Securing Portal with SSL/https

Similar Messages

• Calling web service with SSL (HTTPS) hangs client stub

  If anyone can help it would make my day! I've spent way too much time on this!!!
  I'm running:
  - Web service is running on Linux RedHat with Oracle9iAS 9.0.3
  - Client is running from Windows XP under Jdeveloper
  I've successfully installed and run the web security demo "ws_security" at http://otn.oracle.com/sample_code/tech/java/web_services/wssecurity/ws_security.jar.
  This demo goes through installing the web service, certificates, etc... and the demo runs fine. I'm also able to connect to the web service from a browser using https://server1:4443/CreditCardValidator/CreditCardValidator. I can download the proxy, look at the WSDL, etc...
  Now I've written my own very simple stateless java class web service, deployed it to 9iAS , and then downloaded the proxy stub jar. Using the proxy stub I can call my web service and everything works fine.
  Then I configure the web service to use HTTPS by making the following changes to the proxy stub (per the ws_security demo).
  1) Copy the following 5 lines to the proxy stub
  System.setProperty("ssl.SocketFactory.provider","oracle.security.ssl.OracleSSLSocketFactoryImpl");
  System.setProperty("ssl.ServerSocketFactory.provider","oracle.security.ssl.OracleSSLServerSocketFactoryImpl");
  System.setProperty("java.protocol.handler.pkgs","HTTPClient");
  System.setProperty("oracle.wallet.location","C:\\Data\\Oracle\\WALLETS\\ws_security\\wallet.txt");
  System.setProperty("oracle.wallet.password","thewalletpassword");
  2) modify the "m_soapURL" by changing "http" to "https" and the port number to 4443
  3) add the following 3 jar files to my projects library class list:
  C:\Program Files\jdev9031\jlib\jssl-1_2.jar
  C:\Program Files\jdev9031\jdk\jre\lib\ext\jcert.jar
  C:\Program Files\jdev9031\lib\jsse.jar;C:\Program Files\jdev9031\jlib\javax-ssl-1_2.jar
  When I run the proxy stub it just hangs. I've traced the hang to the "Response response = call.invoke(new URL(m_soapURL), soapActionURI);" statement in the "makeSOAPCallRPC" method in the proxy stub.
  Again, this works fine if I simply change the "m_soapURL" to use "http" instead of "https". It looks like it's hanging on the client side and the call is never making it to the server.
  Any help is GREATLY appreciated!!!!!

  Could you explain it a little more, please.
  Since my first message, I used the wallet manager to add the certificate the server where the web service is at, uses.
  What else do I need to make it work??
  Thanks in advance again.

• Crystal Reports export and print fails with SSL / https but works with http

  Windows 2008 Server, 32-bit (IIS7)
  ASP.NET 2.0
  Ajax 1.0
  Crystal Reports version 10.5.3700.0
  http:  printing works, export works
  https:  printing not working, only export to MS Excel and MS Word work.
  I am able to generate reports using both http and https, and the toolbar icons are all showing.  However, I am unable to print or export properly with SSL.
  Printing prompts me with a select printer window, and then a window 'Retrieving Page 1' follow by two messages from Crystal Print Control both stating:
  A communication error occured.  Printing will be stopped.
  Exporting generates various errors depending on which export method is being selected (however Excel and Word work over https).
  I've found the same problem on this site and other forums, but never a resolution to get exporting and printing to work with SSL.  Will someone please provide me assistance or possibly relay what settings they're using if they have Crystal Reports export or printing working over SSL in IIS7?  Everything works fine when I change the address from https to http.
  Please let me know if I can help by providing further information.  We've gone through a great deal of possible solutions with code and I'm currently looking in to IIS settings again.
  Thank you.

