Sievefilter over SSL (port 443)

Does anybody know how i can get sievefilter to work if i use SSL? I have installed the sievefilter function and it works fine over http but the server will not display the sievefilters when i'm using https. Why?

Sieve filters settings work through iDA, not webmail. You have to turn ssl on for that web server, too.

Similar Messages

  • Error with default SSL port (443) on Solaris

    Hi all
    I would like to config default SSL port 443 on Solaris but I found this error. What is the problem?
    I use WebLogic 8.1 sp3
    SSL port : 443
    Unable to create a server socket on Channel Default for port: 443. java.net.BindException: Permission denied Perhaps another process is using port 443
    I dont sure about permission. How can I do?

    Oh I can use root start weblogic and I can use 443 port, but when I use other users. I can't use 443 port

  • Custom sig: Non-SSL over SSL port

    I am trying to build a custom signature for detecting non-SSL traffic on a specific SSL port (let's say tcp/443). This has to do with CONNECT tunnels through an HTTP proxy. Conceptually, it's not a complicated idea. Whether or not it can technically be done effectively with the Cisco IPS I don't know.
    It seems that very early in every SSL connection, there is an SSL "client hello" message(SYN,SYN/ACK,ACK,CLIENT HELLO). There are two relevant record formats, SSLv2 and SSLv2/TLS. I would like to create a signature that fires when it DOES NOT see the client hello message very early in a given TCP session. I would want the signature to only need to check the very first n packets of any given TCP session (n = max size of connection establishment + max size of client hello packet). Has anyone created such a beast or willing to help? Here are a couple packets.
    SSLv3 Client Hello
    0000 00 00 5e 00 01 67 00 a0 8e 82 ec 5d 08 00 45 00 ..^..g.....]..E.
    0010 00 8e 33 b8 40 00 3e 06 94 16 ce c3 c3 6c 40 22 ..3.@.>......l@"
    0020 a2 49 58 27 01 bb b7 42 c6 92 fd 36 a3 d1 50 18 .IX'...B...6..P.
    0030 44 70 08 e2 00 00 16 03 00 00 61 01 00 00 5d 03 Dp........a...].
    0040 00 44 5f 9a 77 69 49 5a 85 52 a0 96 38 b3 b4 15 .D_.wiIZ.R..8...
    0050 8f db f2 0f c9 0e ea 10 f5 69 39 8c 58 87 e5 33 .........i9.X..3
    0060 70 20 ba 06 1e 3f d4 4e 3c d0 de a8 ea 4e a3 7f p ...?.N<....N..
    0070 0f 07 fd 5f 88 07 17 ef 50 ce 6b cf 10 e3 84 99 ..._....P.k.....
    0080 04 a2 00 16 00 04 00 05 00 0a 00 09 00 64 00 62 .............d.b
    0090 00 03 00 06 00 13 00 12 00 63 01 00 .........c..
    TLSv1 Client Hello
    0000 00 0f 20 6c 99 8b 00 a0 8e 82 c4 c1 08 00 45 00 .. l..........E.
    0010 00 96 a2 89 40 00 7f 06 32 b3 ce c3 c2 29 ce c3 [email protected]....)..
    0020 c6 74 0d 13 01 bb 38 17 d5 89 98 0f fc 73 50 18 .t....8......sP.
    0030 44 70 6c 75 00 00 16 03 01 00 69 01 00 00 65 03 Dplu......i...e.
    0040 01 44 5f 9a 84 8a 94 ab f3 78 e7 b1 c9 ca 04 34 .D_......x.....4
    0050 3b 95 1b 86 51 05 5f ac 9d a0 b0 69 fe 0c 27 e5 ;...Q._....i..'.
    0060 9c 20 78 08 00 00 ce c3 c2 29 58 58 58 58 58 58 . x......)XXXXXX
    0070 58 58 58 58 58 58 58 58 58 58 48 9a 5f 44 8c 4b XXXXXXXXXXH._D.K
    0080 05 00 00 1e 00 04 00 05 00 2f 00 33 00 32 00 0a ........./.3.2..
    0090 00 16 00 13 00 09 00 15 00 12 00 03 00 08 00 14 ................
    00a0 00 11 01 00 ....
    SSLv2 Client Hello
    0000 00 00 5e 00 01 67 00 a0 8e 82 ec 5d 08 00 45 00 ..^..g.....]..E.
    0010 00 82 fb a7 40 00 3e 06 cf 32 ce c3 c3 6c 9f 35 ....@.>..2...l.5
    0020 40 36 58 6d 01 bb b7 78 06 1b cd e2 e2 3d 80 18 @6Xm...x.....=..
    0030 44 70 47 6b 00 00 01 01 08 0a 31 fd f9 51 00 00 DpGk......1..Q..
    0040 00 00 80 4c 01 03 00 00 33 00 00 00 10 00 00 04 ...L....3.......
    0050 00 00 05 00 00 0a 01 00 80 07 00 c0 03 00 80 00 ................
    0060 00 09 06 00 40 00 00 64 00 00 62 00 00 03 00 00 [email protected].....
    0070 06 02 00 80 04 00 80 00 00 13 00 00 12 00 00 63 ...............c
    0080 7b af 57 75 f8 a9 72 54 23 29 32 50 bf ef 1e a9 {.Wu..rT#)2P....

