Servlet as client ssl connection

Similar Messages

• Monitoring SSL-connections on CSS11501

  Hi!
  The question is: can I log/debug on CSS any detailed info concerning particular client SSL-connection (i.e. user-agent, client certificate info, etc). I know I can enable ACL logging but it is not enough for us. For example, we need to see what client has been connected (i.e. we want to check some fields in certificate). I know about http header insertion but we have non-http SSL-traffic so it doesn't suit us.
  Thank you in advance.
  Regards, Amir.

  Gilles, thank you and excuse me for the late response.
  But may be cisco has a similat product with this capability (may be ACE appliance)?
  Regards, Amir

• Establish SSL connection to Oracle Instance w/JDBC Thin Client

  Hello all,
  I am writing a monitoring utility that will allow me to establish connections to both Oracle instances and LDAP repositories and query them to determine that they are up and running. My utility consists of a number of objects that handle connections to the LDAP and Oracle instances. I need to be able to do SSL and non-SSL connections to said instances.
  My issue is this: I am able to do SSL and non-SSL to LDAP, and non-SSL to an Oracle instance. I am having problems, though, establishing an SSL connection to an Oracle instance (I am using the thin client). Whenever I try, a SQLException is thrown that states: "Encountered a problem with the secret store. Check the wallet location for the presense of an <b>open</b> wallet (cwallet.sso) and ensure that the wallet contains the correct credentials..."
  Ok, a little background for those who may need it. Oracle uses a wallet to hold certs that allow SSL connections. I have a wallet on my box, and, from the command line, I am able to sqlplus into and tnsping the appropriate Oracle instances, so I know it is setup properly. The inability to connect only occurs in my code. My code looks like this:
  DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
  Security.addProvider(new oracle.security.pki.OraclePKIProvider());
  /*Setup connection properties*/
  String connectionString = "testbox01:1000:ssl_instances_name";
  String userName = "userName";
  String pwd = "password";
  Properties props = new Properties();
  props.put("oracle.net.ssl_version", 3.0");
  props.put("oracle.net.wallet_location", "SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=c:\\wallet)))");
  props.put("oracle.net.ssl_cipher_suites", "ssl cipher suites");
  props.put("oracle.net.ssl_server_dn_match", "FALSE");
  props.put("oracle.net.ssl_client_authentication", "true");
  /*Do connection and return connection object
  OracleDataSource ods = new OracleDataSource();
  ods.setUser(userName);
  ods.setPassword(pwd);
  ods.setUrl("jdbc:oracle:thin:@" + connectionString);
  ods.setConnectionProperties(props);
  Connection conn = ods.getConnection(); <---This is where code errors out with SQLException described above.
  return conn;
  And that's pretty much it. Anyone have any ideas?

  Ok, that looked horrible. Let's try this again:<br>
  <br>
  I am writing a monitoring utility that will allow me to establish connections to both Oracle instances and LDAP repositories and query them to determine that they are up and running. My utility consists of a number of objects that handle connections to the LDAP and Oracle instances. I need to be able to do SSL and non-SSL connections to said instances.<br>
  <br>
  My issue is this: I am able to do SSL and non-SSL to LDAP, and non-SSL to an Oracle instance. I am having problems, though, establishing an SSL connection to an Oracle instance. Whenever I try, a SQLException is thrown that states: "Encountered a problem with the secret store. Check the wallet location for the presense of an <b>open</b> wallet (cwallet.sso) and ensure that the wallet contains the correct credentials..."<br>
  <br>
  Ok, a little background for those who may need it. Oracle uses a wallet to hold certs that allow SSL connections. I have a wallet on my box, and, from the command line, I am able to sqlplus into and tnsping the appropriate Oracle instances, so I know it is setup properly. The inability to connect only occurs in my code. My code looks like this:<br>
  <br>
  *****<br>
  <br>
  DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());<br>
  Security.addProvider(new oracle.security.pki.OraclePKIProvider());<br>
  <br>
  /*Setup connection properties*/<br>
  <br>
  String connectionString = "testbox01:1000:ssl_instances_name";<br>
  String userName = "userName";<br>
  String pwd = "password";<br>
  <br>
  Properties props = new Properties();<br>
  props.put("oracle.net.ssl_version", 3.0");<br>
  props.put("oracle.net.wallet_location", "SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=c:\\wallet)))");<br>
  props.put("oracle.net.ssl_cipher_suites", "ssl cipher suites");<br>
  props.put("oracle.net.ssl_server_dn_match", "FALSE");<br>
  props.put("oracle.net.ssl_client_authentication", "true");<br>
  <br>
  /*Do connection and return connection object*/<br>
  OracleDataSource ods = new OracleDataSource();<br>
  ods.setUser(userName);<br>
  ods.setPassword(pwd);<br>
  ods.setUrl("jdbc:oracle:thin:@" + connectionString);<br>
  ods.setConnectionProperties(props);<br>
  <br>
  Connection conn = ods.getConnection(); <---This is where code errors out with SQLException described above.<br>
  <br>
  return conn;<br>
  <br>
  *****<br>
  <br>
  And that's pretty much it. Anyone have any ideas?<br>

• OD SSL Connection from 10.7 Client to 10.6.8 Server Not Working

  We have an existing Open Directory running on a 10.6.8 Xserve in which we have all our client OS X computers using as their authentication/authorization server. Clients are a mix of 10.5 and 10.6. We have the clients configured to connect to the server via an SSL LDAP connection. The SSL LDAP connection is a policy requirement so we can’t use a non-SSL connection. We have tried 3 different 10.7 client computers and none of them have been able to connect to the OD server via SSL. A non-SSL connection works. When we check off the box to enable an SSL OD connection in the 10.7 Directory Utility app the OD connection stops working. We get a red status indicator for the OD server connection like you get when the client can’t communicate to the OD server. Any OD lookup I try in the terminal against the OD server fails, confirming the computer’s inability to “talk” to our OD server. I ran a packet sniffer and I can see that a 10.7 client computer configured to use SSL never attempts to connect to the OD server using the LDAP SSL port of 636. I only see the client attempting to connect to the non-SSL LDAP port 389 on the server. I have already tried the usual of repair permissions, rebooting, reinstalling. We have been able to follow this Apple support doc in the past to get this to work with 10.5 and10.6 clients but the instructions don’t appear to work with 10.7 clients:
  http://support.apple.com/kb/HT4183
  Can anyone else confirm an SSL LDAP connection between a 10.7 client computer to a 10.6.8 OD server does not work? Has anyone even gotten this setup to work?