  Thanks Ludek. I got it by searching KB number.
  Unfortunately, it didn’t fix my problem even my IE (IE8 and IE 9) has correct setting.  I double check my version. PrintControl.CAB is version 10.2.0.1146. we use VS 2005 Crystal report and VB .NET. It works fine on HTTP. But when we use HTTPS (SSL Certificate from go daddy).
  1: Crystal report export
              Export to MS Excel, Word: pop us “File download”, then click “Save”. It says “Internet Explorer cannot download ReportView.aspx from my site. Internet Explorer was not able to open this internet site. the requested site is either unavailable or cannot be found. Please try it again later”
              Export to RPt, Rich text format: It says “Internet Explorer cannot download ReportView.aspx from my site. Internet Explorer was not able to open this internet site. the requested site is either unavailable or cannot be found. Please try it again later”
              Export to PDF : nothing happened.
  2: Print:
              Pop up dialog to select printer, click “Print” “. Shows windows “Crystal Report Viewer” and pop us error message box. Title is “Crystal Print Control”. Message is “An communication error occurred. Printing will be stopped”. Click “OK” and pop up error message box again.
  Please advise.
  Thank you very much!

• Error in scenario "FILE to HTTP(with SSL)" - HTTP client code 110 reason.

  Hi friends,
  Our scenario is as follows:
  We are trying to send XML file from our SAP-XI to external tool "COMMunix XC" (a multi-protocol EDI platform tool).
  We have configured " FILE TO HTTP(with SSL)" scenario (trying to connect HTTPS/port)
  1. We have created RFC destination of type G and refered the same RFC in Communication channel (Adapter type: HTTP)
  2. We have send the SSL Server certificate to other party and ensure that they have imported at thier end.
  3. We have included the certificates from other party in our SAP XI STRUST under SSL Client (Standard) node.
  4. We have tried " CONNECTION TEST " in the RFC destination created in type G (in STEP 1) and it shows the GREEN TICK at bottom, no other message nor any error message
  When we trigger the communication we recieve the error: HTTP client code 110 reason in SXMB_MONI.
  Please let us know if we have missed out some step.
  What does error message indicate,
  Regards,
  Rehan

  Hi Rehan,
  I see that the PROCTIMEOUT was already at a very high value.
  Does this occur for messages of a particularly large size?  If yes, you could increase the parameter
     icm/HTTP/max_request_size_KB = 2097152
  This would need to be done in the sender/receiver system as well as XI.
  Otherwise you could try reproducing the issue and checking the dev_icm log in the work directory, or go to SMICM -> Goto -> Display trace file
  check for errors like NIECONN_REFUSED or "no service for protocol HTTPS" which can often be related to this type of issue.
  Kind regards,
  Sarah

• SOAP Sender with HTTP(with SSL)=HTTPS with Client Authentication config

  Hi All,
  I have a Web-service-XI-Proxy scenario where we use SOAP Sender Adapter with HTTPs.  Double authentication (client- server) sertificate shall be used.
  Testing simple HTTP and XI user name/password works fine.
  Now I installed requred sertificates in TrustedCA and ssl-provider in VIsualadmin.
  But i can't see how i can configure certificates in SOAP sender Adapter. I've just did SOAP receiver for another scenario and there I could give keystore entry.
  I also doesn't know how to disable asking for name/password.  I am using XI 7.0.
  Please advise.
  Thanks,
  Nataliya

  Hi Nataliya,
  Go to SOAP Adapter> Inbound Security Checks-> HTTP Security Level--> Here you can specify  option "HTTP with Client Authentication. 
  One more thing HTTP Security level option is always available in Sender Adapter.
  For more clarity about HTTPS find below link.
  http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/content.htm
  To enable the TrustedCA in SOAP Sender adapter. Go SOAP Sender> Security Parameter> Security Profile--> Web Service
  security. Then go to sender agreement there you need to give key store entry.

• Securing webaccess with ssl

  OK, I will admit right now I don't fully understand how
  webaccess and ssl works. In my current setup I used a
  self-signed key generated and stored in eDir. This key is
  used in httpd.conf like:
  SecureListen xxx.yyy.zzz.1:443 "SSL Certificate"
  I know have my freshly minted ssl cert (filename.crt) from
  my CA. GHow the heck do I use it. I have search the TIDs
  and Documentation with no luck, although I may not know
  exactly what to look for.
  Can someone either point me towards the correct docs or
  otherwise instruct on how to set this up???
  Much thanks, Chris.

