RMI SSL problem

Similar Messages

• HT201412 I have a problem connecting to the server (SSL problem) on my new Apple ipad.  I was supplied with a new ID password, but I am unable to get into my settings and email. Could someone please offer a suggestion?  Thanks!  A.A.

  I have a problem connecting to the server (SSL problem) on my new Apple Ipad (iOS6).  When submitting my Apple ID password, I am prevented from signing in to a secure connection due to an SSL problem.  Any suggestions ??  Thank you! 

  Sounds more like you have a problem with your apple id. For starters go to that page click manage my apple id and singn in. If you can't sign in reset password.
  https://appleid.apple.com
  if you can sign in there, try to sign in to itunes on your computer.

• HT1338 iMac and SSL problem

  I have an iMac operating under OS X.  Where can I find a patch for the SSL problem that reently occurred?

  There is none required for 10.3 or earlier. For Mountain Lion look here: Apple Security Update 2014-001. For Mavericks use App Store for the software update.

• RMI Marshalling Problem:  weblogic.Admin PING

  WebLogic 5.1.0 with service pack 8 has been installed on a HPUX server. I'm
  trying to ping the server from an NT box, but I'm getting some RMI
  marshalling problems.
  Here is the command that I run on NT:
  C:\weblogic\jre1_2\jre\bin\java -classpath
  c:weblogic/lib/weblogic510sp.jar;c:/weblogic/classes;c:/weblogic/lib/weblogi
  caux.jar weblogic.Admin t3://HPServer:7001 PING > MarshallingProblem.txt
  Here is what is in MarshallingProblem.txt (modified server name):
  Failed to connect to t3://HPServer:7001 due to:
  [weblogic.rmi.UnexpectedException: Marshalling:
  - with nested exception:
  [weblogic.rjvm.PeerGoneException:
  - with nested exception:
  [weblogic.utils.AssertionError: ***** ASSERTION FAILED *****[ Exception
  creating response stream ] - with nested exception:
  [java.io.InvalidClassException:
  weblogic.security.acl.internal.AuthenticatedUser; Local class not
  compatible: stream classdesc serialVersionUID=6699361079932480379 local
  class serialVersionUID=2825328378974757378]]]]
  I previously had similar problems pinging the server from the server itself
  until I included the servicepack in the classpath.
  Anyone have any idea what going on in this situation?
  Cameron Taggart

  Cameron
  Can you test with sp8 installed on your NT machine too ? And also make
  sure you set the classpath with the sp8 jar files on NT before you run
  weblogic.Admin PING
  Raj Alagumalai
  Cameron Taggart wrote:
  WebLogic 5.1.0 with service pack 8 has been installed on a HPUX server. I'm
  trying to ping the server from an NT box, but I'm getting some RMI
  marshalling problems.
  Here is the command that I run on NT:
  C:\weblogic\jre1_2\jre\bin\java -classpath
  c:weblogic/lib/weblogic510sp.jar;c:/weblogic/classes;c:/weblogic/lib/weblogi
  caux.jar weblogic.Admin t3://HPServer:7001 PING > MarshallingProblem.txt
  Here is what is in MarshallingProblem.txt (modified server name):
  Failed to connect to t3://HPServer:7001 due to:
  [weblogic.rmi.UnexpectedException: Marshalling:
  - with nested exception:
  [weblogic.rjvm.PeerGoneException:
  - with nested exception:
  [weblogic.utils.AssertionError: ***** ASSERTION FAILED *****[ Exception
  creating response stream ] - with nested exception:
  [java.io.InvalidClassException:
  weblogic.security.acl.internal.AuthenticatedUser; Local class not
  compatible: stream classdesc serialVersionUID=6699361079932480379 local
  class serialVersionUID=2825328378974757378]]]]
  I previously had similar problems pinging the server from the server itself
  until I included the servicepack in the classpath.
  Anyone have any idea what going on in this situation?
  Cameron Taggart

