
    Fri Feb 24 15:39:40 2006 Initializing lastIndex=0 for a list of length=1
    Fri Feb 24 15:39:40 2006 getListNode: created a new server node: id='localhost:7002' server_name='ukamath.eideawdc1.local', port='80'
    Fri Feb 24 15:39:40 2006 attempt #0 out of a max of 5
    Fri Feb 24 15:39:40 2006 general list: trying connect to '127.0.0.1'/7002/7002 at line 2592 for '/'
    Fri Feb 24 15:39:40 2006 New SSL URL: match = 0 oid = 22
    Fri Feb 24 15:39:40 2006 Connection refused, error = 10022
    Fri Feb 24 15:39:40 2006 Setting peerID for new SSL connection
    Fri Feb 24 15:39:40 2006 7f00 0001 5a1b 0000 ....Z...
    Fri Feb 24 15:39:40 2006 Local Port of the socket is 2206
    Fri Feb 24 15:39:40 2006 Remote Host 127.0.0.1 Remote Port 7002
    Fri Feb 24 15:39:40 2006 general list: created a new connection to '127.0.0.1'/7002 for '/', Local port:2206
    Fri Feb 24 15:39:40 2006 URL::sendHeaders(): meth='€b' file='/' protocol='HTTP/0.9'
    Fri Feb 24 15:39:40 2006 Hdrs to WLS:[Connection]=[Keep-Alive]
    Fri Feb 24 15:39:40 2006 Hdrs to WLS:[WL-Proxy-SSL]=[true]
    Fri Feb 24 15:39:40 2006 Hdrs to WLS:[WL-Proxy-Client-IP]=[206.233.40.81]
    Fri Feb 24 15:39:40 2006 Hdrs to WLS:[Proxy-Client-IP]=[206.233.40.81]
    Fri Feb 24 15:39:40 2006 Hdrs to WLS:[X-Forwarded-For]=[206.233.40.81]
    Fri Feb 24 15:39:40 2006 Hdrs to WLS:[X-WebLogic-Force-JVMID]=[unset]
    Fri Feb 24 15:39:40 2006 Hdrs to WLS:[X-WebLogic-Request-ClusterInfo]=[true]
    Fri Feb 24 15:39:40 2006 INFO: No session match found
    Fri Feb 24 15:39:40 2006 URL->reallySend 52
    Fri Feb 24 15:39:40 2006 INFO: Certificate validation succeeded
    Fri Feb 24 15:39:40 2006 URL->reallySend 140
    Fri Feb 24 15:39:40 2006 INFO: AddSessionCallback
    Fri Feb 24 15:39:40 2006 INFO: Negotiated to cipher: 3
    Fri Feb 24 15:39:40 2006 URL->reallySend 253
    Fri Feb 24 15:39:40 2006 SSLWrite sent 232
    Fri Feb 24 15:39:40 2006 SSLWrite completed, sent 232
    Fri Feb 24 15:39:40 2006 Reader::fill() SSLRead success, read: 250
    Fri Feb 24 15:39:40 2006 URL::parseHeaders: StatusLine set to [200 OK]
    Fri Feb 24 15:39:40 2006 Hdrs from WLS:[Date]=[Fri, 24 Feb 2006 20:39:40 GMT]
    Fri Feb 24 15:39:40 2006 Hdrs from WLS:[Content-Length]=[8247]
    Fri Feb 24 15:39:40 2006 Hdrs from WLS:[Content-Type]=[text/html]
    Fri Feb 24 15:39:40 2006 Hdrs from WLS:[Connection]=[Keep-Alive]
    Fri Feb 24 15:39:40 2006 Hdrs from WLS:[Set-Cookie]=[UDAYSESSION=D1vM1Jpv4gLKpS8kS48ZHLTpQgfFKh4BpwZsn9yHgSbgTYpF2zff!87218319; path=/]
    Fri Feb 24 15:39:40 2006 Hdrs from WLS:[X-WebLogic-JVMID]=[87218319]
    Fri Feb 24 15:39:40 2006 parsed all headers OK
    Fri Feb 24 15:39:40 2006 sendResponse() : r->status = '200'
    Fri Feb 24 15:39:40 2006 Hdrs to client (reset):[Date]=[Fri, 24 Feb 2006 20:39:40 GMT]
    Fri Feb 24 15:39:40 2006 Hdrs to client (add):[Set-Cookie]=[UDAYSESSION=D1vM1Jpv4gLKpS8kS48ZHLTpQgfFKh4BpwZsn9yHgSbgTYpF2zff!87218319; path=/]
    Fri Feb 24 15:39:40 2006 for 127.0.0.1/7002/7002, updated JVMID: 87218319
    Fri Feb 24 15:39:40 2006 Reader::fill() SSLRead success, read: 4072
    Fri Feb 24 15:39:40 2006 Reader::fill() SSLRead success, read: 4072
    Fri Feb 24 15:39:40 2006 Reader::fill() SSLRead success, read: 103
    Fri Feb 24 15:39:40 2006 Write to the browser failed: calling URL::close at line 649 of ap_proxy.cpp
    Fri Feb 24 15:39:40 2006 *******Exception type [WRITE_ERROR_TO_CLIENT] raised at line 650 of ap_proxy.cpp
    Fri Feb 24 15:39:40 2006 INFO: Closing SSL context
    Fri Feb 24 15:39:40 2006 URL->reallySend 23
    Fri Feb 24 15:39:40 2006 INFO: Error after SSLClose, socket may already have been closed by peer
    Fri Feb 24 15:39:40 2006 NOT failing over after sendResponse() exception: idempotent=ON pastFailover=1
    Fri Feb 24 15:39:40 2006 request [] did NOT process sucessfully..................