  OK, figured this one out. What is confusing is that in the
  webaccess gateway there is an option to secure the gateway.
  To the unfamiliar this would be the spot to add the
  certificate. However, after doing more investigation I
  realized that the ssl connection to the user is handled by
  apache.
  Now the apache setup is fairly straight forward provided
  your CA issue you a certificate in pfx or p12 format. If
  they issue a PEM certificate, then you have some dancing to
  do. Luckily openssl helped here and I was able to convert
  the certificate to pfx.
  Chris
  >>> On 7/16/2009 at 11:55 AM, in message
  <4A5F15AB.CE15.0032.0@N0_$pam.vrapc.com>,
  Chris<cmosentine@N0_$pam.vrapc.com> wrote:
  > OK, I will admit right now I don't fully understand how
  > webaccess and ssl works. In my current setup I used a
  > self-signed key generated and stored in eDir. This key
  > is
  > used in httpd.conf like:
  >
  > SecureListen xxx.yyy.zzz.1:443 "SSL Certificate"
  >
  > I know have my freshly minted ssl cert (filename.crt)
  > from
  > my CA. GHow the heck do I use it. I have search the
  > TIDs
  > and Documentation with no luck, although I may not know
  > exactly what to look for.
  >
  > Can someone either point me towards the correct docs or
  > otherwise instruct on how to set this up???
  >
  > Much thanks, Chris.

• OHS Proxypass with SSL (https) issue.

  Hi,
  I have OHS setup as webserver which is protected by Webgate.
  After the Federation authentication, I proxypass to a load balancer url having SSL.
  If I proxy to regular http url of the server, it works fine but if I proxy to https load balancer url, it doesn't work.
  I see the following error in OHS error log.
  proxy: No protocol handler was valid for the URL /ofsso. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
  File does not exist: /opt/oim/ohs/Apache/Apache/htdocs/favicon.ico
  Please help on what I doing wrong. I did not create any new certificate, just using the default.
  <IfModule mod_ossl.c>
  AddType application/x-x509-ca-cert .crt
  AddType application/x-pkcs7-crl .crl
  SSLPassPhraseDialog builtin
  SSLSessionCache shmcb:logs\ssl_scache(512000)
  SSLSessionCacheTimeout 300
  SSLMutex sem
  SSLLog logs\ssl_engine_log
  SSLLogLevel warn
  <VirtualHost default:443>
            # General setup for the virtual host
            DocumentRoot "/opt/oim/ohs/Apache/Apache/htdocs"
            ServerName server
            ServerAdmin [email protected]
            ErrorLog logs/error_log
            TransferLog "logs/access_log"
            Port 443
            SSLEngine on
            SSLCipherSuite SSL_RSA_WITH_RC4_128_MD5:SSL_RSA_WITH_RC4_128_SHA:SSL_RSA_WITH_3DES_EDE_CBC_SHA:SSL_RSA_WITH_DES_CBC_SHA:SSL_RSA_EXPORT_WITH_RC4_40_MD5:SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
            SSLWallet file:/opt/oim/ohs/Apache/Apache/conf/ssl.wlt
            #SSLWalletPassword <wallet-password >
            #SSLCARevocationPath conf\ssl.crl
            SSLVerifyClient require
            SSLOptions FakeBasicAuth ExportCertData CompatEnvVars StrictRequire
  <Files ~ "\.(cgi|shtml)$">
       SSLOptions +StdEnvVars
  </Files>
  <Directory cgi-bin>
  SSLOptions +StdEnvVars
  </Directory>
            SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
            CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
  </VirtualHost>
  ProxyRequests On
  Listen 443
  </IfModule>
  <IfModule mod_proxy.c>
  ProxyRequests On
  <Directory *>
  Order Allow,Deny
  Allow From all
  </Directory>
  ProxyVia Full
  #ProxyPass / http://portal.domain.com:80/
  #ProxyPassReverse / http://portal.domain.com:80/
  ProxyPass / https://f5.domain.com:443/
  ProxyPassReverse / https://f5.domain.com:443/
  </IfModule>
  Edited by: pkoracle on Jun 1, 2009 10:21 AM

  Hi,
  I have the same problem. Were you able to resolve this.
  Regards,
  Rajesh K Ilango

• Need basic info how to run my servlet with SSL/http (I am using Tomcat 4.0.

