Several SSL-Certificates in STRUST

Hello,
I'm not sure, if this is right place for my question, but I will try it.
On one SAP WAS 7.0 we have two BSP-Applications.
Each application uses an seperate URL, for example
shopa.test.com
shopb.test.com
Access should be realized over two SAP webdispatchers.
Both applications should run with SSL.
Is it possible to install two SSL-Certificates in the STRUST?
Installing a SSL-Certificate in STRUST is not the problem, I did several times.
What happens, if there is an existing certificate, and the server-pse will be changed to create
an new CR for the second URL.
Can anybody help me or did this before?
Thank you
Frank

Hi,
>If we want an end to end encryption, the certificates in strust are necessary.
You did not say that you wanted end to end encryption...
I don't know if what you want to do is possible.
I would experiment with virtual hosts creation at the SICF level and create 2 SSL servers entries in STRUST
Menu --> Environment --> SSL Server Identities
It adds your created entry to the main tree of STRUST and you can then create a new SSL server certificate.
Hope this helps,
Olivier

Similar Messages

  • Installing a Wildcard Certificate in STRUST

    Hi,
    I am trying to install a wildcard SSL certificate using STRUST on our ABAP system.
    If I try to import it using the "Import Cert. Response" button, I get an error message saying the certificate cannot be installed. I presume this is because my private key does not match the public key of the certificate.
    How can I get a wildcard certificate working with my ABAP system? Do I need to somehow change the private key of my system?
    Thanks in advance

    Hi Stuart,
    Please check below thread it may help in your case.
    Problem importing a certificate using Strust
    https://scn.sap.com/thread/1587251
    BR
    Atul

  • How to use an existing certificate for the ABAP SSL setup using STRUST

    Hi
    All the documentation say to Create certificate Request and subsequently import the Certificate response from a CA.
    In our case, the company has a certificate from a valid CA root and we would like to use this when creating the SSL PSE files, in particular, the SSL Server PSE.
    Should I use sapgenpse instead of strust??
    What are the steps to apply the certificate (www.company.com.au) to this instance (host.dom.internal)??????
    Thanks
    Doug

    Hi Dough,
    pls chk out this for SSL certificate
    http://help.sap.com/saphelp_nw04/helpdata/en/20/37c33ae8361838e10000000a11402f/frameset.htm
    http://help.sap.com/saphelp_nw04s/helpdata/en/20/37c33ae8361838e10000000a11402f/frameset.htm
    http://help.sap.com/saphelp_nw04/helpdata/en/16/1bb23bdb0d0156e10000000a11402f/frameset.htm
    http://help.sap.com/saphelp_nw04s/helpdata/en/16/1bb23bdb0d0156e10000000a11402f/frameset.htm
    http://help.sap.com/saphelp_nw04/helpdata/en/c1/96b13b6e95b72ce10000000a114084/frameset.htm
    http://help.sap.com/saphelp_nw04s/helpdata/en/c1/96b13b6e95b72ce10000000a114084/frameset.htm
    http://help.sap.com/saphelp_nw04/helpdata/en/e1/b6b13bd0ac933ae10000000a11402f/frameset.htm
    http://help.sap.com/saphelp_nw04s/helpdata/en/e1/b6b13bd0ac933ae10000000a11402f/frameset.htm
    http://help.sap.com/saphelp_nw04/helpdata/en/aa/a8463c6796e61ce10000000a114084/frameset.htm
    pls reward points
    Thanx
    Metha

  • How to Create SSL certificate for HTTPS Connection in SAP PI

    Hi,
              I have Proxy to HTTPS scenario. I need to provide my SSL certificate( SAP PI SSL Certificate) to the vendor.
              How to generate SAP PI SSL certificate. I have already imported vendor certificate using STRUST T-code.
             I am not sure from where to generate SAP PI SSL certificate that need to be shared with vendor.
             Please help me on this issue.
    Thanks,
    Siva

    Hi,
    Check if it helps:
    http://help.sap.com/saphelp_nwpi711/helpdata/en/49/26af8339242583e10000000a421937/frameset.htm
    But as mentioned for the colleague above, you can create that on Visual Administrator Tool -> Keystore
    Regards,
    Caio Cagnani