  Martin,
  That was the link the OP used that didn't work for him.
  I haven't heard from James, but I solved my problem using both this support article:
  http://support.apple.com/kb/TS3861
  and my own black magic:
  http://groups.google.com/group/macenterprise/msg/0a5f8c0725e9bfdd
  --Francis

• Configure OWA to require a client ssl certificate only for external connection

  Hello.
  At now i migrated OWA client from Exchange 2003 to Exchange 2010 and faced with a problem.
  I want to then external client (somebody like user from home PC) connect to Outlook Web App, client certificate will be required.
  But then client connect (somebody from work PC) to internal Outlook Web App Url, Integrate Windows Auth will be used and client ssl certificate not required.
  Is it possible? Or i need to enable Outlook Anywhere?

  Hi,
  Base on my konwledge, I don't think it is possible.
  When you install Exchange 2003, only one Default Web Site in Internet Information Services (IIS). if you change the authentication method and enable SSL on OWA, client ssl certificate always be required whether it's external or internal.
  I recommend you refer to the following articles:
  http://www.msexchange.org/articles-tutorials/exchange-server-2003/mobility-client-access/Securing-Exchange-Server-2003-Outlook-Web-Access-Chapter5.html
  http://www.msexchange.org/articles-tutorials/exchange-server-2003/security-message-hygiene/SSL_Enabling_OWA_2003.html
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft.
  Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
  Thanks.
  Niko Cheng
  TechNet Community Support

• SSL: Connection reset by peer ; Failed to enable crypto error while calling the report using bing API with SOAP client

  Hi,
  I am trying to fetch report using bing API and making a SOAP call for fetching the data. I get the following error:
  [Warning] fopen(): SSL: Connection reset by peer [file] /var/www/sites/psmedia/perfectstormmedia/tools/class/msn_api.class.php [line] 780
  02-04-2015 10:17:41 (BST) : [Warning] fopen(): Failed to enable crypto [file] /var/www/sites/psmedia/perfectstormmedia/tools/class/msn_api.class.php [line] 780
  02-04-2015 10:17:41 (BST) : [Warning] fopen(https://download.api.bingads.microsoft.com/ReportDownload/Download.aspx?q=rzr63XFt5qJduddohoIRyOYAP%2f1%2ftsnhk8L%2bzBmUpdU2CQlcUB98RpY%2bbOaLFFGMqAC4IUUadC%2fNdNnJqeVCY%2f%2bpy6noVsVA%2fMJp47a3Xb1VjABfKhcdKy6vqpgEdcQg%2fQZ7QcEpZ3bEloJjUtGpDquFk53BnkeHEPVWZkDYcsQegRz%2fpG4t4w6gKCCRmhArd6osr6ZU9CMJ3lbxtGXjcQEMPvP2apNyr9P%2fc8niyfWA2aBcm1aEmOLX2KL3aRJ4rz9N7gG7uBslVZH%2b4rUjHdB7CMkbb%2fHyHwvPTqGPbPCHnicefr%2b%2fDP70hlkBEGfyOOswK67%2bl1zh7CyIv%2bcMlaDsuDX1HeFf4uORfD41H1z7):
  failed to open stream: operation failed [file] /var/www/sites/psmedia/perfectstormmedia/tools/class/msn_api.class.php [line] 780
  Whenever I execute my script. Can you please let me know what we can do to solve this issue. The version of PHP we are using is 5.3.3 with open ssl. 

  Hi Shobha,
  I can't confirm what version of PHP you are using, but to err on the side of caution please use the version specified in the sample/SDK:
  PHP 5.4.14 has been installed from PHP.
  Here is our code examples:
  https://msdn.microsoft.com/en-US/library/bing-ads-overview-getting-started-php-with-web-services.aspx
  Thanks,
  Itai

• Poor performance in establishing an SSL connection

  Hi,
  i have a Servlet (loaded on Tomcat 4.1) that establishes a SSL Connection to a remote server. The issue is, is that the connection phase takes over 4 seconds to complete!
  heres the function where the problem shows
  public SSLSocket getSocket()
  throws NoSuchAlgorithmException, KeyStoreException, FileNotFoundException,
  IOException, KeyManagementException, CertificateException,
  UnrecoverableKeyException
  * Set up a key manager for client authentication if asked by the server.
  SSLSocketFactory factory = null;
  SSLContext ctx;
  KeyManagerFactory kmf;
  KeyStore ks;
  // Set the SSL Context to TLS (required for Client certs).
  ctx = SSLContext.getInstance("TLS");
  kmf = KeyManagerFactory.getInstance("SunX509");
  ks = KeyStore.getInstance(ksType);
  // Load in the KeyStore.
  ks.load(new FileInputStream(ksLoc), ksPassphrase);
  kmf.init(ks, ksPassphrase);
  // Generate some random data.
  SecureRandom sr = new SecureRandom();
  sr.nextInt();
  // Initialise the SSL with the random data.
  ctx.init(kmf.getKeyManagers(), null, sr);
  factory = ctx.getSocketFactory();
  * Open the Socket to the SSL server. from this point we can treat
  * it like and nomal Socket
  SSLSocket socket = (SSLSocket)factory.createSocket(servHost, servPort);
  // Force the handshake
  socket.startHandshake();
  // Return the now open SSLSocket to the caller.
  return socket;
  the problematic line is:
  SSLSocket socket = (SSLSocket)factory.createSocket(servHost, servPort);
  it takes about 4.5 - 5.0 seconds to return. The remote server is based on the same LAN as this Servlet and so network lag should not be an issue (im accessing via 10.xx ip too)
  Can anyone help me in determining why this takes so long?
  Thanks !
  Darren.

  First, try by removing the line which says:
  socket.startHandshake();because the handshake will be initiated by the socket upon creation.
  If you are using JDK v1.4.1 I've seen some SSL performance issues when stablishing the connection, so I returned to my old JDK 1.3.1.
  Also be sure to create the factory in the servlet init() method because it has no sense to recreate the factory in every request as long as it uses the same KeyManager.
  HTH

• Wls6 outgoing ssl connections...

