Securing webaccess with ssl

Similar Messages

• Securing Portal with SSL/https

  Has anyone successfully setup oracle portal 9.0.2 on solaris running all over secure sockets for both login/server and portal ?
  I've followed the otn documentation but i'm still having problems with gettin portal to work with https.
  It's driving me insane!! please help with any suggestions.
  Kind Regards
  Neil

  Hi,
  We did the following steps and it working :)
  Assuming that HTTPS is correctly working and without security aspects.
  Assuming that the HTTPS is 443
  1) configure Webcache to work on port 443 and link it to the 4444 port of Apache
  1) configure SSO
  I directly change in WWSEC_ENABLER_CONFIG_INFO$ LS_LOGIN_URL to the https URL
  the LSNR_TOKEN has to be like 'myhost' and not 'myhost:port'
  2) Login to SSO and update the HOME, SUCCESS and CANCEL URL of SSO
  to https
  3) register mod_osso against the new SSO Server
  4) register the portal using ptlasst
  (if possible remove the already installed portal)
  beware You might have big trouble with groups you have created.
  5) Add in ORACLE_HOME\j2ee\OC4J_Portal\applications\portal\WEB-INF\web.xml
  <init-param>
  <param-name>httpsports<param-name>
  <param-value>443:4444</param-value>
  </init-param>
  That is it !!!!
  You have also to protect some URL with SSL and
  to redefine some virtual path
  The best test is to stop WebCache to liste http port
  Have fun
  Philippe Camelio
  SysAdmin

• Securing RDS with SSL certificate

  Hi, is it possible to lock down 2008 R2 RDS so that a user can only connect to the server via RDP if they have the appropriate SSL certificate installed on their PC?

  Hi,
  I´m looking for the same, there is no way to accomplish that even today with RDS from W2012 R2???

• REDUNDANT ACE 20 WITH SSL CERTIFICATE

  Hi
  I have an ACE 20 redundant infrastructure (Active-Standby),and  it´s needed to implement a secure aplication with SSL certificate.
  The question I have is, for this solution is neccesary to generate a digital certificate and key  for each ACE module? and, It´s is possible to use the same certificate and key in both ACE modules?
  Thanks for your help.
  Regards

  Ricardo,
  You can just the same certificates for both devices.
  Jorge

• RDS - External connections only for those with SSL Certifcate - how to accomplish that?

  Hi,
  we have a lot of partners for sales purposes and they need connect to our servers due to ERP access and then input 'sales order' and etc; there is a way to only accept connections from Computers/Tablets with enabled/installed an specific SSL?
  If so, should we buy SSL from a valid external C.A for the server and clients? or just for Clients? or just for the server?
  * I found similiar question but too old: https://social.technet.microsoft.com/Forums/windowsserver/en-US/a254f1d0-43dd-4be3-8fe5-90f9fc97904a/securing-rds-with-ssl-certificate?forum=winserverTS#0f663d6e-aa58-4ad0-a315-b88bb3ec8c27
  tks,
  Renato P

  Hi,
  If you are looking to connect to a particular PC on your home network from outside then follow the steps
  There are six steps you'll need to follow to set this up. Each one is explained in detail below.
  Allow remote connections to the computer you want to access.
  Make sure Remote Desktop is able to communicate through your firewall.
  Find the IP address of the computer on your home network that you want to connect to.
  Open your router's configuration screen and forward TCP port 3389 to the destination computer's IP address.
  Find your router's public IP address so that Remote Desktop can find it on the Internet.
  Open Remote Desktop Connection and connect.(Type in your public IP + the forwarded port to acces the desired PC- public IP : port  )
  If you have already done this and all you want is to decide who access it then give user permission in
  Remote Desktop Users Group.
  Apart using SSL cert you can limit the user access using your firewall/router.
  SSL certificate is required for your server alone.

