Re: SSL on port 443
Please help! I am having this same problem when I try to set the SSLListenPort=443. I am running WebLogic 5.1 on a Windows 2000 machine, and the am logged in as the domain administrator when the WebLogic server starts up.
Similar Messages
-
BM 3.8 sp5, Open Enterprise 6.5 SP6 - SSL - listening port 443 - Craig
advised to change to port 444 because it conflicts with Apache on the
server. Do my users need to type :444 when they authenticate or is this
change will be transparent to them? Also, one of our NetAdmins indicates
we are not running Apache...
Please provide me with more info. on this issue.
Thank you in advance for your helpIs wrote:
> BM 3.8 sp5, Open Enterprise 6.5 SP6 - SSL - listening port 443 - Craig
> advised to change to port 444 because it conflicts with Apache on the
> server. Do my users need to type :444 when they authenticate or is this
> change will be transparent to them?
I assume you're referring to proxy authentication, where the user enters
credentials in the browser to gain access to the proxy. In this case the
BM server automatically redirects users to the port 444 URL... they
don't type it in. Thus, the port the proxy listens on for SSL
*authentication* requests doesn't matter much, as long as it doesn't
conflict with other services running on the server.
Jim
Support Sysop -
Hi, I have a non-SSL website running on port 443. When I access this website using Chrome or IE it works just fine, but Firefox can't seem to accept what I have done. All browsers on the same machine and using the same web proxy.
I access the website as http://xyz:443.
Just a bit of background info as to why I need this. Where I work I can only access ports 443 and 80 via the web proxy. I have two distinct websites running on a couple of devices at home behind a very config-wise limited router which has ports 80 and 443 redirected to these hosts. There is no way for me to setup two port forward rules on port 80 to two different devices. I cannot setup SSL on either of the websites.
Regardless of options that could exist to overcome my particular issue, I would like to check if you guys know how to make Firefox work with a website running on port 443 whilst not having a certificate assigned to it.
Firefox 32.0.3
Error message:
The connection was reset
The connection to the server was reset while the page was loading.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer's network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.What type of ssl are you running? [https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/]
You can somehow remove the Strict-Transport-Security header or if there is a feature that forced encryption but by default https uses 443 for encryption. I do not know if this is possible. -
Error with default SSL port (443) on Solaris
Hi all
I would like to config default SSL port 443 on Solaris but I found this error. What is the problem?
I use WebLogic 8.1 sp3
SSL port : 443
Unable to create a server socket on Channel Default for port: 443. java.net.BindException: Permission denied Perhaps another process is using port 443
I dont sure about permission. How can I do?Oh I can use root start weblogic and I can use 443 port, but when I use other users. I can't use 443 port
-
How do i temporarily disable TLS/SSL port 443 going to server on CSS
We are having issues with truncating packets that go through the CSS
I did a capture after the CSS and there is truncation............however i cant read it before the since everything is encrypted.