• SSL-Problems when setting up a test environment with Exchange

  Hello everyone,
  I am trying to set up a test environment with Exchange 2013 to learn how the stuff works. However, I am facing some problems due to the fact that Exchange is designed for use with SSL certificates. The main thing that makes problems is the connection with
  RPC over HTTP. I've used the MS remote connectivity analyzer to find out why it is not working and as I thought it is because of a missing SSL certificate (it seems the self signed doesn't work here). Now in order to get this working I just bought a certificate
  for "mydomain.com". Now here is the first problem: This certificate is NOT a wildcard certificate. So if I understood correctly it works for mydomain.com but it won't work for subdomain.mydomain.com. Is this correct? (First question)
  If this is correct I will probably another problem: As I said this is a learning-environment so the server is at home behind a router. This means: Only one WAN-IP. I think could get this working by forwarding everything to the Exchange Server (like mydomain.com
  goes to the WAN-IP where the router is forwarding everything like port 25 or 443 directly to the exchange Server). This way I wouldn't have any problems I think: mydomain.com has a valid SSL cert, it resolves to my WAN-IP which forwards everything to the internal
  Exchange Server. Now here is the problem: I plan to setup a SharePoint Server as well. I thought about using ARR (IIS) to make both available behind the same WAN-IP without using ports inside the url. Ideally the Exchange Server should then be available via
  "mail.mydomain.com". This will work fine with ARR but then I probably have SSL problems again? (second question)
  Do you have any ideas what I can do to solve such problems? Should I buy another certificate for mail.mydomain.com? But then I would need to buy several certificates (e.g. for autodiscover.mydomain.com to get this working as well). This can become very expensive...
  Thanks!
  Regards
  Christian

  Hi,
  For your first question, if there is a single certificate just for “mydomain.com”, it cannot work for subdomain.mydomain.com.
  Generally, antodiscover.domain.com is used to access the autodiscover service for external users. If you just need test users to access Exchange server from internal environment, it is not necessary to get a certificate for autodiscover.domain.com.
  Therefore, for your second question what I can ensure is that if all URLs that used to connect Exchange from internal and external are configured to mail.mydomain.com with all services(IIS,SMTP,POP,IMAP), there will be no certificate problems in Exchange
  side.
  Best Regards,
  Winnie Liang
  TechNet Community Support

• RMI with SSL problem (cross post under RMI too)

  Hi,
  I'm having problems using RMI with SSL. I posted in the RMI forum originally but now realise the problems are with the SSL really.
  Perhaps someone who follows this forum could help.
  See post:
  http://forum.java.sun.com/thread.jsp?forum=58&thread=409347
  Thanks.

  There's more dukes in the other thread too.

• Design Console SSL problems for OIM 9.1.0.2

  Hi there,
  I have installed the design client for OIM 9.1.0.2, patched it and activated SSL using the instructions in:
  http://download.oracle.com/docs/cd/E14049_01/doc.9101/e14062.pdf
  However, when I attempt to log in, I get the following error at the UI:
  Error Keyword: DAE.UNKNOWN_CODE
  Description: An unknown error code was passed.
  Remedy: Contact your system adminstrator.
  Action: E
  Severity: C
  Help URL:
  Detail:
  com.thortech.xl.security.tcLoginException: javax.naming.CommunicationException: Server protocol was not ORMI, if uncertain about the port your server uses for ORMI then use the default, 23791 [Root exception is java.io.IOException: Server protocol was not ORMI, if uncertain about the port your server uses for ORMI then use the default, 23791]
  This seems to indicate that the server protocol is not ORMI, which is correct, it is ORMIS (as per the SSL instructions).
  I've checked through the logs for this error, and am unable to find it, so it looks like it is only visiible client side. This suggests that the connection is not reaching OIM.
  Does anyone have any ideas about how to make sure ORMIS is in use and trouble shooting my SSL connection?
  Any advice gratefully received,
  Hugh

  While seting rmis port in opmn.xml file one should ensure that these ports must be unique as per the DC install guide. Please note there are three instances of <port id="rmis" range="1270x"/> in the opmn.xml file. The first one is generic, the second one is for oc4j_home oc4j container and the last for the oim oc4j container. The rmis port for the oim container must be 12701 for the other instructions to work, the others can be 12702 and 12703 so set the first one to 12702, the second one to 12703 and the third one to 12701 respectively.
  xlConfig_dc_side I had the following:
  <java.naming.provider.url>ormi://172.20.16.139:12701/Xellerate</java.naming.provider.url>
  where it should have been:
  <java.naming.provider.url>ormis://172.20.16.139:12701/Xellerate</java.naming.provider.url>
  This fixed my problem.
  2Hugh

• RMI/SSL Java 5: simple answer for simple app?