  • Problem in Authenticating Clients using SSL certificates in EP 7.0

    Hi all,
    Our team is configuring client authentication using ssl certificates to Enterprise Portal 7.0. We have exhausted our search on SDN and have also brought SAP on board to resolve this issue.
    We have completed our configuration as defined in following links
    http://help.sap.com/saphelp_nw04/helpdata/en/8a/8bc061dcf64638aa695f250ce7ca78/content.htm
    http://help.sap.com/saphelp_nw2004s/helpdata/en/b0/881e3e3986f701e10000000a114084/content.htm
    and SAP note 583439.
    But once a client types in the portal URL a message is shown that your certificate will be mapped to your user. Although we have manually mapped our certificate to a particular user but every time it asks for user ID and password.
    So in short it dosent authenticate users on their certicates.
    Following are snaps that I have taken from my default logs.
    Latest snap.
    Date , Time , Message , Severity , Category , Location , Application , User
    02/27/2007 , 15:14:28:296 , ssl_debug(74): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:296 , ssl_debug(74): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:296 , ssl_debug(74): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(74): Wrote 147 bytes in 1 records, 126 bytes net, 126 average. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(74): Read 672 bytes in 1 records, 651 bytes net, 651 average. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(74): Sending alert: Alert Warning: close notify , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(74): Shutting down SSL layer... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(73): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(73): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(73): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(73): Wrote 9523 bytes in 24 records, 9019 bytes net, 375 average. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(73): Read 11234 bytes in 21 records, 10793 bytes net, 513 average. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(73): Sending alert: Alert Warning: close notify , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(73): Shutting down SSL layer... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:250 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:27:953 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:27:921 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:27:624 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:27:593 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:27:296 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:27:265 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:26:952 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:26:921 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:26:624 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:26:593 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:26:296 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:26:264 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:25:967 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:25:936 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:25:623 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:25:592 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:25:295 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:25:264 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:24:967 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:24:936 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:24:639 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:24:607 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:24:295 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:24:264 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:23:967 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:23:935 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:23:638 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:23:607 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:23:310 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:23:279 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:22:966 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:22:935 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:22:638 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:22:607 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:22:310 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:22:278 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:21:981 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:21:950 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:21:637 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:21:606 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:21:309 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:21:278 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:20:981 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:20:950 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:20:653 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:20:621 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:20:309 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:20:278 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:19:981 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:19:949 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:19:652 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:19:621 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:19:324 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:19:293 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:18:980 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:18:949 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:18:652 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:18:621 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:18:324 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:18:292 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:17:995 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:17:964 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:17:652 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:17:620 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:17:323 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:17:292 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:16:995 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:16:964 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:16:667 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:16:635 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:16:323 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:16:292 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:15:995 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:15:963 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:15:666 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:15:635 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:15:322 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:15:291 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:14:979 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:14:963 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:14:635 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:14:619 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:14:291 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:14:275 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:947 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:931 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:603 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:587 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:259 , ssl_debug(74): Read 153 bytes in 3 records, wrote 130 bytes in 3 records. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:259 , ssl_debug(74): Handshake completed, statistics: , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:259 , ssl_debug(74): Session added to session cache. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:259 , ssl_debug(74): Received finished message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:259 , ssl_debug(74): Received change_cipher_spec message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:259 , ssl_debug(74): Sending finished message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:259 , ssl_debug(74): Sending change_cipher_spec message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:243 , ssl_debug(74): Selecting CompressionMethod: NULL , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:243 , ssl_debug(74): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:243 , ssl_debug(74): Sending server_hello handshake message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:243 , ssl_debug(74): Resuming previous session... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:243 , ssl_debug(74): Client is trying to resume session 79:5C:C5:27:04:EB:FC:68... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:243 , ssl_debug(74): Client requested SSL version 3.0, selecting version 3.0. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:243 , ssl_debug(74): Received v3 client_hello handshake message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:243 , ssl_debug(74): Starting handshake (iSaSiLk 3.06)... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:12:462 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:12:118 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:11:774 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:11:446 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:11:102 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:10:758 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:10:414 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:10:086 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:09:742 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:09:398 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:09:054 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:08:726 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:08:382 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:08:038 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:07:694 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:07:366 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:07:022 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:06:678 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:06:334 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:06:006 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:05:662 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:05:318 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Read 153 bytes in 3 records, wrote 130 bytes in 3 records. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Handshake completed, statistics: , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Session added to session cache. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Received finished message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Received change_cipher_spec message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Sending finished message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Sending change_cipher_spec message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Selecting CompressionMethod: NULL , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Sending server_hello handshake message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Resuming previous session... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Client is trying to resume session 79:5C:C5:27:04:EB:FC:68... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Client requested SSL version 3.0, selecting version 3.0. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Received v3 client_hello handshake message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Starting handshake (iSaSiLk 3.06)... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:286 , ssl_debug(72): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:286 , ssl_debug(72): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:286 , ssl_debug(72): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:286 , ssl_debug(72): Wrote 0 bytes in 0 records, 0 bytes net, 0 average. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:286 , ssl_debug(72): Read 0 bytes in 0 records, 0 bytes net, 0 average. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:286 , ssl_debug(72): Shutting down SSL layer... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:286 , ssl_debug(72): Exception reading SSL message: java.io.EOFException: Connection closed by remote host. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , ssl_debug(72): Read 943 bytes in 3 records, wrote 861 bytes in 3 records. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , ssl_debug(72): Handshake completed, statistics: , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , ssl_debug(72): Session added to session cache. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , ssl_debug(72): Sending finished message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , ssl_debug(72): Sending change_cipher_spec message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , ssl_debug(72): Received finished message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , ssl_debug(72): Received change_cipher_spec message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , Exiting method , Path ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , oid: OBJECT ID = SubjectKeyIdentifier , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , Certificate: Version: 3
    Serial number: 4123385933
    Signature algorithm: md5WithRSAEncryption (1.2.840.113549.1.1.4)
    Issuer: CN=usmdlsdowa123.dow.com,OU=JV,O=Dow,L=Midland,C=US
    Valid not before: Tue Feb 20 09:17:00 EST 2007
          not after: Wed Feb 20 09:17:00 EST 2008
    Subject: CN=nai2626,OU=J V,O=DOW,L=Midland,ST=MI,C=US
    RSA public key (1024 bits):
    public exponent: 10001
    modulus: c1f13eb65d6d1f934c6504427dedfd963284979fd61e5d64ac8de1c647f85085f84e173d3bee65837aa97030ebfa6b9521e042b1244de3444e7e82a26a3542a419d6f0bbf276b71e0fb3083a5ed8353852816deec7dd9ceb5ded748ec4a52cb068af1a5e93299f882ee9cb531a60cb0e4b77372c832556e8d993a601d7214741
    Certificate Fingerprint (MD5)  : BD:B4:9E:51:A9:FA:8B:9B:40:5B:85:6E:5A:CC:B1:68
    Certificate Fingerprint (SHA-1): 4B:BB:43:8C:CC:DC:A1:92:56:40:CE:0B:8E:88:DA:28:EC:2A:46:52
    Extensions: 1
    , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , ssl_debug(72): ChainVerifier: Found a trusted certificate, returning true , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 ,  Not after: Wed Feb 20 09:17:00 EST 2008 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 ,  Not before: Tue Feb 20 09:17:00 EST 2007 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 ,  Serial: f5c5e04d , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 ,  Issuer: CN=usmdlsdowa123.dow.com,OU=JV,O=Dow,L=Midland,C=US , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 ,  Subject: CN=nai2626,OU=J V,O=DOW,L=Midland,ST=MI,C=US , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , cert [0 of 1] , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , Entering method with ([Ljava.security.cert.X509Certificate;@7bc735, iaik.security.ssl.SSLTransport@539802) , Path ,  , com.sap.engine.services.ssl.verifyChain () ,  ,
    02/27/2007 , 15:14:03:239 , ssl_debug(72): Received certificate_verify handshake message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Received client_key_exchange handshake message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Client sent a 1024 bit RSA certificate, chain has 1 elements. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Received certificate handshake message with client certificate. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Sending server_hello_done handshake message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Sending certificate_request handshake message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Sending certificate handshake message with server certificate... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Selecting CompressionMethod: NULL , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Sending server_hello handshake message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): NULL , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): CompressionMethods supported by the client: , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_DHE_DSS_WITH_DES_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_EXPORT_WITH_RC4_40_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_EXPORT1024_WITH_RC4_56_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_WITH_DES_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_WITH_3DES_EDE_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_WITH_RC4_128_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_WITH_RC4_128_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): CipherSuites supported by the client: , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Creating new session 79:5C:C5:27:04:EB:FC:68... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Client requested SSL version 3.0, selecting version 3.0. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Received v2 client hello message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:146 , ssl_debug(72): Starting handshake (iSaSiLk 3.06)... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:535 , Error in resource clean up for a disconnected client
    java.lang.NullPointerException
         at com.sap.engine.services.httpserver.dispatcher.Processor.closeConnection(Processor.java:1684)
         at com.sap.engine.services.httpserver.dispatcher.Processor.fail(Processor.java:518)
         at com.sap.engine.core.manipulator.TCPRunnableConnection.disposeConnection(TCPRunnableConnection.java:470)
         at com.sap.engine.core.manipulator.TCPRunnableConnection$CloseThread.run(TCPRunnableConnection.java:1031)
         at com.sap.engine.core.manipulator.TCPRunnableConnection.run(TCPRunnableConnection.java:525)
         at com.sap.engine.frame.core.thread.Task.run(Task.java:64)
         at com.sap.engine.core.thread.impl6.SingleThread.execute(SingleThread.java:78)
         at com.sap.engine.core.thread.impl6.SingleThread.run(SingleThread.java:148)
    , Error ,  , com.sap.engine.services.httpserver.dispatcher ,  ,
    02/27/2007 , 15:13:59:535 , ssl_debug(71): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:535 , Cannot get input and output streams from socket. ConnectionsManipulator is not initialized.
    [EXCEPTION]
    java.io.EOFException: Connection closed by remote host.
         at iaik.security.ssl.Utils.a(Unknown Source)
         at iaik.security.ssl.o.b(Unknown Source)
         at iaik.security.ssl.o.c(Unknown Source)
         at iaik.security.ssl.r.f(Unknown Source)
         at iaik.security.ssl.f.c(Unknown Source)
         at iaik.security.ssl.f.a(Unknown Source)
         at iaik.security.ssl.r.d(Unknown Source)
         at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
         at iaik.security.ssl.SSLSocket.startHandshake(Unknown Source)
         at com.sap.engine.services.ssl.factory.SSLSocket.startHandshake(SSLSocket.java:139)
         at com.sap.engine.services.ssl.factory.SSLSocket.getInputStream(SSLSocket.java:257)
         at com.sap.engine.core.manipulator.TCPRunnableConnection.init(TCPRunnableConnection.java:324)
         at com.sap.engine.core.manipulator.TCPRunnableConnection.run(TCPRunnableConnection.java:524)
         at com.sap.engine.frame.core.thread.Task.run(Task.java:64)
         at com.sap.engine.core.thread.impl6.SingleThread.execute(SingleThread.java:78)
         at com.sap.engine.core.thread.impl6.SingleThread.run(SingleThread.java:148)
    , Error , /System/Network , com.sap.engine.core.manipulator.TCPRunnableConnection.init() ,  ,
    02/27/2007 , 15:13:59:535 , Handshake failed
    [EXCEPTION]
    java.io.EOFException: Connection closed by remote host.
         at iaik.security.ssl.Utils.a(Unknown Source)
         at iaik.security.ssl.o.b(Unknown Source)
         at iaik.security.ssl.o.c(Unknown Source)
         at iaik.security.ssl.r.f(Unknown Source)
         at iaik.security.ssl.f.c(Unknown Source)
         at iaik.security.ssl.f.a(Unknown Source)
         at iaik.security.ssl.r.d(Unknown Source)
         at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
         at iaik.security.ssl.SSLSocket.startHandshake(Unknown Source)
         at com.sap.engine.services.ssl.factory.SSLSocket.startHandshake(SSLSocket.java:139)
         at com.sap.engine.services.ssl.factory.SSLSocket.getInputStream(SSLSocket.java:257)
         at com.sap.engine.core.manipulator.TCPRunnableConnection.init(TCPRunnableConnection.java:324)
         at com.sap.engine.core.manipulator.TCPRunnableConnection.run(TCPRunnableConnection.java:524)
         at com.sap.engine.frame.core.thread.Task.run(Task.java:64)
         at com.sap.engine.core.thread.impl6.SingleThread.execute(SingleThread.java:78)
         at com.sap.engine.core.thread.impl6.SingleThread.run(SingleThread.java:148)
    , Info ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:535 , ssl_debug(71): Shutting down SSL layer... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:535 , ssl_debug(71): Sending alert: Alert Fatal: handshake failure , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:535 , ssl_debug(71): IOException while handshaking: Connection closed by remote host. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Sending server_hello_done handshake message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Sending certificate_request handshake message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Sending certificate handshake message with server certificate... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Selecting CompressionMethod: NULL , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Sending server_hello handshake message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): NULL , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): CompressionMethods supported by the client: , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_DHE_DSS_WITH_DES_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_EXPORT_WITH_RC4_40_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_EXPORT1024_WITH_RC4_56_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_WITH_DES_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_WITH_3DES_EDE_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_WITH_RC4_128_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_WITH_RC4_128_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): CipherSuites supported by the client: , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Creating new session 65:0B:55:9C:7D:29:83:F8... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Client requested SSL version 3.0, selecting version 3.0. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Received v2 client hello message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Starting handshake (iSaSiLk 3.06)... , Debug ,  , com.sap.engine.services.ssl ,  ,
    Regards,
    Atif Mukhtar