• How to configure Oracle 10g Advanced Security to use SSL concurrently with

  How to configure Oracle 10g Advanced Security to use SSL concurrently with database User names and passwords
  In Oracle Advanced Security Documentation it is mentioned that i can use SSL concurrently with DB user names and passwords. But when i configure the client certificate on the client my DB connection is getting authenticated using the certificate, which out passing user id or password.
  We want to connect to Oracle DB over SSL channel so that the data packets are not in clear text. Also we want the user to make a connection using user id and password.
  Basically we want SSL with out authentication.
  Need your expert advice

  Read the documentation (I have given following links assuming you are running a 32 bit architecture)
  Server installations:
  http://www.oracle.com/pls/db102/to_toc?pathname=install.102%2Fb14316%2Ftoc.htm&remark=portal+%28Books%29
  Client installations:
  http://www.oracle.com/pls/db102/to_toc?pathname=install.102%2Fb14312%2Ftoc.htm&remark=portal+%28Books%29
  You can find the required books (if not using 32 bit architecture) from
  http://www.oracle.com/pls/db102/portal.portal_db?selected=3

• Error: [NQSError:13037] cannot connect to BI security service,Please make sure this is running properly (with SSL or not) in EM

  Hi,
  Im unable to open the RPD online  getting following error.
  Note: Im not done any changes. Its works good till yesterday EOD.
  Error:
  [NQSError:13037] cannot connect to BI security service,Please make sure this is running properly (with SSL or not) in EM.
  [NQSError:37001] could not connect to the oracle BI server instance..
  Kindly help me to fix this issue.

  Hi,
  Could you access the answer side.
  Could you see the reports.
  Do one thing, take a back up of NQS config file from <Oracle Location>\instance\instance1\config\obiserver folder\nqsconfig.ini file.
  Copy nqs config file if you have already have a back up.
  Restart the services and try once.
  http://mkashu.blogspot.com
  Regards,
  VG

• Could not establish trust relationship for the SSL/TLS secure channel with authority

  Hello everyone, I need to establish a connection between my HTTPS WCF hosted in Windows Azure Web Role and my Windows Store App Client. The service is actually exposed for testing purposes using a self-signed certificate.
  I have installed the certificate in Personal and Trusted Root Certification Authorities in Current User and Local Manchine.
  In the Windows Store App, I create the service reference pointing to the cloud https service, then edit the manifest and create a new declaration to Add a New Certificate, I checked Exclusive Trust and Auto select, pointing to Root storage name and
  my self-signed certificate.cer.
  The result is the following exception in the IntelliTrace stack:
  Exception:Caught: "The remote certificate is invalid according to the validation procedure." (System.Security.Authentication.AuthenticationException)
  A System.Security.Authentication.AuthenticationException was caught: "The remote certificate is invalid according to the validation procedure."
  Time: 19/01/2015 04:42:33 p. m.
  Thread:Worker Thread[17080]
  Exception:Thrown: "Could not establish trust relationship for the SSL/TLS secure channel with authority 'appchallengewhi.cloudapp.net'." (System.ServiceModel.Security.SecurityNegotiationException)
  A System.ServiceModel.Security.SecurityNegotiationException was thrown: "Could not establish trust relationship for the SSL/TLS secure channel with authority 'appchallengewhi.cloudapp.net'."
  Time: 19/01/2015 04:42:34 p. m.
  Thread:Worker Thread[17080]
  Appreciate any help, to solve this with the approach of WCF Service Reference in Windows Store App.
  Note:
  If I call the HTTPS service using a Console App it works very good using the following the code:
  ChannelFactory<IAgentService> factory = new ChannelFactory<IAgentService>("basicHttpBinding_IAgentService");
  ServicePointManager.ServerCertificateValidationCallback = (sender, cert, chain, error) => true;
  IAgentService wcfProxy = factory.CreateChannel();
  Thanks in advance,
  RC

  Maybe not implemented.
  https://social.msdn.microsoft.com/Forums/windowsapps/en-US/2dab2818-8f4c-4474-a7a1-db2cbfb40d40/accepting-client-certificate-for-https-connections?forum=winappswithcsharp

• Could not establish trust relationship for the SSL/TLS secure channel with authority SharePoint ssis connectors