  We're trying to setup an outgoing ssl connection essentially from a servlet
  (jsp).
  We've developed the "client" code using jsse and
  it works fine in standalone mode. When we call
  it from within a weblogic servlet (actually a jsp), the
  SSL handshake takes place, but we get a certificate
  not valid exception. It appears to be saying that the CA cert
  for the server we are trying to connect to is expired.
  The connection is like this...
  WLS6, a jsp --> ssl ---> netscape web server.
  The netscape web server has a valid unexpired
  verisign cert. The CA for that cert is valid till 2010.
  This is all verified by using IE to connect to the
  netscape server.
  It appears that WLS6 is keeping a store of CA certs
  somewhere. We've checked the certs in
  java_home/jre/lib/security/cacerts and there is a
  valid ca cert for the netscape cert. Anyone have
  any idea where WLS6 keeps it ca certs for outgoing
  connections?
  Here is the stack trace...
  (thanks)
  java.io.IOException: Certificate not valid:
  fingerprint = 115632b0c42739458d5cf441895f1c72, not before = Wed Nov 09
  15:54:17 PST 1994, not after = Fri Dec 31 15:54:17 PST 1999, holder = C=US
  O=RSA Data Security, Inc. OU=Secure Server Certification Authority , issuer
  = C=US O=RSA Data Security, Inc. OU=Secure Server Certification Authority ,
  key = modulus length=126 exponent length=3
  at
  weblogic.security.SSL.SSLCertificate.verify(SSLCertificate.java:143)
  at
  weblogic.security.SSL.SSLCertificate.input(SSLCertificate.java:117)
  at weblogic.security.SSL.Handshake.input(Handshake.java:114)
  at weblogic.security.SSL.SSLSocket.getHandshake(SSLSocket.java:1019)
  at weblogic.security.SSL.SSLSocket.clientInit(SSLSocket.java:383)
  at weblogic.security.SSL.SSLSocket.initialize(SSLSocket.java:245)
  at weblogic.security.SSL.SSLSocket.<init>(SSLSocket.java:194)
  at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:45)
  at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:156)
  at weblogic.net.http.HttpClient.<init>(HttpClient.java:85)
  at weblogic.net.http.HttpsClient.<init>(HttpsClient.java:34)
  at weblogic.net.http.HttpClient.New(HttpClient.java:119)
  at
  weblogic.net.http.HttpURLConnection.connect(HttpURLConnection.java:99)
  at
  test.httptools.MiniHttpClient.setupConnection(MiniHttpClient.java:281)
  at test.httptools.MiniHttpClient.openURL(MiniHttpClient.java:294)
  at com.bridgespan.dhs.DhsStatus.post(DhsStatus.java:203)
  at com.bridgespan.dhs.DhsStatus.updateLoanStatus(DhsStatus.java:151)
  at jsp_servlet._dhsstatus._jspService(_dhsstatus.java:91)
  at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
  at
  weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
  :213)
  at
  weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
  ntext.java:1265)
  at
  weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
  :1631)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)

  Hi,
  I also need to do the same in weblogic 5.1 (sp8). I know
  it is not possible with JSSE, but how do I achieve with
  weblogic implementation of Https? I am getting "Non
  supported cipher requested" error. How do I remove this message. It will be
  of great help if someone can list
  down the configuration step in weblogic. I am trying
  to find it in weblogic documentation but no success so far.
  Thanks in advance for your help!
  - Rishi
  "Jerry" <[email protected]> wrote in message
  news:[email protected]..
  Hi Nuno,
  I don't think that you can use JSSE to make outgoing SSL connections inWLS 4.5.1 because
  of the many conflicts between JSSE and the WLS SSL classes
  In versions of 5.1 (such as sp9 and up), and also 6.0 and 6.1, BEA gotrid of these
  conflicts to make the use of JSSE possible with WebLogic to do outgoingSSL.
  In 4.5.1, I believe you are out of luck.
  Joe Jerry
  Nuno Carvalho wrote:
  Hi,
  Does anyone know how to create outgoing SSL connections from a WLS 4.5.1
  using
  JSSE.
  I've implemented an application using JSSE for POSTing data to an HTTPSserver
  that requires client authentication and it worked fine. But when usedinside the
  WebLogic server it doesn't work, because the WLS SSL classes are usedinstead
  of the JSSE ones. It returns a "java.io.IOException: Alert: fatalhandshake_failure".
  If the ssl.enable property is set to false probably it will work, but Ineed it
  set to true. Does anyone a way to solve this problem?
  Thanks in advance.

• SSL Connection Configuration between Apache and Weblogic 8,1

  I'm currently using Apache web server as a front end server for Weblogic server 8.1 and now i' facing some configuration problem to setting up the SSL connection between this 2 server. When i open my web application page, it shows
  Failure of Server Apache bridge
  No backend server available for connection: timed out after 10 seconds or idempotent set to OFF.
  and my proxy.log shows:
  Thu Nov 03 09:36:41 2011 <182413202842013> INFO: SSL is configured
  Thu Nov 03 09:36:41 2011 <182413202842013> INFO: SSL configured successfully
  Thu Nov 03 09:36:41 2011 <182413202842013> Using Uri /favicon.ico
  Thu Nov 03 09:36:41 2011 <182413202842013> After trimming path: '/favicon.ico'
  Thu Nov 03 09:36:41 2011 <182413202842013> The final request string is '/favicon.ico'
  Thu Nov 03 09:36:41 2011 <182413202842013> SEARCHING id=[ebwdsk298.ebworx.com:7002] from current ID=[ebwdsk298.ebworx.com:7002]
  Thu Nov 03 09:36:41 2011 <182413202842013> The two ids matched
  Thu Nov 03 09:36:41 2011 <182413202842013> @@@FOUND...id=[ebwdsk298.ebworx.com:7002], server_name=[10.122.50.218], server_port=[80]
  Thu Nov 03 09:36:41 2011 <182413202842013> attempt #0 out of a max of 5
  Thu Nov 03 09:36:41 2011 <182413202842013> general list: trying connect to '10.122.50.48'/7002/7002 at line 2696 for '/favicon.ico'
  Thu Nov 03 09:36:41 2011 <182413202842013> New SSL URL: match = 0 oid = 22
  Thu Nov 03 09:36:41 2011 <182413202842013> Connect returns -1, and error no set to 10035, msg 'Unknown error'
  Thu Nov 03 09:36:41 2011 <182413202842013> EINPROGRESS in connect() - selecting
  Thu Nov 03 09:36:41 2011 <182413202842013> Setting peerID for new SSL connection
  Thu Nov 03 09:36:41 2011 <182413202842013> 0a7a 3230 5a1b 0000 .z20Z...
  Thu Nov 03 09:36:41 2011 <182413202842013> Local Port of the socket is 2121
  Thu Nov 03 09:36:41 2011 <182413202842013> Remote Host 10.122.50.48 Remote Port 7002
  Thu Nov 03 09:36:41 2011 <182413202842013> general list: created a new connection to '10.122.50.48'/7002 for '/favicon.ico', Local port:2121
  Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Host]=[10.122.50.218]
  Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Connection]=[keep-alive]
  Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept]=[*/*]
  Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[User-Agent]=[Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1]
  Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Encoding]=[gzip,deflate,sdch]
  Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Language]=[en-US,en;q=0.8]
  Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Charset]=[ISO-8859-1,utf-8;q=0.7,*;q=0.3]
  Thu Nov 03 09:36:41 2011 <182413202842013> URL::sendHeaders(): meth='GET' file='/favicon.ico' protocol='HTTP/1.1'
  Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Host]=[10.122.50.218]
  Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept]=[*/*]
  Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[User-Agent]=[Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1]
  Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Encoding]=[gzip,deflate,sdch]
  Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Language]=[en-US,en;q=0.8]
  Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Charset]=[ISO-8859-1,utf-8;q=0.7,*;q=0.3]
  Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Connection]=[Keep-Alive]
  Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[WL-Proxy-SSL]=[false]
  Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[WL-Proxy-Client-IP]=[10.122.50.48]
  Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Proxy-Client-IP]=[10.122.50.48]
  Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[X-Forwarded-For]=[10.122.50.48]
  Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[X-WebLogic-Force-JVMID]=[unset]
  Thu Nov 03 09:36:41 2011 <182413202841921> INFO: No session match found
  Thu Nov 03 09:36:41 2011 <182413202842013> INFO: No CA was trusted, validation failed
  Thu Nov 03 09:36:41 2011 <182413202841921> INFO: DeleteSessionCallback
  Thu Nov 03 09:36:41 2011 <182413202842013> ERROR: SSLWrite failed
  Thu Nov 03 09:36:41 2011 <182413202842013> SEND failed (ret=-1) at 789 of file ../nsapi/URL.cpp
  Thu Nov 03 09:36:41 2011 <182413202842013> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 790 of ../nsapi/URL.cpp
  Thu Nov 03 09:36:41 2011 <182413202842013> Marking 10.122.50.48:7002 as bad
  Thu Nov 03 09:36:41 2011 <182413202842013> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0,  line 790 of ../nsapi/URL.cpp]: at line 3078
  Thu Nov 03 09:36:41 2011 <182413202842013> INFO: Closing SSL context
  Thu Nov 03 09:36:41 2011 <182413202842013> INFO: Error after SSLClose, socket may already have been closed by peer
  Thu Nov 03 09:36:41 2011 <182413202842013> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
  Can anyone tell me what should i do in order to correct this error? Your help is kindly appreciate!!! Please~