    Atif,
    Did you get a solution to the problem you were having? We have a similar problem.
    Thanks,
    Dave

  • Certificate problem / STRUST

    Hi everybody
    I tired to setup a HTTPs connection. Therefore I maintain a HTTP destination (Type G) under SM59. Under STRUST I imported the certificate. I expected now to be able to assign the certificate under SM59 to my HTTP connection under SSL Client Certificate. Am I right? But I cannot choose the imported certificate!?!
    If I test the connection, I get the message "Create failed: Argument not found".
    I also recognized that I perhaps do not have the SAPCryptolib. Is this needed??
    Any help is apriciated!!
    Thanks Daniel

    Hi Sunita
    Thanks for your response. We already set this. There Error before occured, because we entered the libsapcrypto.so in the wrong folder and the system could not access it. We changed it and the service is now active under ICM. We currently faceing the folowing problems:
    A test under SM59 of the HTTPS connection returned the error ICM_HTTP_CONNECTION_FAILED and the Trace file in the ICM returned for it NIECONN_REFUSED.
    On the other side we try to use a certificate in the SM59 for HTTPS connection. We imported the Certificate under STRUST under all trees : SYSTEM PSE , SMC  (SAPCryptolib), SSLServer, SSL Client (Anonymous) and SSL Client(Standard). The Question here is how can we link now the connection under SM59 to the relevant Certificate???
    Thanks in advance
    Oliver

  • Accepting runtime-specified SSL certificates in WebLogic 11g

    Hi all!
    In our application we need to call several Web Servervices based on URL's and trusted SSL certificates that are stored in database. Those certificates are self-signed but we cannot add them in the WebLogic truststore (we only want to accept them for those specific web service calls). This is 2-way SSL but our server refuses the remote certificate.
    What is the right way to do this?
    In WebLogic 10g we used to do the following:
        WlsSSLAdapter adapter = new WlsSSLAdapter();
        try {
            // setup for client certificate
            adapter.setKeystore(…);
            adapter.setClientCert(…);
            // setup for accepting the remote certificate
            adapter.setTrustManager(new TrustManager() {
                @Override
                public boolean certificateCallback(X509Certificate[] paramArrayOfX509Certificate, int paramInt) {
                    return paramArrayOfX509Certificate[0] == expectedCertificate;
        } catch (Exception e) {
            throw new RuntimeException(e);
        ((weblogic.wsee.jaxrpc.StubImpl) servicePort)._setProperty(weblogic.wsee.jaxrpc.WLStub.SSL_ADAPTER, adapter);However in WebLogic 11g it appears that even if the <tt>TrustManager</tt> is called (which we checked by using a debugger), WebLogic refuses the certificate:
    <validationCallback: validateErr = 16>
    <  cert[0] = Serial number: 9232073310112809071929676484517784211
        Issuer:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=mestoudi2
        Subject:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=mestoudi2
        Not Valid Before:Tue Nov 01 14:33:31 CET 2011
        Not Valid After:Sun Nov 02 14:33:31 CET 2031
        Signature Algorithm:MD5withRSA
        >
    <weblogic user specified trustmanager validation status 16>
    <Certificate chain received from mestoudi2 - 10.142.0.23 was not trusted causing SSL handshake failure.>
    <Validation error = 16>
    <Certificate chain is untrusted>
    <SSLTrustValidator returns: 16>
    <Trust status (16):  CERT_CHAIN_UNTRUSTED>
    <NEW ALERT with Severity: FATAL, Type: 42
        java.lang.Exception: New alert stack
          at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
          at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
    …I think the first difference occurs on the line "+weblogic user specified trustmanager validation status 16+" where in WebLogic 10g the value was 0 instead of 16.
    If we check "Use JSSE SSL" in the WebLogic administration console (which switches the implementation to com.sun.net.ssl instead of com.certicom.tls), the <tt>TrustManager</tt> is not called at all.
    We also tried to configure the <tt>TrustManager</tt> by implementing a <tt>javax.net.ssl.X509TrustManager</tt> that we set on a <tt>weblogic.wsee.connection.transport.https.HttpsTransportInfo</tt> passed to the stub using
    ((weblogic.wsee.jaxrpc.StubImpl) servicePort)._setProperty(TRANSPORT_INFO, transportInfo);But it is not called either – however it works for setting up a proxy for example. We are generating the stubs using the clientgen Ant task (<tt>weblogic.wsee.tools.anttasks.ClientGenTask</tt>).
    We are a little bit stuck, any idea of what we should do? Is the WebLogic 11g behavior a regression or is there something else we should configure to get back the old behavior?

    Hello,
    Weblogic has two keystores : identity (if you are doing 2 ways SSL) and trust. you should import your "external" certificate in the "trust" key store.
    look at your server config to know your config : Home >Summary of Servers >AdminServer-->configuration-->keystore
    I suggest that you change the default configuration (not using the demo one),
    then when you know where is yo key store use the command line to add your certificate to trusted store (this is a example) :
    opt/weblogic10_3_3/jdk160_18/jre/bin/keytool -import -noprompt -trustcacerts -alias BLCCertificateAuthority -file cacert2035.pem -keystore /opt/weblogic10_3_3/jdk160_18/jre/lib/security/cacerts
    once your certificated is added to your trust store it should work.
    I hope it will help.