    Hi mhellman:
    I can see 3 difficulties with this kind of sign.
    1) To determine the order of the packets.
    2) To determine that happen at the very begining of the conection
    3) fire when the traffic doesn't match with the signature.
    The difficulty number 3, I think, is imposible to resolve because the sensor can compare the trafic with a well defined pattern and fire when it match, but not when it doen't.
    The difficult number 2
    You need a kind of state signature because this can be classified like a machine state (first three way handshake, then hello packet) but I can't see fields in the state engine that help in this case.
    The difficult number 1 could be resolved by a Meta signature.
    You will need to create an a custom atomic signature for the syn packet, another for the syn ack, another to ack, and the last one for hellow packet.
    Then create a meta signature and add the fourth atomic singatures whith a strict order.
    but guess what...
    Meta signature doesn't permit custom signatures.
    I think this kind of signature is imposible to write.
    But I'd try.
    Regards
    Alberto Giorgi from spain.

  • How do i temporarily disable TLS/SSL port 443 going to server on CSS

    We are having issues with truncating packets that go through the CSS
    I did a capture after the CSS and there is truncation............however i cant read it before the since everything is encrypted.
    They hit vip address 172.20.120.16. on the CSS and get redirected to 2 servers depening on what the url says
    They server team would like to turn it off just to test..i tried removing
    "add service ARR-public-ssl" from the contetn below and we lost http and https to the server
    so in essence i want to try and turn the 443 connection to a port 80---than it goes to port 7777 backend to 172.20.212.6
    content BYE-WEB-SSL
       vip address 172.20.120.16
       protocol tcp
       port 443
       advanced-balance ssl
       application ssl
       add service ARR-public-ssl
       active
    ssl-server 40
    ssl-server 40 rsacert byetest
    ssl-server 40 vip address 172.20.120.16
    ssl-server 40 cipher rsa-with-rc4-128-sha 172.20.120.17 80
    ssl-server 40 cipher rsa-with-rc4-128-md5 172.20.120.17 80
    ssl-server 40 urlrewrite 1 *
    ssl-server 40 cipher rsa-with-3des-ede-cbc-sha 172.20.120.17 80
    ssl-server 40 rsakey byekey
    backend-server 50
    backend-server 50 type initiation
    backend-server 50 server-ip 69.xxx.xxx.xxx
    backend-server 50 ip address 69.xxx.181.xxx
    backend-server 50 rsacert byetest
    backend-server 50 rsakey byekey
    active
    !************************** SERVICE **************************
    service TIE-SSLINIT
      protocol tcp
      ip address 69.xxx.xxx.xxx
      keepalive type tcp
      keepalive port 443
      slot 2
      type ssl-init
      add ssl-proxy-list HR-SSL
      active
    owner PublicBYE
      content BYE-WEB-ARRR
        vip address 172.20.120.17
        protocol tcp
        port 80
        url "/arr*"
        advanced-balance arrowpoint-cookie
        balance aca
        arpt-lct http-100-reinsert
        add service BYE-ods-web1
        active
      content BY-WEB-TIX
        protocol tcp
        port 80
        url "/tix*"
        advanced-balance arrowpoint-cookie
        balance aca
        arpt-lct http-100-reinsert
        add service BYE-ods-web2
        vip address 172.20.120.17
        active
      content BYE-WEB-TIX-CLEARTEXT
        add service TIX-SSLINIT
        vip address 172.20.120.19
        protocol tcp
        port 80
        active
    content BYE-WEB-Nav
      vip address 172.20.120.17
      protocol tcp
      port 80
      url "/na*"
      balance aca
      arpt-lct http-100-reinsert
      add service BYE-ods-web1
      active
    content BYE-WEB-SSL
      vip address 172.20.120.16
      protocol tcp
      port 443
      advanced-balance ssl
      application ssl
      add service ARR-public-ssl
      active
    service BYE-ds-web1-ssl
      ip address 172.20.212.5
      port 443
      keepalive type ssl
      active
    service BYE-ds-web2
      ip address 172.20.212.6
      port 7777
      keepalive port 7777
      keepalive type tcp
      active
    service BYE-ds-web2
      ip address 172.20.212.6
      port 7777
      keepalive port 7777
      keepalive type tcp
      active
    service BYEos-web2-ssl
      ip address 172.20.212.6
      port 443
      keepalive type ssl
      active