  1) Is the managed server up?
  2) from apache server are you able to bind the managed server port?
  3) can you pls send the weblogic ssl configuration?

• I am getting the following error using SQL Plus on Windows "ORA-28865: SSL connection closed"

  I have set up my certificates on client and server and have tested the port using TCP and works fine.  TCPS fails with ORA-28865.  I have attached my trace file which was using level 10
  Please any assistance is appreciated
  (5888) [11-APR-2015 09:36:28:365] nsnainit: NS Connection version: 315
  (5888) [11-APR-2015 09:36:28:365] nsnainit: inf->nsinfflg[0]: 0x41 inf->nsinfflg[1]: 0x41
  (5888) [11-APR-2015 09:36:28:365] nsnainit: "or" info flags: 0x41 Translations follow:
    native service(s) is (are) wanted
  (5888) [11-APR-2015 09:36:28:365] nsnainit: "or" info flags: 0x41 Translations follow:
    native service(s) is (are) wanted
  "and" info flags: 0x41 Translations follow:
    native service(s) is (are) wanted
  (5888) [11-APR-2015 09:36:28:365] snsbitts_ts: acquired the bit
  (5888) [11-APR-2015 09:36:28:365] nsopen: global context check-in (to slot 0) complete
  (5888) [11-APR-2015 09:36:28:365] nsopen: lcl[0]=0xf4ffefff, lcl[1]=0x102000, gbl[0]=0xfabf, gbl[1]=0x1, tdu=2097152, sdu=8192
  (5888) [11-APR-2015 09:36:28:365] nsfull_opn: cid=0, opcode=65, *bl=0, *what=0, uflgs=0x0, cflgs=0x0
  (5888) [11-APR-2015 09:36:28:365] nsfull_opn: nsctx: state=7, flg=0x4001, mvd=0
  (5888) [11-APR-2015 09:36:28:365] nsmal: 168 bytes at 0x214d1a0
  (5888) [11-APR-2015 09:36:28:365] nsmal: 168 bytes at 0x214dbf0
  (5888) [11-APR-2015 09:36:28:365] nsmfr: 239 bytes at 0x20e53a0
  (5888) [11-APR-2015 09:36:28:365] nsdo: cid=0, opcode=67, *bl=238, *what=8, uflgs=0x0, cflgs=0x3
  (5888) [11-APR-2015 09:36:28:365] snsbitts_ts: acquired the bit
  (5888) [11-APR-2015 09:36:28:365] nsdo: rank=64, nsctxrnk=0
  (5888) [11-APR-2015 09:36:28:365] nsdo: nsctx: state=14, flg=0x4005, mvd=0
  (5888) [11-APR-2015 09:36:28:365] nsdo: gtn=10, gtc=10, ptn=10, ptc=8111
  (5888) [11-APR-2015 09:36:28:365] nscon: doing connect handshake...
  (5888) [11-APR-2015 09:36:28:365] nscon: sending NSPTCN packet
  (5888) [11-APR-2015 09:36:28:365] nspsend: plen=70, type=1
  (5888) [11-APR-2015 09:36:28:365] ntzwrite: entry
  (5888) [11-APR-2015 09:36:28:365] nzos_Write: entry
  (5888) [11-APR-2015 09:36:28:365] nttwr: entry
  (5888) [11-APR-2015 09:36:28:365] nttwr: socket 560 had bytes written=99
  (5888) [11-APR-2015 09:36:28:365] nttwr: exit
  (5888) [11-APR-2015 09:36:28:365] nzos_Write: exit
  (5888) [11-APR-2015 09:36:28:365] ntzwrite: exit
  (5888) [11-APR-2015 09:36:28:365] nspsend: 70 bytes to transport
  (5888) [11-APR-2015 09:36:28:365] nscon: sending 238 bytes connect data
  (5888) [11-APR-2015 09:36:28:365] nsdo: cid=0, opcode=67, *bl=238, *what=1, uflgs=0x4002, cflgs=0x0
  (5888) [11-APR-2015 09:36:28:365] nsdo: nsctx: state=2, flg=0x4005, mvd=0
  (5888) [11-APR-2015 09:36:28:365] nsdo: gtn=10, gtc=10, ptn=10, ptc=431
  (5888) [11-APR-2015 09:36:28:365] nsdo: 238 bytes to NS buffer
  (5888) [11-APR-2015 09:36:28:365] nsdofls: DATA flags: 0x0
  (5888) [11-APR-2015 09:36:28:365] nsdofls: sending NSPTDA packet
  (5888) [11-APR-2015 09:36:28:365] nspsend: plen=248, type=6
  (5888) [11-APR-2015 09:36:28:365] ntzwrite: entry
  (5888) [11-APR-2015 09:36:28:365] nzos_Write: entry
  (5888) [11-APR-2015 09:36:28:365] nttwr: entry
  (5888) [11-APR-2015 09:36:28:365] nttwr: socket 560 had bytes written=277
  (5888) [11-APR-2015 09:36:28:365] nttwr: exit
  (5888) [11-APR-2015 09:36:28:365] nzos_Write: exit
  (5888) [11-APR-2015 09:36:28:365] ntzwrite: exit
  (5888) [11-APR-2015 09:36:28:365] nspsend: 248 bytes to transport
  (5888) [11-APR-2015 09:36:28:365] nsdoacts: flushing transport
  (5888) [11-APR-2015 09:36:28:365] ntzcontrol: entry
  (5888) [11-APR-2015 09:36:28:365] ntzcontrol: Command = 4
  (5888) [11-APR-2015 09:36:28:365] ntzcontrol: unknown command 4 - calling underlying protocol adapter
  (5888) [11-APR-2015 09:36:28:365] nttctl: entry
  (5888) [11-APR-2015 09:36:28:365] ntzcontrol: operation is unsupported
  (5888) [11-APR-2015 09:36:28:365] ntzcontrol: exit
  (5888) [11-APR-2015 09:36:28:365] snsbitts_ts: acquired the bit
  (5888) [11-APR-2015 09:36:28:365] nsdo: nsctxrnk=0
  (5888) [11-APR-2015 09:36:28:365] nsdo: cid=0, opcode=68, *bl=2048, *what=9, uflgs=0x0, cflgs=0x3
  (5888) [11-APR-2015 09:36:28:365] snsbitts_ts: acquired the bit
  (5888) [11-APR-2015 09:36:28:365] nsdo: rank=64, nsctxrnk=0
  (5888) [11-APR-2015 09:36:28:365] nsdo: nsctx: state=2, flg=0x4005, mvd=0
  (5888) [11-APR-2015 09:36:28:365] nsdo: gtn=10, gtc=10, ptn=10, ptc=8111
  (5888) [11-APR-2015 09:36:28:380] nscon: recving a packet
  (5888) [11-APR-2015 09:36:28:380] nsprecv: reading from transport...
  (5888) [11-APR-2015 09:36:28:380] ntzread: entry
  (5888) [11-APR-2015 09:36:28:380] ntznzosread: entry
  (5888) [11-APR-2015 09:36:28:380] nzos_Read: entry
  (5888) [11-APR-2015 09:36:28:380] nttrd: entry
  (5888) [11-APR-2015 09:36:28:380] ntt2err: entry
  (5888) [11-APR-2015 09:36:28:380] ntt2err: exit
  (5888) [11-APR-2015 09:36:28:380] nttrd: socket 560 had bytes read=0
  (5888) [11-APR-2015 09:36:28:380] nttrd: exit
  (5888) [11-APR-2015 09:36:28:380] nzos_Read: exit
  (5888) [11-APR-2015 09:36:28:380] ntznzosread: encountered "wouldblock" error
  (5888) [11-APR-2015 09:36:28:380] ntctst: size of NTTEST list is 1 - not calling poll
  (5888) [11-APR-2015 09:36:28:396] nzos_Read: entry