  • Expert advice needed: Why could I not connect to my own server after deletion of SSL certificate?

    Issue: Could not connect to my own server after deletion of SSL certificate despite having SSL disabled
    Hello,
    I admit I am lay user with rudimentary SSL knowledge and I therefore messed up my certificates and I could no longer access my own server (Wikis, WebDav, Device Manager) with Safari. (error: Safari can't connect to server)
    Eventually, I could resolve the problem but I do not understand why there was problem in the first place.
    Maybe someone can explain that to me ?
    OK, here is what I did:
    I created a Certificate Authority because I wanted to use a free SSL Server certificate for our private server.
    (I followed  http://www.techrepublic.com/blog/mac/create-your-own-ssl-ca-with-the-os-x-keycha in/388 )
    Despite several attempts I never got the server to accept the certificate for web services, the certificate was accepted for iCal, Mail and iChat but not for Web services. I tested an older certificate that was created when I set up the server and that that worked for all services incl. Web. So the problem was with my certificate only.
    Out of desperation and lack of concentration I deleted the "original" certificate.
    Now, I soon noticed that I could no longer log in to my server. I solved the problem by restoring the original certificate.
    My question:
    I had SSL disabled in the Server app settings. Why does Safari still look for a proper certicate ? (the server logfile had an entry that a .pem file could not be found which makes sense if the cert has been deleted)
    I would be very grateful for an expert advice.
    Regards,
    Twistan

    Because....
    the server does not have a 'trusted' certificate assigned to it.
    Only the RDP Gateway has the trusted certificate for the external name.
    If you want to remove that error, you have to do one of the following:
    Make sure your domain uses a public top level domaim, and get a public trusted certificate for your server.
    So, something like,
    server.domain.publicdomain.com
    Or,
    Install that certificate on your remote computer so it is trusted.
    Robert Pearman SBS MVP
    itauthority.co.uk |
    Title(Required)
    Facebook |
    Twitter |
    Linked in |
    Google+

  • Can't find SSL certificate in SQL server configuration manager?

    Hi 
    It's been 2 days and I need a help. I have visited a number of sites and I still can't make it work
    Two severs I have: Windows 2012 Standard with SQL 2008 R2 and SQL 2012 
    I am trying to set it up on SQL 2008 R2 right now. 
    I have a certificate from a CA and did the followings.
    1. Open MMC
    2. Add Certificates Snap-in as a computer account (In fact, I tried all the three accounts)
    3. Right click-on Personal folder and All taks and Import 
    4. Installed the certificate with Certificate import Wizard
    5. The certificate shows up under Personal/Certificates and Trusted Root Certification Authorities/Certificates
    I did this with a local administrator account as well as MSSQL account(SQL Server service account I created). Even though the server is part of domain, SQL server is set up with local accounts. 
    This is a simply summary. I tried everything in the article such as 'Create Custom Request'. 
    I am not sure what I am missing. Why can't I see the certificate in SQL Server configuration manager? 
    I even made MSSQL (service account) as administrator. Not working.  
    as I am not using the domain service account, I believe below is not relevant. 
    Missing detail on "Install a certificate in the Windows certificate store..."
    When following recommended security procedures and running SQL server under a domain service account, the service will fail to start after assigning a certificate to the protocols.  This is because the service account does not have permissions to read
    the private key.  Fix this in the Certificates MMC snap-in (preferably right after installing the certificate.)  Select the certificate you just imported, then in the Action menu select "Manage private keys."  Grant the domain service
    account read access to the private key of the server certificate.
    Below is the few of reference I looked at.. 
    https://support.microsoft.com/en-us/kb/316898/
    https://msdn.microsoft.com/en-us/library/ms191192(d=printer).aspx
    https://technet.microsoft.com/en-us/library/ms189067(v=sql.105).aspx
    http://www.mssqltips.com/sqlservertip/3299/how-to-configure-ssl-encryption-in-sql-
    http://blogs.msdn.com/b/sqlserverfaq/archive/2010/05/28/inf-permissions-required-for-sql-server-service-account-to-use-ssl-certificate.aspx

    Hi Dinesh 
    Thanks for the reply. 
    I did looked into the both sites as well. but it did not work. 
    Below is the step to install SQLs server certificate. and I was stuck with Step 9. when click 'next' in the wizard, I am not getting into a place to select 'computer' as certificate type. 
    Do you know what is wrong please? 
    Open the Microsoft Management Console (MMC): click Start, then click Run and in the Run dialog box type: MMC
    On the File menu, click Add/Remove Snap-in...
    Select Certificates, click Add.
    You are prompted to open the snap-in for your user account, the service account, or the computer account. Select the Computer Account.
    Select Local computer, and then click Finish.
    Click OK in the Add/Remove Snap-in dialog box.
    Click to select the Personal folder in the left-hand pane.
    Right-click in the right-hand pane, point to All Tasks, and then click Request New Certificate...
    Click Next in the Certificate Request Wizard dialog box. Select certificate type 'Computer'.
    You can enter a friendly name in text box if you want or leave it blank, then complete the wizard.
    Now you should see the certificate in the folder with the fully qualified computer domain name

  • Minimum ssl certificate type

    We run webaccess and currently self-sign. This of course
    results in a warning for our users (employees). I am
    looking at getting an ssl certificate but don't know which
    type is needed. Seems like most certificate authorities
    have a quickie ssl which requires very little verification
    and a standard ssl which requires more information. I don't
    need an EV certificate.
    So, can I get by with the cheapest certificate to avoid the
    warning message??
    Chris