    CSS11506# sh ver
    Version:               sg0810205 (08.10.2.05)
    Flash (Locked):        08.10.1.06
    Flash (Operational):   08.10.2.05
    Type:                  PRIMARY
    Licensed Cmd Set(s):   Standard Feature Set
                           Secure Management
    Yeah..if done a packet trace before it hits the CSS and after......the only issue is that everything is engrypted before it hits the LB so i cant really read anythign....i did a pacet trace after the LB and on the Server itself its seems we get this
    I thought i saw some bug info from cisco but i cant tell if its related
    CSCsx05640—When you configure the CSS for a Layer 5 (L5) content rule and it receives an HTTP method POST with the HTTP header in one packet that is quickly followed by many packets of POST data or payload, it could fail to deliver all the data to the back-end server. The CSS Flow Manager (FM) application could incorrectly handle the POST and the data packet as a spanned content request and could cause the data to be mishandled. Workaround: Use less than 1-Gb connections in the network; a 100-Mb link does not exhibit this issue.
    As you can see after the content-length..........nothing comes across........sometimes addtional stuff will come in ...but usually nothing
    Is there a bug related to this on the CSS?
    POST /TIXX/DocumentRepository_Service HTTP/1.1
    Accept-Encoding: gzip,deflate
    Content-Type: application/soap+xml;charset=UTF-8;action="urn:ihe:iti:2007:ProvideAndRegisterDocumentSet-b"
    User-Agent: Jakarta Commons-HttpClient/3.1
    Host: www.xxxxxxxxxxxx.net
    Content-Length: 9044

  • NRM over SSL (port 8009) doesn't respond

    Netware 6 Sp5 box + post patches. This is an old box that I'm trying to migrate over to a VM by enabling iscsi and setting that up. I've done this with 6.5x without issue. Anyway, NRM will respond and function over http on port 8008 without issue. however, if i click the 'iSCSI Services" link at the bottom.. it throws an Unauthorized Access Denied error. After doing some digging online, someone said to try logging into NRM via SSL (port 8009) and it worked for him. Well, I'm unable to do that. When I try to access NRM over https/8009 the browser just spins and spins. I checked TCPCON and it appears that its listening on port 8009.. I telnet'd to port 8009 and it doesnt deny me.. but nothing comes up. I've done PKIDiags, httpstk /reset and re-loaded with /ssl /keyfile:"SSL CertificateIP" with no change. No errors with certificates that I can find
    Kind of out of ideas. Any out there still familiar with this? :)

    Originally Posted by AndersG
    Try unload httpstk, then load it
    http://www.novell.com/rms
    Have done that at least 100 times :) with /reset , etc. actually just figured out it works with Firefox, but not ie or chrome

  • OIM 9102 , AD Password Sync 91x, JBoss 423GA - issue over SSL port.

    Followed the steps describe in "Deploying the connector"
    http://download.oracle.com/docs/cd/E11223_01/doc.910/e11218/install_config.htm#insertedID0
    section
    Pre-Installation both SSL n non-SSL works for SPML verification.
    For JBoss Application Server:
    http://IP ADDRESS:8080/spmlws/services/HttpSoap11
    https://IP ADDRESS:8443/spmlws/services/HttpSoap11
    Post Installation - configured SSL.
    On AD machine logs following error message is displayed:
    MAX_RETRY LIMIT count is not updated: OIM is down
    Following meta-link ID 1073889.1
    https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&doctype=PROBLEM&id=1073889.1
    explains to verify 'oimhost and oimport' - oimhost is machine ip address ( AD machine is able to ping OIM machine through ip address and machine name )
    oimport is 8443
    Any suggestion.
    Or anyone previously successfully deployed password sync over SSL for OIM 9102 and AD Password sync 91x,
    as i found a similar thread in OTN forum where user had issues over SSL.