  (5888) [11-APR-2015 09:36:28:396] nttrd: entry
  (5888) [11-APR-2015 09:36:28:396] nttrd: exit
  (5888) [11-APR-2015 09:36:28:396] ntt2err: entry
  (5888) [11-APR-2015 09:36:28:396] ntt2err: Read unexpected EOF ERROR on 560
  (5888) [11-APR-2015 09:36:28:396] ntt2err: exit
  (5888) [11-APR-2015 09:36:28:396] nzos_Read: exit
  (5888) [11-APR-2015 09:36:28:396] ntznzosread: SSL connection closed gracefully.
  (5888) [11-APR-2015 09:36:28:396] ntznzosread: SSL connection terminated normally.
  (5888) [11-APR-2015 09:36:28:396] ntznzosread: returning NZ error 28865 in result structure
  (5888) [11-APR-2015 09:36:28:396] ntznzosread: exit
  (5888) [11-APR-2015 09:36:28:396] nserror: nsres: id=0, op=68, ns=12537, ns2=12560; nt[0]=507, nt[1]=0, nt[2]=0; ora[0]=28865, ora[1]=0, ora[2]=0
  (5888) [11-APR-2015 09:36:28:396] snsbitts_ts: acquired the bit
  (5888) [11-APR-2015 09:36:28:396] nsdo: nsctxrnk=0
  (5888) [11-APR-2015 09:36:28:396] nscall: unexpected response
  (5888) [11-APR-2015 09:36:28:396] nsvntx_dei: entry
  (5888) [11-APR-2015 09:36:28:396] nsvntx_dei: exit
  (5888) [11-APR-2015 09:36:28:396] nstimarmed: no timer allocated
  (5888) [11-APR-2015 09:36:28:396] ntzcontrol: entry
  (5888) [11-APR-2015 09:36:28:396] ntzcontrol: Command = 14
  (5888) [11-APR-2015 09:36:28:396] ntzcontrol: exit
  (5888) [11-APR-2015 09:36:28:396] ntzcontrol: entry
  (5888) [11-APR-2015 09:36:28:396] ntzcontrol: Command = 15
  (5888) [11-APR-2015 09:36:28:396] ntzcontrol: exit
  (5888) [11-APR-2015 09:36:28:396] snsbitts_ts: acquired the bit
  (5888) [11-APR-2015 09:36:28:396] nsfull_cls: cid=0, opcode=65, *bl=0, *what=0, uflgs=0x0, cflgs=0x440
  (5888) [11-APR-2015 09:36:28:396] nsfull_cls: nsctx: state=1, flg=0x4001, mvd=0
  (5888) [11-APR-2015 09:36:28:396] nsclose: closing transport
  (5888) [11-APR-2015 09:36:28:396] ntzdisconnect: entry
  (5888) [11-APR-2015 09:36:28:396] ntzFreeNTZData: entry
  (5888) [11-APR-2015 09:36:28:396] nzos_DestroyCtx: entry
  (5888) [11-APR-2015 09:36:28:396] nzos_DestroyCtx: exit
  (5888) [11-APR-2015 09:36:28:396] ntzFreeNTZData: exit
  (5888) [11-APR-2015 09:36:28:396] nttdisc: entry
  (5888) [11-APR-2015 09:36:28:396] nttdisc: Closed socket 560
  (5888) [11-APR-2015 09:36:28:396] nttdisc: exit
  (5888) [11-APR-2015 09:36:28:396] ntzdisconnect: exit
  (5888) [11-APR-2015 09:36:28:396] snsbitts_ts: acquired the bit
  (5888) [11-APR-2015 09:36:28:396] nsclose: global context check-out (from slot 0) complete
  (5888) [11-APR-2015 09:36:28:396] nadisc: entry
  (5888) [11-APR-2015 09:36:28:396] nacomtm: entry
  (5888) [11-APR-2015 09:36:28:396] nacompd: entry
  (5888) [11-APR-2015 09:36:28:396] nacompd: exit
  (5888) [11-APR-2015 09:36:28:396] nacompd: entry
  (5888) [11-APR-2015 09:36:28:396] nacompd: exit
  (5888) [11-APR-2015 09:36:28:396] nacomtm: exit
  (5888) [11-APR-2015 09:36:28:396] nas_dis: entry
  (5888) [11-APR-2015 09:36:28:396] nas_dis: exit
  (5888) [11-APR-2015 09:36:28:396] nau_dis: entry
  (5888) [11-APR-2015 09:36:28:396] nau_dis: exit
  (5888) [11-APR-2015 09:36:28:396] naeetrm: entry
  (5888) [11-APR-2015 09:36:28:396] naeetrm: exit
  (5888) [11-APR-2015 09:36:28:396] naectrm: entry
  (5888) [11-APR-2015 09:36:28:396] naectrm: exit
  (5888) [11-APR-2015 09:36:28:396] nagbltrm: entry
  (5888) [11-APR-2015 09:36:28:396] nau_gtm: entry
  (5888) [11-APR-2015 09:36:28:396] nau_gtm: exit
  (5888) [11-APR-2015 09:36:28:396] nagbltrm: exit
  (5888) [11-APR-2015 09:36:28:396] nadisc: exit
  (5888) [11-APR-2015 09:36:28:396] snsbitts_ts: acquired the bit
  (5888) [11-APR-2015 09:36:28:396] nsvntx_dei: entry
  (5888) [11-APR-2015 09:36:28:396] nsvntx_dei: exit
  (5888) [11-APR-2015 09:36:28:396] snsbitts_ts: acquired the bit
  (5888) [11-APR-2015 09:36:28:396] nsmfr: 2944 bytes at 0x2152400
  (5888) [11-APR-2015 09:36:28:396] nsmfr: 1880 bytes at 0x2151ca0
  (5888) [11-APR-2015 09:36:28:396] nscall: connecting...
  (5888) [11-APR-2015 09:36:28:396] nladget: entry
  (5888) [11-APR-2015 09:36:28:396] nladget: exit
  (5888) [11-APR-2015 09:36:28:396] nsmfr: 238 bytes at 0x221def0
  (5888) [11-APR-2015 09:36:28:412] nsmfr: 304 bytes at 0x20d8200
  (5888) [11-APR-2015 09:36:28:412] nladtrm: entry
  (5888) [11-APR-2015 09:36:28:412] nladtrm: exit
  (5888) [11-APR-2015 09:36:28:412] nioqper:  error from nscall
  (5888) [11-APR-2015 09:36:28:412] nioqper:    ns main err code: 12537
  (5888) [11-APR-2015 09:36:28:412] nioqper:    ns (2)  err code: 12560
  (5888) [11-APR-2015 09:36:28:412] nioqper:    nt main err code: 507
  (5888) [11-APR-2015 09:36:28:412] nioqper:    nt (2)  err code: 0
  (5888) [11-APR-2015 09:36:28:412] nioqper:    nt OS   err code: 0
  (5888) [11-APR-2015 09:36:28:412] niomapnserror: entry
  (5888) [11-APR-2015 09:36:28:412] niqme: entry
  (5888) [11-APR-2015 09:36:28:412] niqme: reporting ORA-28865 error
  (5888) [11-APR-2015 09:36:28:412] niqme: exit
  (5888) [11-APR-2015 09:36:28:412] niomapnserror: exit
  (5888) [11-APR-2015 09:36:28:412] niotns: Couldn't connect, returning 28865
  (5888) [11-APR-2015 09:36:28:412] niotns: exit
  (5888) [11-APR-2015 09:36:28:412] nsbrfr: nsbfs at 0x214d1a0, data at 0x2225ca0.
  (5888) [11-APR-2015 09:36:28:412] nsbrfr: nsbfs at 0x214dbf0, data at 0x2227d90.
  (5888) [11-APR-2015 09:36:28:412] nsbrfr: nsbfs at 0x214d9e0, data at 0x21531c0.
  (5888) [11-APR-2015 09:36:28:412] nigtrm: Count in the NI global area is now 1
  (5888) [11-APR-2015 09:36:28:412] nigtrm: Count in the NL global area is now 1