  I have a servlet that gets a user id and password
  and query information from an HTML form
  and then writes back the answer to the query as a new web page. We want to
  make the transaction secure because it is customer confidential information.
  What do I need to do in my servlet to get it to run under SSL?
  (I am using Apache Tomcat 4.0 on WinNT and
  can use either JDK 1.2.2 or 1.3.1....)
  I know this is a very basic question, but what I'm reading does not
  make it clear to me what I have to do to my servlet code to use SSL, or
  whether the server and client do all the work "outside" my
  servlet code so that no changes to the servlet would be required(???).
  Can I use Tomcat 4.0 for SSL? Any help getting my head pointed in the right
  direction will be much appreciated. (You may reply to this forum or
  to my email: [email protected]
  Much thanks!

  When one follows this how-to, one got the following result:
  The same page, say xyz.html, can be accessed in two ways: one is from
  http://localhost:8080/xyz.html, and the other is from https://localhost:8443/xyz.html.
  How can one allow people to be only able to access from https://localhost:8443/xyz.html, to be not able to access from http://localhost:8080/xyz.html? There is one sentence mentioned some where that Servlet 2.4 specification can do this. But Servlet 2.4 specification would not provide any help. Any clue?

• Securing RDS with SSL certificate

  Hi, is it possible to lock down 2008 R2 RDS so that a user can only connect to the server via RDP if they have the appropriate SSL certificate installed on their PC?

  Hi,
  I´m looking for the same, there is no way to accomplish that even today with RDS from W2012 R2???

• Performance difference with SSL/HTTPS

  My company has an application deployed on two different servers. When using https, the faster server (more ram, faster CPU, newer version of Solaris) takes between 6 and 12 seconds longer to serve the same JSP. Both instances are hitting the same DB, using the same EJBs, same services, everything is the same. What could be the cause of this?

  Sounds like a configuration problem.
  Does a HelloWorld JSP have the same overhead?
  Is there web server in front of the slow server?
  Is the problems erver clustered?
  Is there a hardware load balancer in front of the problem server?
  Is there a DNS misconfig?
  If you tail logs when you hit the server does the request arrive
  immediately?
  Peter
  "jason" <[email protected]> wrote in message
  news:[email protected]..
  >
  I'm sorry. I did not word my previous post correctly.
  When using SSL, the more powerful of the two servers is 6 seconds slowerthan the
  less powerful of the two servers.
  Srikant Subramaniam <[email protected]> wrote:
  If I read this correctly, there is a difference in performance when using
  https.
  This is expected ... due to the overhead of SSL
  Jason wrote:
  My company has an application deployed on two different servers. Whenusing https, the faster server (more ram, faster CPU, newer version of
  Solaris) takes between 6 and 12 seconds longer to serve the same JSP.
  Both
  instances are hitting the same DB, using the same EJBs, same services,
  everything is the same. What could be the cause of this?

• BingMaps not showing with SSL certificate

  I have recently added SSL certificate to the server for the website I am developing.
  I changed my applications to use  https from http.
  <script type="text/javascript" src="https://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=7.0">
  After changing it from http to https, it is showing a blank page in place of map. The error it says is 
  This page is trying to load scripts from unauthenticated sources
  I had to click on the right top corner shield and allow the browser to run unsafe scripts to get the bingmaps to show up.
  Any ideas on how I can resolve it. I am using ASP.NEt, C#, Javascript and jQuery.
  Thanks in advance.
  Nate

  I had to add &s=1 to run the BingMaps in secure mode
  so, we should use following link to run the bing maps with SSL.
  https://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=7.0&s=1
  Thanks
  Nate

• RDS - External connections only for those with SSL Certifcate - how to accomplish that?