    I got it to work on both apache and Sun One
    the problem was i was not using 1 way SSL certificate as my truststore on client side. Let me write a detailed note so that it can be helpful for others who see this
    So Client-----https( 1 way)------Apache/SunOne--->https-----Weblogic
    1. On Weblogic i just added custom keystore and custom trusttore as given in weblogic
    2. I changed SunOne (i will give for SunOne and apache is similar) obj.conf to look like this
    # Use only forward slashes in pathnames--backslashes can cause
    # problems. See the documentation for more information.
    <Object name="default">
    AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
    NameTrans fn="ntrans-j2ee" name="j2ee"
    NameTrans fn=pfx2dir from=/mc-icons dir="C:/Sun/WebServer6.1/ns-icons" name="es-internal"
    #NameTrans fn=document-root root="$docroot"
    PathCheck fn=nt-uri-clean
    PathCheck fn="check-acl" acl="default"
    PathCheck fn=find-pathinfo
    #PathCheck fn=find-index index-names="index.html,home.html,index.jsp"
    #ObjectType fn=type-by-extension
    #ObjectType fn=force-type type=text/plain
    #Service method=(GET|HEAD) type=magnus-internal/imagemap fn=imagemap
    #Service method=(GET|HEAD) type=magnus-internal/directory fn=index-common
    #Service method=(GET|HEAD|POST) type=*~magnus-internal/* fn=send-file
    Service method=TRACE fn=service-trace
    Error fn="error-j2ee"
    AddLog fn=flex-log name="access"
    </Object>
    <Object name="j2ee">
    Service fn="service-j2ee" method="*"
    </Object>
    <Object name="cgi">
    ObjectType fn=force-type type=magnus-internal/cgi
    Service fn=send-cgi
    </Object>
    <Object name="es-internal">
    PathCheck fn="check-acl" acl="es-internal"
    </Object>
    <Object name="send-compressed">
    PathCheck fn="find-compressed"
    </Object>
    <Object name="compress-on-demand">
    Output fn="insert-filter" filter="http-compression"
    </Object>
    <Object name="weblogic" ppath="*">
    Service fn="wl_proxy" WebLogicCluster="ukamath:7002,excursion:7002" CookieName=PIIE_USER_SESSION SecureProxy=ON RequireSSLHostMatch=FALSE TrustedCAFile="C:/cvsdir/concordebranch/IntegrationTests/model/integration/ssl/server/trustedcafile.pem" WLProxySSL=ON Debug=ALL DebugConfigInfo=TRUE WLLogFile="C:/Sun/WebServer6.1/https-ukamath.eideawdc1.local/logs/wlproxy.log"\
    </Object>
    NOTE:
    1. i changed entire thing to go to our weblogic but you can change it to your required path by changing ppath
    2. I had to comment NameTrans from adding paths to docs etc as for the same reason as weblogic needed to handle it rather than sun one.
    3. I changed Sunone to use SSL certificate from Verisign (14 days) by going through the Admin Server of SunOne and clicking manage and then going through Security tab and filling the request. Then installed the certificate on the SunOne managed https-machine server. Then went to preferences and added security enabled ports. Make sure you click enabled on security and certificate host optional.
    4. I changed my Java client to use same truststore as SunOne bby doing an import.
    For this i copied the certificate received from Verisign to file as .pem and used weblogic utils.pem2der to convert it to derfile and then imported the der file using java keytool to cacerts of jdk.
    5. My Java code looked like this using Sun's SSL implementation
    System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
              //set provider
              java.security.Provider provider = (java.security.Provider)Class.forName("com.sun.net.ssl.internal.ssl.Provider").newInstance();
              java.security.Security.addProvider(provider);
              //set verifier
              com.sun.net.ssl.HostnameVerifier hv = new DHIHostNameVerifier();
              com.sun.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier( hv );
              System.setProperty("javax.net.ssl.trustStore", "C:/cvsdir/concordebranch/cacerts");
              //System.setProperty("javax.net.ssl.trustStore", "C:/Program Files/Java/j2re1.4.2_10/lib/security/cacerts");
              //lets create a url
         URL url = new URL("https://ukamath:443/");     
              URLConnection urlCon = url.openConnection();
    If you have questions forward me an email and i can guide you. I am doing it as i struggled a lot because of it for first time.
    Thanks