  CLIENT SQLNET.ORA
  TRACE_LEVEL_CLIENT = 10
  TRACE_UNIQUE_CLIENT = ON
  TRACE_DIRECTORY_CLIENT = C:\Oracle\app\client\product\12.1.0\client_1\network\trace
  TRACE_FILE_CLIENT = sqlnet_client.trc
  LOG_FILE_CLIENT = sqlnet_client.log
  LOG_DIRECTORY_CLIENT = C:\Oracle\app\client\product\12.1.0\client_1\network\log
  DIAG_ADR_ENABLED = OFF
  TRACE_TIMESTAMP_CLIENT = ON
  SQLNET.AUTHENTICATION_SERVICES = (ALL)
  SQLNET.AUTHENTICATION_REQUIRED = FALSE
  SSL_CLIENT_AUTHENTICATION = FALSE
  WALLET_LOCATION =
    (SOURCE =
      (METHOD = FILE)
      (METHOD_DATA =
        (DIRECTORY = C:\Oracle\app\client\product\12.1.0\client_1\network\wallets)
  ADR_BASE = C:\Oracle\app\client\product\12.1.0\client_1\log
  SERVER SQLNET.ORA
  SQLNET.AUTHENTICATION_SERVICES= (ALL)
  SSL_VERSION = 0
  SSL_CLIENT_AUTHENTICATION = FALSE
  TRACE_UNIQUE_SERVER = ON
  TRACE_DIRECTORY_SERVER = /u01/app/grid/product/12.1.0/12.1.0.2/network/trace
  TRACE_FILE_SERVER = sqlnet_server.trc
  LOG_FILE_SERVER = sqlnet_server.log
  WALLET_LOCATION =
    (SOURCE =
      (METHOD = FILE)
      (METHOD_DATA =
        (DIRECTORY = /u01/app/grid/product/12.1.0/12.1.0.2/owm/wallets/grid)
  LOG_DIRECTORY_SERVER = /u01/app/grid/product/12.1.0/12.1.0.2/network/log
  SQLNET.AUTHENTICATION_REQUIRED = FALSE
  DIAG_ADR_ENABLED = OFF
  TRACE_TIMESTAMP_SERVER = ON