They hit vip address 172.20.120.16. on the CSS and get redirected to 2 servers depening on what the url says
They server team would like to turn it off just to test..i tried removing
"add service ARR-public-ssl" from the contetn below and we lost http and https to the server
so in essence i want to try and turn the 443 connection to a port 80---than it goes to port 7777 backend to 172.20.212.6
content BYE-WEB-SSL
vip address 172.20.120.16
protocol tcp
port 443
advanced-balance ssl
application ssl
add service ARR-public-ssl
active
ssl-server 40
ssl-server 40 rsacert byetest
ssl-server 40 vip address 172.20.120.16
ssl-server 40 cipher rsa-with-rc4-128-sha 172.20.120.17 80
ssl-server 40 cipher rsa-with-rc4-128-md5 172.20.120.17 80
ssl-server 40 urlrewrite 1 *
ssl-server 40 cipher rsa-with-3des-ede-cbc-sha 172.20.120.17 80
ssl-server 40 rsakey byekey
backend-server 50
backend-server 50 type initiation
backend-server 50 server-ip 69.xxx.xxx.xxx
backend-server 50 ip address 69.xxx.181.xxx
backend-server 50 rsacert byetest
backend-server 50 rsakey byekey
active
!************************** SERVICE **************************
service TIE-SSLINIT
protocol tcp
ip address 69.xxx.xxx.xxx
keepalive type tcp
keepalive port 443
slot 2
type ssl-init
add ssl-proxy-list HR-SSL
active
owner PublicBYE
content BYE-WEB-ARRR
vip address 172.20.120.17
protocol tcp
port 80
url "/arr*"
advanced-balance arrowpoint-cookie
balance aca
arpt-lct http-100-reinsert
add service BYE-ods-web1
active
content BY-WEB-TIX
protocol tcp
port 80
url "/tix*"
advanced-balance arrowpoint-cookie
balance aca
arpt-lct http-100-reinsert
add service BYE-ods-web2
vip address 172.20.120.17
active
content BYE-WEB-TIX-CLEARTEXT
add service TIX-SSLINIT
vip address 172.20.120.19
protocol tcp
port 80
active
content BYE-WEB-Nav
vip address 172.20.120.17
protocol tcp
port 80
url "/na*"
balance aca
arpt-lct http-100-reinsert
add service BYE-ods-web1
active
content BYE-WEB-SSL
vip address 172.20.120.16
protocol tcp
port 443
advanced-balance ssl
application ssl
add service ARR-public-ssl
active
service BYE-ds-web1-ssl
ip address 172.20.212.5
port 443
keepalive type ssl
active
service BYE-ds-web2
ip address 172.20.212.6
port 7777
keepalive port 7777
keepalive type tcp
active
service BYE-ds-web2
ip address 172.20.212.6
port 7777
keepalive port 7777
keepalive type tcp
active
service BYEos-web2-ssl
ip address 172.20.212.6
port 443
keepalive type ssl
activeCSS11506# sh ver
Version: sg0810205 (08.10.2.05)
Flash (Locked): 08.10.1.06
Flash (Operational): 08.10.2.05
Type: PRIMARY
Licensed Cmd Set(s): Standard Feature Set
Secure Management
Yeah..if done a packet trace before it hits the CSS and after......the only issue is that everything is engrypted before it hits the LB so i cant really read anythign....i did a pacet trace after the LB and on the Server itself its seems we get this
I thought i saw some bug info from cisco but i cant tell if its related
CSCsx05640—When you configure the CSS for a Layer 5 (L5) content rule and it receives an HTTP method POST with the HTTP header in one packet that is quickly followed by many packets of POST data or payload, it could fail to deliver all the data to the back-end server. The CSS Flow Manager (FM) application could incorrectly handle the POST and the data packet as a spanned content request and could cause the data to be mishandled. Workaround: Use less than 1-Gb connections in the network; a 100-Mb link does not exhibit this issue.
As you can see after the content-length..........nothing comes across........sometimes addtional stuff will come in ...but usually nothing
Is there a bug related to this on the CSS?
POST /TIXX/DocumentRepository_Service HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/soap+xml;charset=UTF-8;action="urn:ihe:iti:2007:ProvideAndRegisterDocumentSet-b"
User-Agent: Jakarta Commons-HttpClient/3.1
Host: www.xxxxxxxxxxxx.net
Content-Length: 9044 -
The attempt to connect to the server (IP address) on port 443 failed - OLT
Hi all
I am facing one problem, if i run load to any application for 100 users for 1 iteration then it is not showing any error. Lets say i ran the load of 100 users for one hour then for some users there are errors like
Line: (script.java:84)][ScriptException]: The attempt to connect to the server (IP address) on port 443 failed.
And my understanding is the user's which are facing failures is not able to get response or page loaded at their end. As failures are occuring for some particular steps not the entire scenario. Pls confirm.
ThanksI believe that's an indication that there is an error receiving mail, but if you have any drafts or email in your outgoing mailbox, try deleting them. Apple's troubleshooting steps for this are (from http://support.apple.com/kb/TS4002):
Cannot receive mail in OS X Mail
If you use OS X Mail, look at the name of your iCloud account on the left side of the main Mail window. If your iCloud account name is dim and has a lightning bolt next to it, your account is offline. To resolve this, make sure your computer is connected to the Internet. Then choose Go Online from the Mailbox menu.