  I have a very simple RMI application (no dynamic class loader, no security manager, no rmiregistry), which I'd like to run with SSL. I'm using Java 5 and want to use the standard socket factories but haven't found a clear example of how to do it; I've run into what's probably a trivial problem.
  My current code looks something like
  public class X extends UnicastRemoteObject {
      public void startServer(String url, int port) {
          System.setProperty("java.rmi.server.ignoreStubClasses", "true");
           LocateRegistry.createRegistry(port);
           Naming.rebind(url,server);
  }This works properly.
  To use SSL, I changed the createRegistry call to
      LocateRegistry.createRegistry(port,
                      new SslRMIClientSocketFactory(),
                      new SslRMIServerSocketFactory());However, with this change, the rebind call throws an exception:
  startServer: java.rmi.ConnectIOException: non-JRMP server at remote endpoint
  java.rmi.ConnectIOException: non-JRMP server at remote endpoint
       at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:217)
       at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171)
       at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:306)
       at sun.rmi.registry.RegistryImpl_Stub.rebind(Unknown Source)
       at java.rmi.Naming.rebind(Naming.java:160)
          ...Any idea of what I'm doing wrong?
  Thanks

  This should be in a new thread.
  java.rmi.server.RMISocketFactory.setSocketFactory(new
  RmiSecureSocketFactory());Delete this line. It calls a deprecated method which is 6 years out of date, and you are only calling it at the server, so of courseyour client is speaking JRMP, not JRMP/SSL, to the server, as the exception says. You should be using RMIServerSocketFactory and RMIClientSocketFactory, as follows (and as per the samples that come with your JDK):
  this.rmiProcessor = new SamlProcessorImpl();Make sure that SamIProcessorImpl() calls
  super(port, new RmiSSHClientSocketFactory(), new RmiSSHClientSocketFactory());
  LocateRegistry.createRegistry(port);
  LocateRegistry.getRegistry(port).bind(bindName, rmiProcessor);Now you're creating a JRMP registry, but your client expects a JRMP/SSL registry. Change this to
  Registry reg = LocateRegistry.createRegistry(port, new  RmiSSHClientSocketFactory(), new RmiSSHClientSocketFactory());
  reg.bind(bindName, rmiProcessor);
  the RmiSecureSocketFactory returns sslsockets and
  when running the server i pass these options
  -Djavax.net.ssl.trustStore=pdp.keystore
  -Djavax.net.ssl.keyStore=pdp.keystore
  -Djavax.net.ssl.keyStorePassword=*******This won't do at the server. The server socket factory must initialize an SSLContext with a non-null KeyManagerFactory which uses these keystore attributes, and create the SSLServerSocket from the context's SSLServerSocketFactory. This seems to be an error in the JDK javadoc.
  rmiServer = (RmiProcessor)
  miProcessor) LocateRegistry.getRegistry(hostName,
  port,
  new RmiSSHClientSocketFactory()).lookup(serverBindName);This is OK.
  good luck

• RMI/SSL in ALSB?

  Seems unlikely, but on the off chance that I'm just missing a configuration item... is it possible to use SSL with an EJB (RMI) call through an ALSB business service, or would I need to implement this functionality with a Java callout?
  Has anyone done this with ALSB yet?
  Thanks,
  Meghan

  Thanks for the reply.
  Actually, I am using a server certificate signed by a trusted CA (thawte). ut this certificate has a constriant set on it, which says "object signing". I assume this meas that this certificate can e used for signing an object to verify the source, but not for authentication or an SSL handshake. Using this certificate, my handshakes are timing out.
  I understand that by downloading a keystore which already has imported a self signed cert, and using it is in fact defeating the purpose of having trusted CAs, ut this was a workaround I did to get the handshakes going.
  Would I be able to get a single certificate that can be used for signing my jars as well as for authentication. ? if so my problem is solved without doing any workaround or having to ship the Keystores in my jar.

• Single Sign-on and SSL problems

  We are using WebLogic Portal and Server (version 8.1 SP3). We want to have a single sign-on when entering the portal, so that users do not need to reauthenticate each time they access an application via an applet in the portal. We also want to protect the username/password authentication and all other connection information using SSL. We have applications in multiple domains.
  When not using SSL, SSO works okay. We are challenged for username/password exactly once, whether we access the Portal, or an application directly. As soon as we enable SSL, we are challenged repeatedly, and in some cases cannot access the applications at all, as the challenge always fails.
  We suspect that there is a Session cookie problem and that something is clobering the cookie and thus breaking the session. Does anyone have any idea on what might be causing the problem?

  Hi Derick,
  I want to make our discussion into 2 parts
  1) Sign on
  2) Viewing data based on the Heirarchy
  1)Before discussing about the Sign on i want to know which connectivity you are using ? Live offcie or QaaWS.
  2) We can make the second point possible in two ways One is with providing restriction at universe level
  and the other one is through the use of flash variables.
  Using flash variables:
  The main idea of using flash variables is reading the User ID from BO authentication and based on that we fetch the Heirarchy level of that user. Then we use some excel logic to hide the data from Low level heirarchy(Here we use Dynamic Visibility for components).
  I hope this is what you ar looking for....
  If so i have more points to acheive such scenario.
  Please provide the your BO environment details, such that it will be easy to identify the better best wat to acheve it.
  Regards,
  AnjaniKumar C.A.