    It really depends on what Windows and/or the browser recognizes as a trusted CA. We use Trustwave certs for our WA SSL. Windows and IE trusts them, though Firefox doesn't seem to. However, at least Firefox can always trust it, unlike Win/IE.
    We used Verisign initially, and they were around $2k for a 3-year cert. Trustwave was about $200 for the same. So we switched and haven't looked back. We also have several other webapps that use Trustwave certs.
    HTH,
    Aaron

  • SSL certificates not visible while RFC destination creation

    Hi all,
    I am setting up an RFC destination to connect to external server and which uses SSL certificates for its authorization.
    So i have imported the Client certificates into STRUST.
    While setting up an RFC connection of type G, in the security tab when we select the SSL security certificate radio button, will we be able to see the certificates(in the combo box) that we have imported in STRUST.
    Currently, though i have imported the Client certificates into STRUST, i am not able to see them in the SS security certificates combo box.
    Kindly help me out.
    Cheers,
    Siva Maranani.

    Well, first of all we should avoid confusion by using the term "<i>ABAP destination</i>" rather than "<i>RFC destination</i>" (although ABAP transaction SM59 still has this old title).
    When referring to an "ABAP destination of type G" we are talking of an outbound http connection to a non-ABAP server (e.g. an SAP J2EE server or any other http server).
    I'm not sure whether you are aware that in this context "<i>SSL client certificate</i>" refers to the ABAP <u>system</u> (which is the SSL client in this scenario). This is different from scenarios where "X.509 client certificate" refers to a certificate which is assigned to an individual <u>user</u> (using a web browser). <b>In the given scenarios, where two systems are the communication peers, SSL cannot be used for user authentication.</b> That fact is often misunderstood.
    By default you'll find 3 different SSL certificates (actually: PSEs) in an ABAP system (which can be used only after enabling SSL, of course - see note 510007 for instructions):
      - SSL Server
      - SSL Client (anonymous)
      - SSL Client (Default)
    Well, the "<i>SSL Client (anonymous)</i>" is actually not really a "client certificate" but used for outgoing http requests where you do not intend to send your own SSL client certificate. Since you cannot use the server's SSL client certificates for user authentication it might make sense to use "<i>SSL Client (anonymous)</i>" is most cases.
    Please notice: you have to add the server's SSL certificate (respectively the root CA certificate and potentially intermediate CA certificates) to the certificate list of the "<i>SSL Client (anonymous)</i>" PSE (using STRUST). By default, that list is empty - consequently no SSL server certificate is trusted (in contrast to a web browser which is already shipped with a long list of "trusted CAs").
    Only when the (remote) server demands SSL client certificates it might make sense to use either "<i>SSL Client (Default)</i>" or to define a new SSL client certificate (for the ABAP system that submits the https request).
    Please notice:
    SSL client certificates need to be issued by an Certification Authority (CA) in order to be accepted by the SSL server.
    In addition to importing the SSL server's certificate to the certificate list of the SSL client PSE (see above: <i>anonymous SSL client</i>) you also need to export the root CA certificate (and potentially all intermediate CA certificates) of the SSL client certificate and import it to the (remote) SSL server's keystore (kindly refer to the manuals of that server for instructions).
    Kind regards, Wolfgang
    PS: I assume that you have imported some certificates to the certificate list of a SSL client PSE. In SM59 only those SSL client PSEs are listed: "<i>SSL Client (anonymous)</i>", "<i>SSL Client (Default)</i>" and all SSL client PSEs that you might have defined in addition (using transaction STRUST => <i>Environment</i> => <i>SSL Client Identities</i>).

  • Changing SSL certificate for ICM

    Hello,
    I'd like to change SSL certificate for ICM service. I've change it in STRUST, but when I run web browser, server sends old one. IT is very odd, that ICM still works after deleteing all "SSL Server" certificates in STRUST. I tried to restart whole SAP system, but it did not help.
    Is there any possibility to change working certificate? What should I do to make such change?

    > I often use transaction SMICM -> Administration -> ICM -> Exit soft to restart only the ICM without interrupting the whole SAP system.
    > You should increase the ICM trace level, restart it and look at the trace file to try to find out what's wrong.
    OK, ICM runs properly now. I have no idea why, as I did not change anything. Maybe "soft restart" invoked few times helped.
    > Of course. In my company we use our own internal CA for intranet use and Verisign for internet use.
    > (for internet use the certificate in on the reverse proxy in the DMZ).
    Here I've got another problem.
    I've started with something simple. STRUST->SSL server->Create Certificate Request. My CA has signed this request. Now, when I'm trying to install signed certificate, I got an error "Cannot import certificate response".
    As my CA is not signed by any well known CA e.g. VeriSign), I've added my CAs certificate to SAP database (as root CA and server CA), butit did not help.
    In SSL server, I've got "(self signed)" below "own certif." field and I cannot change it
    If it's not a big problem, could you write down, what should I do to install external SSL certificate signed by not well-known CA.
    Many thanks for your help,
    regards,
    Konrad