    Did anyone resolve this issue? I have the same running SSL Password Sync on OAS 10.1.3.4 and OIM 9.1.0.2 BP09a with AD 2003.
    Debug [7/8/2010 6:35:45 AM] oimport is
    Debug [7/8/2010 6:35:45 AM] 4443
    Debug [7/8/2010 6:35:45 AM]
    Debug [7/8/2010 6:35:45 AM] oimsslclient is
    Debug [7/8/2010 6:35:45 AM] nw-dc-01.nwocaland.nwoca.org
    Debug [7/8/2010 6:35:45 AM]
    Debug [7/8/2010 6:35:45 AM] oimuserattr is
    Debug [7/8/2010 6:35:45 AM] USR_UDF_SAM_ACCTNAME
    Debug [7/8/2010 6:35:45 AM]
    Debug [7/8/2010 6:35:45 AM] oimusessl is
    Debug [7/8/2010 6:35:45 AM] Y
    Debug [7/8/2010 6:35:45 AM]
    Debug [7/8/2010 6:35:45 AM] oimappservertype is
    Debug [7/8/2010 6:35:45 AM] 2
    Debug [7/8/2010 6:35:45 AM]
    Debug [7/8/2010 6:35:45 AM] End of sgsloidi::getConfigParamters
    Debug [7/8/2010 6:35:45 AM] Inside sgsloidi::setParameters
    Debug [7/8/2010 6:35:45 AM] The SOAP start element is
    Debug [7/8/2010 6:35:45 AM] <SPMLv2Document xmlns="http://xmlns.oracle.com/OIM/provisioning">
    Debug [7/8/2010 6:35:45 AM] The SOAP end element is
    Debug [7/8/2010 6:35:45 AM] </SPMLv2Document>
    Debug [7/8/2010 6:35:45 AM] The path is
    Debug [7/8/2010 6:35:45 AM] /spmlws/HttpSoap11
    Debug [7/8/2010 6:35:45 AM] End of sgsloidi::setParameters

  • How to set up iPhone 5 iOS 6 email with IMAP over SSL on a custom port?

    Basically I have the same problem as this guy 5 years ago but the thread contained no useful answer. Maybe there are people out there who became smarter in the meantime? Please help me out how to get my iPhone read emails via IMAP over SSL on a custom port to the corporate server. The issue is that the iPhone only seems to work if you use the standard 993 port for IMAPS, not with a custom port as we have. I've installed the corporate root certificate in a profile, and it shows up as trusted and verified in the phone, so that should not be the issue. The mail app in the iPhone tries to connect, I can verify that from the server, but then does nothing, doesn't try to authenticate, doesn't log out, nothing is going on, and then drops the connection after 60 seconds. Repeats this every 5 minutes (as set to fetch e-mail every 5 minutes.)
    Original thread 5 years ago: https://discussions.apple.com/message/8104869#8104869