• Java.rmi.ServerException Problem

  The exception that has occured is java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
  java.rmi.UnmarshalException: error unmarshalling arguments; nested exception is:
  java.lang.ClassNotFoundException: Process00Impl_Stub
  I have the interface, Client, Server and the Implementation java files
  in the same machine.
  11/29/2002 08:52p 282 Process00.class
  11/29/2002 08:25p 221 Process00.java
  11/29/2002 07:40p 215 Process00.java.bak
  11/29/2002 08:56p 1,008 Process00Client.java
  11/29/2002 08:55p 1,010 Process00Client.java.bak
  11/29/2002 08:57p 451 Process00Impl.class
  11/29/2002 08:57p 936 Process00Impl.java
  11/29/2002 08:52p 934 Process00Impl.java.bak
  11/29/2002 08:57p 2,153 Process00Impl_Skel.class
  11/29/2002 08:57p 3,938 Process00Impl_Stub.class
  11/29/2002 08:56p 995 Process00Server.class
  11/29/2002 08:57p 645 Process00Server.java
  11/29/2002 08:56p 643 Process00Server.java.bak
  I also have the _Stub.class. I do not know why I get this error. If any
  one have an idea, kindly share with me.
  Thanks.

  Hi,
  I had the same problem. In my machine, path was having jre1.1.7 before my jdk 1.4. So it was picking up from jre1.1.7.
  Java was happy when I moved my jdk1.4 path to the beginning of the path variable.
  Hope this helps you.

• SSL problem: SSL Forbidden or 12204 SSL port specified is not allowed

  Hello there,
  we have a BIG PROBLEM on a production system.
  Some user on internet using IEXplore 5.0x could'nt access our https page.
  Error reported are:
  SSL Forbidden
  SSL port specified is not allowed
  We are using SSL on port 7002
  This is the weblogic properties reagrd SSL:.
  weblogic.security.ssl.enable=true
  # SSL listen port
  weblogic.system.SSLListenPort=7002
  Any suggestion?
  Is there a possibility to use port 80 both for https and http?
  Any help will be apprciated.
  THANK'S!

  I think you need to setup your proxy server to allow 7002 port,
  or use port 443 for SSL ( it is the default proxy secured port)
  Hope this will help
  Mohds
  "Paul Patrick" <[email protected]> wrote:
  If this is a production problem, you should file a problem report with BEA
  Support.
  But I didn't see any certificates for the server registered. Without
  certificates and a private
  key the SSL protocol will not work.
  Paul Patrick
  "Antimo" <[email protected]> wrote in message
  news:3a12cc80$[email protected]..
  Hello there,
  we have a BIG PROBLEM on a production system.
  Some user on internet using IEXplore 5.0x could'nt access our https page.
  Error reported are:
  SSL Forbidden
  SSL port specified is not allowed
  We are using SSL on port 7002
  This is the weblogic properties reagrd SSL:.
  weblogic.security.ssl.enable=true
  # SSL listen port
  weblogic.system.SSLListenPort=7002
  Any suggestion?
  Is there a possibility to use port 80 both for https and http?
  Any help will be apprciated.
  THANK'S!

• SSL Problem in Flex

  I am using Flex with PHP via AMF PHP. Building application
  was fine. But it gave me problem when I deployed it to server which
  sits behind SSL layer. The problem is not associate with data
  accessing I can access data very well but I when I go to any other
  page after visiting flex part it just kicks user out to login page
  again. If I simply use HTTP protocol it does not happen but if I
  use HTTPS protocol it does. I did intense research in this problem.
  I tried following solutions.
  USE crossdomain file name crossdomain.xml
  loadpolicy file
  class="mx.messaging.channels.SecureAMFChannel" in
  service-config.xml
  class="flex.messaging.endpoints.SecureAMFEndpoint" in
  service-config.xml
  lastly here is my crossdomain.xml
  <?xml version="1.0" ?>
  <!-- https://imtecintranet/shopping -->
  <!DOCTYPE cross-domain-policy SYSTEM "
  http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
  <cross-domain-policy>
  <allow-access-from domain="*" secure="false"
  to-ports="443"/>
  </cross-domain-policy>
  All this solution mentioned in different websites including
  flex documentation didn't worked. It's not the problem from PHP
  side since it works perfectly with Flex if I use HTTP protocol so I
  think problem is in Flex side. I read in this website
  http://www.onflex.org/ted/2005/11/using-flash-player-under-https-with.php
  that flash player have bugs and so, I tried to solve this
  problem by using cross-domain.xml file but unfortunately this
  didn't solve the problem. Any help will be greatly appreciated.