• FTP/SSL Connection Problem for FTP Receiver Adapter

  Hello All,
  We are trying to establish an FTPS/SSL connection with one of our customers from our XI(Unix) system, and are receive following error:
  <b>iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier</b>
  Communication Channel Parameters:
  Connection Security: FTP (FTP Using SSL/TLS) for Control Connection or FTP (FTP Using SSL/TLS) for Control Connection and Data Connection
  Command Order: AUTH TLS, USER, PASS, PBSZ, PROT
  Checkbox - Use X.509 Certificate.... checked (Certificate was provided by third party (customer issued) and uploaded to service_ssl certificate store on J2EE server)
  Data Connection: Passive
  Port: 10021
  Keystore: service_ssl
  X.509 Certificate & Private Key: ssl-credentials
  Note: Initial handshaking occurs but connection is being dropped by the third party FTP Server when SSL certificate credentials are being validated. We also tried connecting to the third party FTPS server using standard FTPS client(FileZilla software), this connection gets established successfully with no certificate issues which means certificate and third party FTP Server is functioning correctly.
  We therefore are thinking that the problem lies with our XI system being unable to load the certificate information correctly at the point when FTPS session is being established.
  Your help and suggestions will be greatly appreciated.
  Thanks and Best Regards
  Prashant Rajani

  Hello All,
  Further in order to test connection set up and communication channel configuration we tried simulating the FTP connection locally by configuring FTP Server using FileZilla at a local machine and accessed it from Client's XI Server.
  This set up simulates the problem we encounter with our customer's FTP Server.
  If connection security parameter in communication channel for Sender FTP Adapter is set to <b>"FTPs( FTP Using SSL/TLS) with Control Connection" only</b>, file gets successfully created with data at the FTP server but as soon as we switch the connection security parameter to <b>"FTPs( FTP Using SSL/TLS) with Control and Data Connection"</b>, we receive error "Certificate rejected by Chain Verifier". The initial handshaking happens successfully and file gets created at the FTP Server but its empty, connection fails when attempt is made to write data into file and we end up with said error thereby closing the connection.
  This is what the FTP (FileZilla) sees when the XI system attempts to set-up a fully encrypted data  (FTPS) connection i.e., connection security parameter value as<b>"FTPs( FTP Using SSL/TLS) with Control and Data Connection"</b> :-
  - (not logged in) (10.18.106.34)> Connected, sending welcome message...
  - (not logged in) (10.18.106.34)> 220-FileZilla Server version 0.9.18 beta
  - (not logged in) (10.18.106.34)> 220-written by Tim Kosse ([email protected])
  - (not logged in) (10.18.106.34)> 220 Please visit http://sourceforge.net/projects/filezilla/
  - (not logged in) (10.18.106.34)> AUTH TLS
  - (not logged in) (10.18.106.34)> 234 Using authentication type TLS
  - (not logged in) (10.18.106.34)> SSL connection established
  - (not logged in) (10.18.106.34)> USER test
  - (not logged in) (10.18.106.34)> 331 Password required for test
  - (not logged in) (10.18.106.34)> PASS ***********
  - test (10.18.106.34)> 230 Logged on
  - test (10.18.106.34)> PBSZ 0
  - test (10.18.106.34)> 200 PBSZ=0
  - test (10.18.106.34)> PROT P
  - test (10.18.106.34)> 200 Protection level set to P
  - test (10.18.106.34)> SYST
  - test (10.18.106.34)> 215 UNIX emulated by FileZilla
  - test (10.18.106.34)> PWD
  - test (10.18.106.34)> 257 "/" is current directory.
  - test (10.18.106.34)> CWD /payment/
  - test (10.18.106.34)> <b>250 CWD successful. "/payment" is current directory.</b>- test (10.18.106.34)> TYPE I
  - test (10.18.106.34)> 200 Type set to I
  - test (10.18.106.34)> PASV
  - test (10.18.106.34)> <b>227 Entering Passive Mode (10,27,7,103,15,63)</b>- test (10.18.106.34)> STOR BHPDSB20060911-153840-834.txt
  - test (10.18.106.34)> <b>150 Connection accepted</b>
  - test (10.18.106.34)> <b>Data connection SSL warning: SSL3 alert read: fatal: bad certificate</b>
  - test (10.18.106.34)> <b>Data connection SSL warning: SSL_accept: failed in SSLv3 read client certificate A</b>- test (10.18.106.34)> <b>Data connection SSL warning: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate</b>- test (10.18.106.34)> <b>Data connection SSL warning: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure</b>- test (10.18.106.34)> <b>426 Connection closed; transfer aborted.</b>- test (10.18.106.34)> QUIT
  - test (10.18.106.34)> 221 Goodbye
  - test (10.18.106.34)> SSL connection established
  Please suggest your valuable inputs if we are missing out something. Any helpful inputs in this regard is highly appreciated.
  Thanks and Best Regards
  Prashant

• Webdav with client ssl certificate

  I have created one webdav enable site in apple mac mini server using apache. The webdav site is secured with https as well as client certificate.
  While browsing the website using safari/IE everything is working fine,but with ipad's webdav utility it is not working.Client cert is not picking up by webdav nav tool, although the client ssl cert is installed in ipad.

  Some more checking using wireshark on the destination server.
  I created a simple html page that is contained under a directory that requires SSL and a client certificate, as configured in the apache configuration.
  This works fine from the IE and Firefox desktop browsers.
  Now, using Safari on the iPad with the appropriate certificates installed (client cert and CA cert) using the profile management tool, I attempted to connect to this page.
  Wireshark shows the iPad contacting the server and the TLSv1 protocol selection (Client Hello and Server Hello).
  Following this the server issues the requested server certificate and the CA cert to the iPad device.
  The iPad device responds with an ACK and this is where it stops the communication. No further packets appear.
  During this time, the iPad has requested that a client certificate be selected using the dialog and the appropriate client cert is selected, however the network transaction does not show the iPad ever sending this certificate to the server.