  • HTTPS SSL Certificate Signed using Weak Hashing Algorithm

    I am support one client for,  whom falls under Security  scans mandatory for new implementation of ASA 5520 device .  The client uses Nessus Scan and  the test results are attached
    The Nessus scanner hit on 1 Medium vulnerabilities, Could you pls review the statement and provide work around for the same.
    Nessus Scanner reports
    Medium Severity Vulnerability
    Port : https (443/tcp)
    Issue:
    SSL Certificate Signed using Weak Hashing  Algorithm
    Synopsis :
    The SSL certificate has been signed using  a weak hash algorithm.
    Description :
    The remote service uses an  SSL certificate that has been signed using
    a cryptographically weak hashing  algorithm - MD2, MD4, or MD5. These
    signature algorithms are known to be  vulnerable to collision attacks.
    In theory, a determined attacker may be  able to leverage this weakness
    to generate another certificate with the same  digital signature, which
    could allow him to masquerade as the affected  service.
    See also :
    http://tools.ietf.org/html/rfc3279
    http://www.phreedom.org/research/rogue-ca/
    http://www.microsoft.com/technet/security/advisory/961509.mspx
    http://www.kb.cert.org/vuls/id/836068
    Solution :
    Contact the Certificate Authority to have the certificate  reissued.
    Plugin Output :
    Here is the service's SSL certificate  :
    Subject Name:
    Common Name: xxxxxxxxxx
    Issuer Name:
    Common Name: xxxxxxxxxx
    Serial Number: D8 2E 56 4E
    Version: 3
    Signature Algorithm: MD5 With RSA  Encryption
    Not Valid Before: Aug 25 11:15:36 2011 GMT
    Not Valid After:  Aug 22 11:15:36 2021 GMT
    Public Key Info:
    Algorithm: RSA  Encryption
    Public Key: 00 AA AB 57 9C 74 FF E9 FB 68 E1 BF 69 90 8E D2 65 7F  DF 40
    D6 F6 29 E7 35 5E 16 FB 76 AA 03 3F 47 07 5A D0 6D 07 E0 EC
    06 7E  D4 9A 43 C6 B3 A6 93 B7 76 CC 58 31 25 36 98 04 30 E6
    77 56 D7 C3 EE EF 7A  79 21 5E A0 78 9B F6 1B C5 E6 2A 10 B5
    CB 90 3D 6D 7C A0 8D B1 B8 76 61 7F  E2 D1 00 45 E2 A1 C7 9F
    57 00 37 60 27 E1 56 2A 83 F5 0E 48 36 CC 61 85 59  54 0C CB
    78 82 FB 50 17 CB 7D CD 15
    Exponent: 01 00 01
    Signature: 00 24 51 24 25 47 62 30 73 95 37 C4 71 7E BD E4 95 68 76 35
    2E AF 2B 4A 23 EE 15 AF E9 09 93 3F 02 BB F8 45 00 A1 12 A9
    F7 5A 0C E8  4D DB AE 92 70 E4 4C 24 10 58 6B A9 87 E1 F0 12
    AE 12 18 E8 AB DF B9 02 F7  DA BE 3C 45 02 C4 1E 81 44 C2 74
    25 A2 81 E7 D6 38 ED B9 66 4C 4A 17 AC E3  05 1A 01 14 88 23
    E8 9F 3B 5C C5 B8 13 97 27 17 C3 02 5F 6E 7C DB 4C D3 65  B5
    C5 FC 94 62 59 04 E7 7E FB
    CVE :
    CVE-2004-2761
    BID :
    BID 11849
    BID  33065
    Other References :
    OSVDB:45106
    OSVDB:45108
    OSVDB:45127
    CWE:310
    Nessus Plugin ID  :
    35291
    VulnDB ID:
    69469
    and try with configure the ssl encryption method with " ssl encryption 3des-sha1 aes128-sha1 aes256-sha1 rc4-md5" but it throws the same issue.
    Here is ASA log
    7|Oct 19 2011 01:59:34|725010: Device supports the following 4 cipher(s).
    7|Oct 19 2011 01:59:34|725011: Cipher[1] : DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[2] : AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[3] : AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[4] : RC4-MD5
    7|Oct 19 2011 01:59:34|725008: SSL client production:xxxxxxxxx/2587 proposes the following 26 cipher(s).
    7|Oct 19 2011 01:59:34|725011: Cipher[1] : ADH-AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[2] : DHE-RSA-AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[3] : DHE-DSS-AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[4] : AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[5] : ADH-AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[6] : DHE-RSA-AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[7] : DHE-DSS-AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[8] : AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[9] : ADH-DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[10] : ADH-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[11] : EXP-ADH-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[12] : ADH-RC4-MD5
    7|Oct 19 2011 01:59:34|725011: Cipher[13] : EXP-ADH-RC4-MD5
    7|Oct 19 2011 01:59:34|725011: Cipher[14] : EDH-RSA-DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[15] : EDH-RSA-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[16] : EXP-EDH-RSA-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[17] : EDH-DSS-DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[18] : EDH-DSS-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[19] : EXP-EDH-DSS-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[20] : DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[21] : DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[22] : EXP-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[23] : EXP-RC2-CBC-MD5
    7|Oct 19 2011 01:59:34|725011: Cipher[24] : RC4-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[25] : RC4-MD5
    7|Oct 19 2011 01:59:34|725011: Cipher[26] : EXP-RC4-MD5
    7|Oct 19 2011 01:59:34|725012: Device chooses cipher : DES-CBC3-SHA for the SSL session with client production:xxxxxxxx/2586
    6|Oct 19 2011 01:59:34|725002: Device completed SSL handshake with client production:xxxxxxxxx/2586
    6|Oct 19 2011 01:59:34|725007: SSL session with client production:xxxxxxxx/2586 terminated.
    6|Oct 19 2011 01:59:34|302014: Teardown TCP connection 3201 for production:xxxxxxx/2586 to identity:xxxxxx/443 duration 0:00:00 bytes 758 TCP Reset-I
    6|Oct 19 2011 01:59:34|302013: Built inbound TCP connection 3202 for production:xxxxxxxxxxx/2587 (xxxxxxxxx/2587) to identity:xxxxxx/443 (xxxxxxx/443)
    6|Oct 19 2011 01:59:34|725001: Starting SSL handshake with client production:xxxxxxxxxxx/2587 for TLSv1 session.
    7|Oct 19 2011 01:59:34|725010: Device supports the following 4 cipher(s).
    7|Oct 19 2011 01:59:34|725011: Cipher[1] : DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[2] : AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[3] : AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[4] : RC4-MD5
    7|Oct 19 2011 01:59:34|725008: SSL client production:xxxxxxxxx/2587 proposes the following 26 cipher(s).
    7|Oct 19 2011 01:59:34|725011: Cipher[1] : ADH-AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[2] : DHE-RSA-AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[3] : DHE-DSS-AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[4] : AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[5] : ADH-AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[6] : DHE-RSA-AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[7] : DHE-DSS-AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[8] : AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[9] : ADH-DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[10] : ADH-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[11] : EXP-ADH-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[12] : ADH-RC4-MD5
    7|Oct 19 2011 01:59:34|725011: Cipher[13] : EXP-ADH-RC4-MD5
    7|Oct 19 2011 01:59:34|725011: Cipher[14] : EDH-RSA-DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[15] : EDH-RSA-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[16] : EXP-EDH-RSA-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[17] : EDH-DSS-DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[18] : EDH-DSS-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[19] : EXP-EDH-DSS-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[20] : DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[21] : DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[22] : EXP-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[23] : EXP-RC2-CBC-MD5
    7|Oct 19 2011 01:59:34|725011: Cipher[24] : RC4-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[25] : RC4-MD5
    7|Oct 19 2011 01:59:34|725011: Cipher[26] : EXP-RC4-MD5
    7|Oct 19 2011 01:59:34|725012: Device chooses cipher : DES-CBC3-SHA for the SSL session with client production:xxxxxxxxxx/2587
    6|Oct 19 2011 01:59:34|725002: Device completed SSL handshake with client production:xxxxxxxxx/2587
    H