  with some additional attributes added on to server.xml <Connector /> tag application is loading fine in local environment.
  <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" bufferSize="64000" maxHttpHeaderSize="64000"  socket.appWriteBufSize="64000" socket.appReadBufSize="64000" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Users\user_name\.keystore" keystorePass="*****" allowTrace="false"/>
  But the same changes are not working in UAT environment, any clue on it will help me.
  thanks in advance.

• SOAP RECEIVER SSL Problems

  Dear Community,
     I have configured a SOAP Receiver to an external web service (https://server:7002/service). I have use IE to get the certificate of the server and have imported it into the keystore of the j2ee (using VA). I have imported it to the all current views available. We have SAP PI 7.0 SP18. The problem is that the SSL handshaking is not performed correctly. I have placed a tcp gateway monitor tool to see the messages pass through. As soon as the first message is send to the above URL and a response is received, I get a XIAdapter/HTTP/ADAPTER.HTTP_EXCEPTION - HTTP 500 Internal Server Error. Also, in the default trace log I get a no private key found.... Do I need extra steps to configure SSL in the SOAP Receiver? The service does not required a Client authentication certificate and has a certificate with  o CA root certificate (since this is only a test system and has issued its own certificate). Any ideas? Any help will be appreciated.
  Regards,
  S.Socratous

  Hello,
  Generally it's a connectivity behaviour. Check if you have setup the connection to
  the receiver and also check the explanation regarding 500 Internal Server Errors:
  *Description: The server encountered an unexpected condition which prevented it from fulfilling the request.
  Possible Tips: Have a look into SAP Notes u2013 804124, 807000*
  It may be also a problem with the SSL certificate. So, check if it's not expired;
  The correct server certificate may be not present in the TrustedCA keystore view of NWA .
  Please ensure you have done all the steps described in these url (this is for 7.11):
  Security Configuration at Message Level
  http://help.sap.com/saphelp_nwpi711/helpdata/en/48/d1c7e690d75430e100000
  00a42189b/frameset.htm
  You may have not imported the certificate chain in the correct order (Own -> Intermediate -> Root);
  Last, if the end point of the SOAP Call(Server) is configured to accept
  a client certificate(mandatory), then make sure that it is configured
  correctly in the SOAP channel and it is also within validity period.
  (This certificate is the one which is sent to Server for Client
  authentication)
  Hope that helps.
  With regards,
  Caio Cagnani

• RMI / SSL and self signed certifcate

  hi,
  is it possible to use RMI over SSL with an self signed certifcate? how? could i automatically install a self signed certificate on client side?
  or must i apply an certicficate from e.g. verisign?
  thx mike

  Define a dummy Trust Manager to skip server certificate verification in the RMISSLClientSocketFactory. For example,
  import javax.net.ssl.*;
  import java.security.cert.*;
  class DummyTrustManager implements X509TrustManager
      public void checkClientTrusted(X509Certificate[] x509CertificateArray, String string) throws CertificateException
      public void checkServerTrusted(X509Certificate[] x509CertificateArray, String string) throws CertificateException
      public boolean isClientTrusted( X509Certificate[] cert)
          return true;
      public boolean isServerTrusted( X509Certificate[] cert)
          return true;
      public X509Certificate[] getAcceptedIssuers()
          return new X509Certificate[0];
  }When you initialize your SSLContext in the RMISSLClientSocketFactory, use ctx.init(null, new TrustManager[]{new DummyTrustManager()}, null);
  import java.io.*;
  import java.net.*;
  import java.rmi.server.*;
  import javax.net.ssl.*;
  public class RMISSLClientSocketFactory implements RMIClientSocketFactory, Serializable
      static private SSLSocketFactory _defaultSSLSocketFactory;
      static
          try
              SSLContext ctx = SSLContext.getInstance("TLS");
              ctx.init(null, new TrustManager[]{new DummyTrustManager()}, null);
              _defaultSSLSocketFactory = ctx.getSocketFactory();
          catch (Exception ex)
          if (_defaultSSLSocketFactory==null)
              _defaultSSLSocketFactory =(javax.net.ssl.SSLSocketFactory)javax.net.ssl.SSLSocketFactory.getDefault();
      public Socket createSocket(String host, int port)  throws IOException
          return _defaultSSLSocketFactory.createSocket(host, port);