  • CSS Full Proxy example in doc's seems in error

    I am confused over the example in Cisco's documentation on how to set up a full proxy ssl. Here is the link to the web page with the example. http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_750/sslgd/examples.htm#wp999253
    What I do not understand is where does the new source address (192.168.7.200) come from. I understand the underlying concepts and theory on how this works. But the example code does not seem to match the description of the example?
    Burke McCrory
    Internet Administrator
    Oklahoma Tax Commission
    IT Division
    [email protected]

    This is a "group" config which is uses to do client nat. We use this option in one-armed design or when the server are not using the CSS as a default gateway.
    This a way to guarantee that the response comes back to the CSS.
    The vip can be any ip address.
    The ip address in the config should be 192.168.7.200 to match the diagram.
    [see the client ip address was nated as well as the vip address].
    I have to admit this part of the config is somewhat misleading as it is absolutely not required.
    I hope this helps.
    Gilles.

Maybe you are looking for

  • I am getting "ORA-00900: invalid SQL statement"  error.?

    I did installed oracle 11gR2. and used "DBMS_METADATA_DIFF.COMPARE_ALTER('TABLE','TBL_A','TBL_A','USER1','USER2')"   to see the result like below,  but I am getting "ORA-00900: invalid SQL statement"  error.   Any idea? I am using: Oracle Database 11

  • How do i correct the artwork in iTunes?

    After having itunes install the artwork there are numerous errors and i can't seem to correct or even delete the existing

  • My skype has been deleted.

    Hi, I have 2 skypes (free) which I use for gaming with friends. one of them has been deleted because when I attempt to log in, it just shows me the following: Sorry, we didnt'recognize your sign-in details. Please check your Skype Name and password,

  • Security answers

    How can I get my security answers so I can buy music from iTunes?

  • Hot Battery

    My battery becomes very hot after about 30 minutes of use. Is there any way to adjust how hot the computer runs. Is anyone else experiencing this on a 15" Mac Book (not Pro)?