    Hi Ramkumar,
    The report is complaining that the Certificate Authority who signed the ID certificate presented by the ASA used a weak hashing algorithm. First, you need to determine who signed the certificate.
    If the certificate is self-signed by the ASA, you can generate a new certificate and use SHA1 as the hashing algorithm. To do this, the ASA needs to be running a software version that is at least 8.2(4) (8.3 and 8.4 software also support SHA1).
    If the certificate is signed by an external CA, you need to contact them and ask them to sign a new certificate for you using SHA instead of MD5.
    The links you posted have more information on this as well. Hope that helps.
    -Mike

  • Installing SSL certificate Windows Server 2012R2 RDSH servers

    Hello,
    I'm currently in the final fase of installing an functional Remote Desktop (Windows Server 2012R2) environment. The only problem i have, which i try to complete several days now without any luck, is the installation of our WildCard SSL certificate on de
    Remote Desktop Session Host servers (farm).
    We have 1 gateway server which is also the connection broker. On this server i have installed (using the Deployment Properties of the Session Collection) the certificate on all available levels. But still, when i try to connect to our Remote Desktop Servers
    i get the automatically created certificate from the Remote Desktop Session Host servers. The certificate works for all the other functions (gateway etc.)
    The servers are joined to the domain, and the wildcard certificate = *.zon-ict.nl.
    Below the screenshot of the deployment settings.
    Can someone point me in the right direction for installing the certificate on the RDSH servers?

    Hi,
    Thank you for posting in Windows Server Forum.
    Basic requirements for Remote Desktop certificates:
    1. The certificate is installed into computer’s “Personal” certificate store. 
    2. The certificate has a corresponding private key. 
    3. The "Enhanced Key Usage" extension has a value of either "Server Authentication" or "Remote Desktop Authentication" (1.3.6.1.4.1.311.54.1.2). Certificates with no "Enhanced Key Usage" extension can be used as well. 
    Please follow beneath article for details.
    Certificate Requirements for Windows 2008 R2 and Windows 2012 Remote Desktop Services
    http://blogs.technet.com/b/askperf/archive/2014/01/24/certificate-requirements-for-windows-2008-r2-and-windows-2012-remote-desktop-services.aspx
    Hope it helps!
    Thanks.
    Dharmesh Solanki

  • Office Web Apps Server SSL Certificate

    Hi
    I am deploying Office Web App Server for Integration with Lync 2013. I opted for secure communication with SSL Certificate. I want this server available to internal and external users.
    I am little confused over CA for Issuance of SSL Certificate. On most of the forums, I found SSL Certificate to be issued by Internal CA. If so, will this also work for external users?
    If not, then plz guide me for Generating Certificate Request on Office Web App Server to be submitted to External CA for Issuance of Certificate.
    Regards.

    Hi,
    Thanks for your posting in this forum.
    I have moved this thread in Lync Server 2013-Management, Planning, and Deployment forum for more dedicated support.
    Thanks for your understanding.
    Best Regards,
    Wendy
    Wendy Li
    TechNet Community Support

Maybe you are looking for

  • My Bill is not prorated

    A month and a half ago, I decided that I did not want to be a customer of Verizon anymore. I decided to port my number to AT&T, since it was in the middle of the month I wanted to make sure that I would not be charged for the rest of the month. Since

  • Side B PGs Not Active

    Hi all, we have a customer with UCCE 8.0.2, we are facing an issue that at Side-B Router Ccagnet process it shows "inservice" status but doesn't show any PG out of 3 configured and when we check the CCM PG and VRUPG  status it shows "Not Active". Eve

  • Issue with and characters in the xsl

    We are using SOA process to invoke a third party web service, which basically takes input payload and pass that to other service as a string by keeping that in CDATA. Third-party web service is giving an error if we pass < and > instead of < and > sy

  • 1099 reporting in ECC 6

    We recently upgraded from ECC 5 to ECC6.  I've noticed that there are some minor changes to the 1099 reporting program (RFIDYYWT).  I've looked for some documentation explaining the differences but have not had any luck.  Does anyone know where there

  • Scope structured activity in JDeveloper/BPEL Process

    well, I am quite using Jdeveloper for createing BPEL process with scope activity and without. Now under what conditions ideally one should go for scope activity ? Is it similar to methods in Java ? and variables we declare inside this scope are visib