  Hi All,
  I am using SharePoint List Connectors to load the data from Sharepoint list to  Sql server.
  I have created an ssis package and attached to the SQL agent job in works fine
  SharePoint Source dev url : http://company.dev.com (working fine)(http)
  DB server:(server\instance)
  I thought all i good and can test with the uat sharepoint url.
  I have changed the configuration url yo point to uat.(https)
  SharePoint Source dev url : https://companyuat.dev.com (working fine)
  DB server:(server\instance)
  Suddently it fails when  with the following error:
  In both the cases i am running the agent job from the same db server
  DB server:(server\instance)
  Error Message:
  Could not establish trust relationship for the SSL/TLS secure channel with authority 'companyuat.dev.com'. --->  System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
  ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
  Source: Data Flow Task SharePoint List Source [1] Description: System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority 'companyuat.dev.com'. ---> System.Net.WebException:
  The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.  
  Is there is workaround to reslove this?Any inputs highly appreciated as it is time to move to production :(.
  Thanks
  Ravi
  Ravi

  This is the important error: The remote certificate is invalid according to the validation procedure.
  Your SharePoint server certificate is invalid. You have to either correct your certificate or make your SSIS client machine explicitly trust the server certificate.
  SSIS Tasks Components Scripts Services | http://www.cozyroc.com/

• The full exception text is: Could not establish trust relationship for the SSL/TLS secure channel with authority :32844'.

  Hi I am getting this error,
  The Secure Store Service application Secure Store Service is not accessible
  The full exception text is: Could not establish trust relationship for the SSL/TLS secure channel with authority 'sp:32844'.
  Any help will be appreciated

  You may need to add the SSL to the SharePoint Trusted Root Authority.Get the root cert for the site you are securing with HTTPS/SSL and add in SharePoint Trusted Root Authority. As explained here -
  https://social.technet.microsoft.com/Forums/office/en-US/2aed19c6-24df-4646-b946-f4365a05e32f/secure-store-service-stops-working-once-or-twice-every-day-could-not-establish-trust-relationship?forum=sharepointadmin
  http://brainlitter.com/2012/03/13/sharepoint-2010-and-cert-trust-could-not-establish-trust-relationship-for-the-ssltls-secure-channel/
  Thanks
  Ganesh Jat [My Blog |
  LinkedIn | Twitter ]
  Please click 'Mark As Answer' if a post solves your problem or 'Vote As Helpful' if it was useful.

• Importing external web service with SSL certificate security

  Hello,
  I'm trying to import an external web service (that resides in another server, independent of ours). However, right after I enter the WSDL in the import window I get the following error in the NWDS:
  sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target      [Error: com.sap.ide.es.core.ui.internal.wizards.fragments  Thread[ModalContext,6,main]]
  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649)
            at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
            at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
            at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
            at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
            at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
            at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
            at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1172)
            at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
            at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.getURLAsStream(UrlValidationRunnable.java:137)
            at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.validate(UrlValidationRunnable.java:75)
            at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.run(UrlValidationRunnable.java:55)
            at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
  Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
            at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
            at sun.security.validator.Validator.validate(Validator.java:218)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
            ... 15 more
  Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
            at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
            at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
            ... 21 more
  Has anyone ever consumed an external web service with SSL certificate security? How do you import this in your Web Dynpro project?
  Cheers!

  Hi Alain,
  I just checked on a newer NW environment (NW 7.2) and was presented an empty list as well... It seems the mapping procedure I described is deprecated since NW 7.11, and the modeled CAF application service is already exposed as a web service.
  You may want to have a look at http://help.sap.com/saphelp_nwce711/helpdata/en/43/f173947bbb025be10000000a1553f7/content.htm or http://scn.sap.com/message/7852996 for more info

• Securing SQL Server 2012 Azure VM with SSL - Help!!!

  Hello all,
  I am trying to encrypt with SSL my SQL server 2012 Azure VM; I have created the cert and I can see it in cert mgr but when I go to SQL config MGR -protocols for MSSQLSERVER to setup the encryption, the certificate tab contains no certificates :(
  this is so annoying please can someone help me with this?
  Thanks so much,
  BN.