If taking your iCloud account online doesn't resolve the issue, follow these steps:
From the Mail menu, choose Preferences.
In the Preferences window, click the Accounts tab if it is not already selected.
In the Accounts list, select your iCloud email address.
Click the Account Information tab.
Verify your SMTP server settings with the following information:
Incoming Mail Server: imap.mail.me.com
User Name: Your iCloud email address
Password: Your iCloud password
Click the Advanced tab and verify the following additional settings:
Port: 993
Use Secure Sockets Layer (SSL): Should be enabled
Authentication: Password -
Non-root user can't start Apache on port 443
Today I've been attempting to get SSL working for my Oracle Applications 11i (11.5.10.2) installation and I just hit a small problem. I've followed all of the Oracle literature I've come across, which instructed me to create a new (non-root) user to own the database tier and the applications tier. I've also followed the instructions for configuring SSL ([Doc 123718.1|https://metalink2.oracle.com/metalink/plsql/f?p=130:14:6976756808231635106::::p14_database_id,p14_docid,p14_show_header,p14_show_help,p14_black_frame,p14_font:NOT,123718.1,1,1,1,helvetica]) and the SSL wizard in OAM defaults to the standard HTTPS port (443). However, because 443 is a privileged port, a non-root user cannot bind to it. In other words, the Oracle literature itself has led me to an impossible situation. This is what I see in the Apache error log:
[Fri May 15 15:05:03 2009] [crit] (13)Permission denied: make_sock: could not bind to port 443
At this point, I see two choices:
1. Run the application tier services as root.
2. Change the SSL port to something greater than 1024 (i.e. 4443).
I'm leaning towards option #2, since option #1 negates the advantage of using a non-root user to begin with. Does anyone have any other suggestions? Does Oracle have any recommendations for this scenario?Hi,
You just need to start Apache as root (not all the application services). For Option 1, the application tier files should be owned by applmgr/oracle user (not root), and for Option 2, you do not need to change the port (though it is valid option). Just follow the steps in the following document.
Note: 356080.1 - How to run Apache on Port 80 in Apps 11i
https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=356080.1
BTW, this is mentioned in the document "if you have chosen port 443 (or any port under 1024) for your SSL port, you will have to start Apache as root".
Regards,
Hussein -
Is it possible to run iSQL*Plus only using Port 443/SSL? I receive the following
error whenever I do not listen for port 80 connections:
[Mon Sep 16 13:29:58 2002] [emerg] OPM: Could not find a valid non-ssl LISTEN ip
and port. The whole process exits.
[Mon Sep 16 13:29:58 2002] [alert] (2)No such file or directory: FastCGI: read()
from pipe failed (0)
[Mon Sep 16 13:29:58 2002] [alert] (2)No such file or directory: FastCGI: the PM
is shutting down, Apache seems to have disappeared - byeAlison,
Thanks for the reply. I think that the httpd.conf file is saying if you want both
types of connections (http and https) you have to listen for both types of connections.
We have other Apache web servers here that only allow https/port 443 connections and
only listen for those type of connections.
Maybe I should have asked my question a different way, is it possible configure
iSQL*Plus via the httpd.conf file (and other .conf files) so that FastCGI will
work with SSL connections? If not, is there a way to configure everything so that
the only non-SSL connections are between FastCGI and iSQL*Plus (i.e., no users can
connect to the web server without using and SSL connection)?
Again, thanks for your help.
Cecil,
After reading the httpd.conf (web server config file), I found this:
# Port: The port to which the standalone server listens. Certain firewall
# products must be configured before Apache can listen to a specific port.
# Other running httpd servers will also interfere with this port. Disable
# all firewall, security, and other services if you encounter problems.
# To help diagnose problems use the Windows NT command NETSTAT -a
Port 7778
## SSL Support
## When we also provide SSL we have to listen to the
## standard HTTP port (see above) and to the HTTPS port
Listen 7778
Listen 4443
It looks like you have to listen on a default port, as well as on an https port. iSQL*Plus doesn't actually care which port it is being called from as it is one step removed and has it's own (different) port connection to the web server.