• SSL connection, KeyManager and TrustManager

  Hello everyone,
  I am trying to established an SSL connection to a OC4J Server. The server is correctly configured, as the communications using Internet Explorer goes well.
  I am using JDK 1.3.1_06 with JSSE 1.0.3 and OC4J 9.0.3.
  But now I have a stand-alone java program that sends SOAP messages to the ssl port in the server using JAXM. When I send the message, I received the following exception:
  javax.net.ssl.SSLException: untrusted server cert chain
  The following I tried was to connect using a socket to test the handshacking. I received the same exception.
  I am using a KeyStore dinamically generated with the PKCS12 certificate of the cliente that is requesting the service, and a TrustStore dinamically generated with the CA certificate for both the client and the server. I am also tries to use the default cacerts file with this certificate imported in.
  The KeyManager is initialized in this way:
  ----- KeyManager start -----
  java.security.KeyStore ks = java.security.KeyStore.getInstance
       ("pkcs12", "SunJSSE");
  ks.load(new FileInputStream(file),pass.toCharArray());
  KeyManagerFactory kmf = KeyManagerFactory.getInstance     ("SunX509", "SunJSSE");
  kmf.init(ks, pass.toCharArray());
  KeyManager[] km = (KeyManager[])kmf.getKeyManagers();
  ----- KeyManager end -----
  The TrustManager is initialized in this way:
  ----- TrustManager start -----
  FileInputStream fis = new FileInputStream(file);
  java.io.DataInputStream dis = new java.io.DataInputStream(fis);
  byte[] bytes = new byte[dis.available()];
  dis.readFully(bytes);
  java.io.ByteArrayInputStream bais =
       new java.io.ByteArrayInputStream(bytes);
  java.security.cert.CertificateFactory cf =          java.security.cert.CertificateFactory.getInstance("X.509");
  java.security.cert.X509Certificate caCert =
       (java.security.cert.X509Certificate)
            cf.generateCertificate(bais);
  java.security.KeyStore ksCA =
       java.security.KeyStore.getInstance("pkcs12", "SunJSSE");
  ksCA.load(null, null);
  ksCA.setCertificateEntry("trustedCA", caCert);
  TrustManagerFactory tmf =
       TrustManagerFactory.getInstance("SunX509", "SunJSSE");
  tmf.init(ksCA);
  TrustManager[] tm = (TrustManager[])tmf.getTrustManagers();
  ----- TrustManager end -----
  And finally, this is the way I create the ssl connection:
  ----- main start -----
  // loads the jsse provider
  System.setProperty("java.protocol.handler.pkgs",
       "com.sun.net.ssl.internal.www.protocol");
  java.security.Security.addProvider(
       new com.sun.net.ssl.internal.ssl.Provider());
  // keymanager
  com.sun.net.ssl.KeyManager[] km = getKeyManager(args[0], args[1]);
  // trustmanager
  com.sun.net.ssl.TrustManager[] tm = getTrustManager(args[2]);
  // ssl context configuration
  com.sun.net.ssl.SSLContext ctx =
       com.sun.net.ssl.SSLContext.getInstance("SSL");
  ctx.init(km, tm, null);
  com.sun.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(
       ctx.getSocketFactory());
  // url
  URL url = new URL(
       "https", my_ip
       my_port, a_page,
       new com.sun.net.ssl.internal.www.protocol.https.Handler());
  // connection
  com.sun.net.ssl.HttpsURLConnection conn =
       (com.sun.net.ssl.HttpsURLConnection)url.openConnection();
  conn.connect();
  ----- main end -----
  This is the full exception trace:
  javax.net.ssl.SSLException: untrusted server cert chain
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA6275)
  at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
  at java.io.OutputStream.write(OutputStream.java:56)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
  at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect(DashoA6275)
  at com.sun.net.ssl.internal.www.protocol.https.NetworkClient.openServer(DashoA6275)
  at com.sun.net.ssl.internal.www.protocol.https.HttpClient.l(DashoA6275)
  at com.sun.net.ssl.internal.www.protocol.https.HttpClient.<init>(DashoA6275)
  at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.<init>(DashoA6275)
  at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a(DashoA6275)
  at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a(DashoA6275)
  at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect(DashoA6275)
  at pruebas.SSLClient.main(SSLClient.java)
  Has anyone some idea of what is happening. Thanks in advance,
  Jorge Hidalgo

  hi
  how your client i.e stanadlone application (SOAP client) is getting the server certificates if client doesn't get the server certificate and vice versa then u will get this exception.
  check on both side.
  pras

• Dual Monitors functionality with SSL connections?

  Hi, I'm configuring a new ASA5510 w/ SSL licensing and a coworker asked me some questions on functionality of remote access. I'm new to the ASA device and have never configured one before.
  Both of these questions are assuming the user is at home and using their personal computer (not a laptop or work computer). If a user successfully creates a SSL connection, I understand it's basically like a remote desktop session to that particular user's desktop.
  Q1: If the work computer is running dual LCD screens, are there any remote desktop options that will allow the home user to do the same or even to switch? Can those settings be saved as if it was a profile?
  Q2: Same situation only the home user would like to print to his personal printer at home.
  Thanks

  Thanks for the responses Farrukh. I'm reading the config example now.
  I'm trying to visualize the step by step process the end user would go through in order to remotely connect.
  With my previous employer, I've used and I'm most familiar with using the ipsec VPN Client. Now, with my new employer I'm tasked with setting up a remote access solution using SSL.
  The new company uses a Sonicwall solution that works like this:
  1. https://vpngateway
  2. user authentication with AD login
  3. CompanyName Virtual Office
  4. there is a pre-configured bookmark (remote access) for only that particular end user's desktop (forces static ip address)
  5. WinXP login prompt
  6. connection completed to end user's desktop with the normal group policies applied
  I've never seen/used a remote access solution like this and was wondering if Cisco's clientless SSL works the same.

• Create outgoing SSL connections in WebLogic 4.5.1 using JSSE

  Hi,
  Does anyone know how to create outgoing SSL connections from a WLS 4.5.1 using
  JSSE.
  I've implemented an application using JSSE for POSTing data to an HTTPS server
  that requires client authentication and it worked fine. But when used inside the
  WebLogic server it doesn't work, because the WLS SSL classes are used instead
  of the JSSE ones. It returns a "java.io.IOException: Alert: fatal handshake_failure".
  If the ssl.enable property is set to false probably it will work, but I need it
  set to true. Does anyone a way to solve this problem?
  Thanks in advance.

  Hi,
  I also need to do the same in weblogic 5.1 (sp8). I know
  it is not possible with JSSE, but how do I achieve with
  weblogic implementation of Https? I am getting "Non
  supported cipher requested" error. How do I remove this message. It will be
  of great help if someone can list
  down the configuration step in weblogic. I am trying
  to find it in weblogic documentation but no success so far.
  Thanks in advance for your help!
  - Rishi
  "Jerry" <[email protected]> wrote in message
  news:[email protected]..
  Hi Nuno,
  I don't think that you can use JSSE to make outgoing SSL connections inWLS 4.5.1 because
  of the many conflicts between JSSE and the WLS SSL classes
  In versions of 5.1 (such as sp9 and up), and also 6.0 and 6.1, BEA gotrid of these
  conflicts to make the use of JSSE possible with WebLogic to do outgoingSSL.
  In 4.5.1, I believe you are out of luck.
  Joe Jerry
  Nuno Carvalho wrote:
  Hi,
  Does anyone know how to create outgoing SSL connections from a WLS 4.5.1
  using
  JSSE.
  I've implemented an application using JSSE for POSTing data to an HTTPSserver
  that requires client authentication and it worked fine. But when usedinside the
  WebLogic server it doesn't work, because the WLS SSL classes are usedinstead
  of the JSSE ones. It returns a "java.io.IOException: Alert: fatalhandshake_failure".
  If the ssl.enable property is set to false probably it will work, but Ineed it
  set to true. Does anyone a way to solve this problem?
  Thanks in advance.