  Also, I am getting the following error whilst connecting to the Azure VM client side via SQL management studio:
  “The certificate chain was issued by an authority that is not trusted”
  I can get around this by specifying "TrustServerCertificate=True" in the connection string; what is causing this and should I be alarmed? can this be resolved?
  Hi ,
  According to your error message, When the SQL Server instance has only a self-signed certificate, the encrypt property is set to true and the trustServerCertificate property is set to true. There is an similar issue about SqlException (0x80131904), you can
  review the following post.
  http://stackoverflow.com/questions/17615260/the-certificate-chain-was-issued-by-an-authority-that-is-not-trusted-when-conn
  In addition, there is detail about writing secure connection strings for SQL Database in Windows Azure, you can review it.
  http://social.technet.microsoft.com/wiki/contents/articles/2951.windows-azure-sql-database-connection-security.aspx
  Regards,
  Sofiya Li
  Sofiya Li
  TechNet Community Support

• In Formscentral: is the form SECURE with SSL even if my existing website does not have SSL?

  I plan to embed my new form with html into my existing website. My website does not have SSL. I would like my new form to be SSL secure (will have credit card numbers.) Will the upgraded plan provide this security?

  When a form is embedded the submission is protected with SSL. You shouldn't collect credit card information using FormsCentral because the service is not PCI compliant. You should instead use our new integration with PayPal - it supports credit cards and paypal account payments. The credit card info is processed by paypal and they are PCI compliant.
  Here is a tutorial on the new payments features: http://forums.adobe.com/docs/DOC-1632

• How to fix this problem? Secure Connection Failed, SSL received a record with an incorrect Message Authentication Code. (Error code: ssl_error_bad_mac_read)

  Secure Connection Failed
  SSL received a record with an incorrect Message Authentication Code. (Error code: ssl_error_bad_mac_read)
  I have been receiving this error message recently when I tried to access school elearning websites and other school related websites, I have also tried on internet explorer and it shows page cannot be displayed. I have been trying the available solutions to solve it but none of them work. Is there alternative solutions available? Please advise. Thanks.

  It works after I disabled IPv6 in Firefox. Thank you for your help :)

• Servlet security with SSL

  Hello All,
  I am fairly knew to Java and Tomcat etc as I came from a non Java\Tomcat previous role but have inherited a project which is a Java servlet (Java 1.6.0.29) running on Windows with Tomcat (Tomcat 7) as the container. The servlet communicates with both an Oracle database on a Unix server and a SQL server database on a Windows server. I now require to secure the communication with the SQL Server database using SSL (Two way communication) and would really like some straight forward guidance on how to do this, i.e. what exactly do I do?
  I ask this because there is a lot of information on the Tomcat website and other web sites but I find it becomes very ambiguous and confusing. They mostly talk about setting up a Keystore for the root certificate on the server and then say nothing about the "client". In my servlets situation the server hosting the SQL server is the "server" and the server hosting the servlet is the "client". The server hosting the servlet ("the client") already has a keystore set up on it to handle the encryption to the Oracle database and a entry to suit in the Tomcat server.xml file.
  Any assistance would be greatly appreciated. I am really stuck with this
  Thank you in advance
  Alanjo

  On 01/14/2014 06:11 AM, Alan Farroll wrote:
  > Hi all,
  >
  > I could not find a more appropriate forum in Eclipse for this question
  > so have placed it in newcomers as I am still quite new to Java\Eclipse
  >
  > We are working on a Java servlet application that involves security with
  > SSL to allow the servlet to run from a server outside our firewall and
  > interrogate databases inside our firewall. It runs on Tomcat 7 and built
  > on Java 1.6.0.29
  >
  > We have had no problems running the servlet on the Test server within
  > the firewall but when running on the Live server outside the firewall
  > the SoapUI request returns nothing and the current Tomcat log error is
  > "java.lang.RuntimeException: Could not generate dummy secret"
  >
  > The problems seem to be with the jce.jar and the sunJCE_provider.jar.
  >
  > Has anybody any assistance they could provide please.
  >
  > Thanks in advance
  >
  > AJF
  The live server doesn't have access to the right JARs? Maybe this will help?
  http://www.javahotchocolate.com/notes/jce-policy.html