Perhaps this is a question to research from the web server (essentially Apache) point of view? You could try the usenet newsgroups, the Metalink web site, or you could call Oracle Support.
Alison -
Hello All,
Im a litle confuse, and im not getting there.
I had this config scheme, and it works fine:
Every SSL Traffic is ended in SSL Module, and give it back to content as port 80.
It matchs the content HTTP-Aplj, and sends traffic to service esl0011-7777.
It works fine, with http and https.
Then i had tryed many unsucessefully times the following:
I want that http traffic goes just like the actual config, ending on backend servers on port 7777, but want the https traffic to be redirected to 4443.
I have done some trys on several parts of the configs, adding new services for 4443 port, ssl-proxy-list, and adding a new content.
I even got this message, when was trying to active the content SSL.Aplj:
%% Not all content VIP:Port combinations are configured in a ssl-proxy-list for sslAccel type of services
Please give me some ideias to achieve this goal.
The following config is the basic config for the 1st step. The working one.
Best Regards,
Bruno Petrónio
************** SSL-Proxy-List **************
ssl-server 90 vip address 10.1.2.136
ssl-server 90 urlrewrite 1 https:\\10.1.2.136
ssl-server 90 rsacert xxxxcert
ssl-server 90 rsakey xxxxkey
ssl-server 90 cipher rsa-export-with-rc4-40-md5 10.1.2.136 80
************** SERVICE **************
service MODSSL
slot 2
type ssl-accel
keepalive type none
add ssl-proxy-list ssl1
active
service esl0011-7777
ip address 10.1.1.120
port 7777
keepalive type http
keepalive port 7777
keepalive uri "/"
active
************** OWNER **************
owner Test
content HTTP-Aplj
vip address 10.1.2.136
port 80
protocol tcp
add service esl0011-7777
redundancy-l4-stateless
active
content SSL-Aplj
vip address 10.1.2.136
add service MODSSL
application ssl
advanced-balance ssl
protocol tcp
port 443
url "/*"
redundancy-l4-stateless
activetry the following
ssl-server 90 vip address 10.1.2.136
ssl-server 90 urlrewrite 1 10.1.2.136
ssl-server 90 rsacert xxxxcert
ssl-server 90 rsakey xxxxkey
ssl-server 90 cipher rsa-export-with-rc4-40-md5 10.1.2.136 4443
service esl0011-4443
ip address 10.1.1.120
port 4443
keepalive type http
keepalive uri "/"
active
content HTTP-4443
vip address 10.1.2.136
port 4443
protocol tcp
add service esl0011-4443
active
BTW, I also corrected your urlrewrite command as it was incorrect. You need to specify the host. So not http or https in front.
Gilles. -
How to Direct open Website link to https: ( port 443)
In my web server i host website on port 443 using SSl certificate. when my user try to access this website they nee to put manually address like https://siteneme..? how to open this website direct without type https
You can configure a redirection from http to https so that when the user types www.contoso.com it will get redirected to https://www.contoso.com.
You can do that on your load balancer if you are using one or on the Website configuration.
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Get Active Directory User Last Logon
Create an Active Directory test domain similar to the production one
Management of test accounts in an Active Directory production domain - Part I
Management of test accounts in an Active Directory production domain - Part II
Management of test accounts in an Active Directory production domain - Part III
Reset Active Directory user password -
How to open port 443?, How to open port 443?
Hey, an online broking software wants connection to my mac. How can i open a special ssl port like 443,
i allrady did the routerconfiguration, how can i change the mac firewall?afromfrankfurt,
I came here for help on this subject and MAY have an idea why you are still having the problem after turning off the firewall on your Mac. Assuming your router works the same way mine does, you have to do something to create a path between the outside world and your Mac for traffic on port 443. I know there are ways to do this where the computer can dynamically do this but that is not something I have figured out at this point. The ONLY way I know to make it work is to make sure the Mac has the same IP address every time it uses that router and to tell the router to direct traffic coming in from the web to go to the address you have assigned your Mac.