  Hi,
  we have a lot of partners for sales purposes and they need connect to our servers due to ERP access and then input 'sales order' and etc; there is a way to only accept connections from Computers/Tablets with enabled/installed an specific SSL?
  If so, should we buy SSL from a valid external C.A for the server and clients? or just for Clients? or just for the server?
  * I found similiar question but too old: https://social.technet.microsoft.com/Forums/windowsserver/en-US/a254f1d0-43dd-4be3-8fe5-90f9fc97904a/securing-rds-with-ssl-certificate?forum=winserverTS#0f663d6e-aa58-4ad0-a315-b88bb3ec8c27
  tks,
  Renato P

  Hi,
  If you are looking to connect to a particular PC on your home network from outside then follow the steps
  There are six steps you'll need to follow to set this up. Each one is explained in detail below.
  Allow remote connections to the computer you want to access.
  Make sure Remote Desktop is able to communicate through your firewall.
  Find the IP address of the computer on your home network that you want to connect to.
  Open your router's configuration screen and forward TCP port 3389 to the destination computer's IP address.
  Find your router's public IP address so that Remote Desktop can find it on the Internet.
  Open Remote Desktop Connection and connect.(Type in your public IP + the forwarded port to acces the desired PC- public IP : port  )
  If you have already done this and all you want is to decide who access it then give user permission in
  Remote Desktop Users Group.
  Apart using SSL cert you can limit the user access using your firewall/router.
  SSL certificate is required for your server alone.

• REDUNDANT ACE 20 WITH SSL CERTIFICATE

  Hi
  I have an ACE 20 redundant infrastructure (Active-Standby),and  it´s needed to implement a secure aplication with SSL certificate.
  The question I have is, for this solution is neccesary to generate a digital certificate and key  for each ACE module? and, It´s is possible to use the same certificate and key in both ACE modules?
  Thanks for your help.
  Regards

  Ricardo,
  You can just the same certificates for both devices.
  Jorge

• How to configure Oracle 10g Advanced Security to use SSL concurrently with

  How to configure Oracle 10g Advanced Security to use SSL concurrently with database User names and passwords
  In Oracle Advanced Security Documentation it is mentioned that i can use SSL concurrently with DB user names and passwords. But when i configure the client certificate on the client my DB connection is getting authenticated using the certificate, which out passing user id or password.
  We want to connect to Oracle DB over SSL channel so that the data packets are not in clear text. Also we want the user to make a connection using user id and password.
  Basically we want SSL with out authentication.
  Need your expert advice

  Read the documentation (I have given following links assuming you are running a 32 bit architecture)
  Server installations:
  http://www.oracle.com/pls/db102/to_toc?pathname=install.102%2Fb14316%2Ftoc.htm&remark=portal+%28Books%29
  Client installations:
  http://www.oracle.com/pls/db102/to_toc?pathname=install.102%2Fb14312%2Ftoc.htm&remark=portal+%28Books%29
  You can find the required books (if not using 32 bit architecture) from
  http://www.oracle.com/pls/db102/portal.portal_db?selected=3

• Error: [NQSError:13037] cannot connect to BI security service,Please make sure this is running properly (with SSL or not) in EM

  Hi,
  Im unable to open the RPD online  getting following error.
  Note: Im not done any changes. Its works good till yesterday EOD.
  Error:
  [NQSError:13037] cannot connect to BI security service,Please make sure this is running properly (with SSL or not) in EM.
  [NQSError:37001] could not connect to the oracle BI server instance..
  Kindly help me to fix this issue.

  Hi,
  Could you access the answer side.
  Could you see the reports.
  Do one thing, take a back up of NQS config file from <Oracle Location>\instance\instance1\config\obiserver folder\nqsconfig.ini file.
  Copy nqs config file if you have already have a back up.
  Restart the services and try once.
  http://mkashu.blogspot.com
  Regards,
  VG