Hopefully someone more knowldegable than I am will speak up and say how to do it dynamically because, if this is a laptop, assigning it a fixed address on your network can create problems when you take it someplace else.
Steven -
Mutiple servers using port 443
Hi,
I am looking to set up several websites that utilise port 443 for SSL
behind
my firewall.
I understand that the reverse proxy in BM will only forward from port
443 to
port 443.
As I only have one public IP address I was looking to use ports such
as
51443, 52443 and redirect to port 443 on the various internal servers.
Is this possible using the generic TCP proxy or is there another way
of
doing this I am using BM 3.6
All suggestions gratefully rec'd
Davidpresumably if that failed I could use a hardware firewall such as a
cisco
PIX to do the job.
set up some sort of DMZ and put the servers in there.
"Craig Johnson" <[email protected]> wrote in message
news:[email protected]..
> In article <skPnb.461$[email protected]>, David
> Quickfall wrote:
> > Is this possible using the generic TCP proxy or is there another
way of
> > doing this I am using BM 3.6
> >
> Generic proxy will work fine, (and in fact it probably works better
than
> using reverse proxy for 443). Set up one generic proxy for each
port.
>
> I don't know if you can successfully use the port translation
ability of
> generic proxy here. (Proxy port 444 to 443). I don't think that
works
> for SSL.
>
> Craig Johnson
> Novell Support Connection SysOp
> *** For a current patch list, tips, handy files and books on
> BorderManager, go to http://www.craigjconsulting.com ***
> -
ACL Entries to allow port 443 to
Hi, just wondering if anyone else has had a problem with a BM 3.7 server
not allowing SSL connections. I have created an ACL rule allowing anyone
to connect to port 443 to specified detinations. I have tried the hostname
(with wildcard extensions for webpages) and the IP address of the servers.
But on every attempt I always get a 403 forbidden error. Any info as to
why this is happening would be helpful.
Also, should the server address be in the common HTTP rule as well.
Currently I am running BM 3.7 SP2 with the FP3 patches applied. on a NW5.1
sp5 server.
Thanks,In article <PNPWd.137$[email protected]>, wrote:
> But on every attempt I always get a 403 forbidden error. Any info as to
> why this is happening would be helpful.
>
Sounds like you may have access rules configured for port 80 instead of
URL.
Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com *** -
Port 443 content rule, can the CSS see inside the cookie ?
Hi Gilles/everyone,
With a content rule using port 443, can we use cookie based stickiness or is the cookie also encrpyted ?
cheers,
Mikealso encrypted.
No way to see it without an SSL module to decrypt.
Gilles. -
Hi,
I just purchased WRVS4400N and tested, port 443 is not secure and I was wondering is there any way of blocking that **bleep**?
Tryed everything (port forwarding etc.) nothing helps!!
Please help!
Elf
The Elf ClericWhen you say it is not secure, what exactly do you mean? If you have the firewall enabled it should only allow packets in that are in response to a legitimate request from your computer (i.e. when you access a secure web site). To block any incoming traffic for that port (or any other for that matter), click on the firewall link, click on IP based ACL and create a firewall rule that blocks any 443 (or whatever port you want to block) traffic from the WAN. Be advised that if you block 443 you will not be able to access web sites using ssl. (https:// sites). Port forwarding actually opens the port to inbound traffic, so you'll want to remove the port from port forwarding.
Maybe you are looking for
-
Imported audiobook and iPhone videos not showing in main library.
Today I imported an Audible book I had downloaded by dragging the files onto the "Library" section of iTunes. The progress bar showed that the files were being imported and the book shows up in a smart playlist in the "Playlist" section but not in th
-
Photoshop Cs4 Missing web photo gallery
Is this option gone, renamed, or has it been move to a differen't location? I've look already under File>Automate Thanks
-
I am having some (well loads) of problems trying to get something out of Idvd (version 5.0.1). Each time I send something to burn I either have the whole process hang forever with the spinning cd; or it comes up with a message relating to multiplexin
-
Can configure the date and time
-
Dear all; We have only one Database server with some IIS's as web servers on front . Each web server has own oracle client software in order connect to central database.. The same following query used in C# code returns different results on each