    Solved it by some (a lot) of fiddling.
    Turns out it's not a bug in the iPhone, it's a feature.
    Here's how to make it work.
    DOVECOT
    If the IMAPS port is anything other than 933 (the traditional IMAPS port) the iPhone's Mail App takes the "Use SSL" setting on the IMAP server as 'TLS', meaning it starts the communication in plain text and then issues (tries to issue) the STARTTLS command to switch the connection to encrypted. If, however, Dovecot is set up to start right away in encrypted mode, the two cannot talk to each other. For whatever reason neither the server nor the client realizes the connection is broken and only a timeout ends their misery.
    More explanation about SSL/TLS in the Dovecot wiki: http://wiki2.dovecot.org/SSL
    So to make this work, you have to set Dovecot the following way. (Fyi, I run Dovecot 2.0.19, versions 1.* have a somewhat different config parameters list.)
    1. In the /etc/dovecot/conf.d/10-master.conf file make sure you specify the inet_listener imap and disable (set its port to 0) for imaps like this:
    service imap-login {
      inet_listener imap {
        port = --your port # here--
      inet_listener imaps {
        port = 0
        ssl = yes
    This of course enables unencrypted imap for all hackers of the universe so you quickly need to also do the things below.
    2. In the /etc/dovecot/conf.d/10-ssl.conf file, make sure you set (uncomment) the following:
    ssl = required
    This sets Dovecot to only serve content to the client after a STARTTLS command was issued and the connection is already encrypted.
    3. In /etc/dovecot/conf.d/10-auth.conf set
    disable_plaintext_auth = yes
    This prevents plain text password authentication before encryption (TLS) is turned on. If you have also set ssl=required as per step 2, that will prevent all other kinds of authentications too on an unencrypted connection.
    When debugging this, please note that if you connect from localhost (the same machine the server runs on) disable_plaintext_auth=yes has no effect, as localhost is considered secure. You have to connect from a remote machine to make sure plain text authentication is disabled.
    Don't forget service dovecot restart.
    To test if your setup works as it's supposed to, issue the following (green) from a remote machine (not localhost) (I'm using Ubuntu, but telnet and openssl is available for almost all platforms) and make sure Dovecot responds with something like below (purple):
    telnet your.host.name.here yourimapsportnumber
    * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED] Dovecot ready.
    Most importantly, make sure you see 'STARTTLS' and 'LOGINDISABLED'. Then issue STARTTLS and hopefully you see something like this:
    a STARTTLS
    a OK Begin TLS negotiation now.
    (The 'a' in front of STARTTLS is not a typo, a prefix is required by the IMAP server in front of all commands.)
    Close the telnet (with 'a logout' or Ctrl+C) and you can use openssl to further investigate as you would otherwise; at the end of a lot of output including the certificate chain you should see a line similar to the one below:
    openssl s_client -starttls imap -connect your.domain.name.here:yourimapsportnumber
    . OK Pre-login capabilities listed, post-login capabilities have more.
    You can then use the capability command to look for what authentication methods are available, if you see AUTH=PLAIN, you can then issue a login command (it's already under an encrypted connection), and if it's successful ("a OK Logged in"), then most likely your iPhone will be able to connect to Dovecot as well.
    a capability
    * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN
    a login username password
    * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS
    a OK Logged in
    POSTFIX
    Likewise, you have to set Postfix to wait for STARTTLS before encrypting the communication.
    1. You have to delete the setting smtpd_tls_wrappermode=yes from /etc/postfix/master.cf and/or /etc/postfix/main.cf, if it was enabled. This will mean Outlook won't be able to connect any more because it requires a TSL connection without issuing STARTTLS as per Postfix documentation (haven't tested.) In my case we don't use Outlook so I didn't care. Outlook + iPhone + custom SMTPS port are simply not possible together at the same time as far as I understand. Pick one to sacrifice.
    2. Require encrypted (TLS) mode for any data transfer in /etc/postfix/main.cf:
    smtpd_tls_security_level = encrypt
    3. Authentication should only happen while already in encrypted (TLS) mode, so set in /etc/postfix/main.cf:
    smtpd_tls_auth_only = yes
    Don't forget postfix reload.
    To test if this works, issue the following telnet and wait for the server's greeting:
    telnet your.host.name.here yoursmtpsportnumber
    220 your.host.name ESMTP Postfix (Ubuntu)
    Then type in the EHLO and make sure the list of options contains STARTTLS and does not include an AUTH line (that would mean unencrypted authentication is available):
    ehlo your.host.name.here
    250-STARTTLS
    Then issue starttls and wait for the server's confirmation:
    starttls
    220 2.0.0 Ready to start TLS
    Once again, it's time to use openssl for further testing, detailed info here http://qmail.jms1.net/test-auth.shtml
    CERTIFICATES
    You also need to be aware that iOS is somewhat particular when it comes to certificates. First of all, you have to make sure to set the following extensions on your root certificate (probably in the [ v3_ca ] section in your /etc/ssl/openssl.cnf, depending on your openssl setup), especially the 'critical' keyword:
    basicConstraints = critical,CA:true
    keyUsage = critical, cRLSign, keyCertSign
    subjectKeyIdentifier=hash
    authorityKeyIdentifier=keyid:always,issuer:always
    And then on the certificate you sign for your mail server, set the following, probably in the [ usr_cert ] section of /etc/ssl/openssl.cnf:
    basicConstraints=CA:FALSE
    keyUsage = nonRepudiation, digitalSignature, keyEncipherment
    subjectKeyIdentifier=hash
    authorityKeyIdentifier=keyid,issuer
    subjectAltName = DNS:your.domain.name.here
    issuerAltName=issuer:copy
    Please note, the above are results of extensive google-ing and trial and error, so maybe you can omit some of the stuff above and it still works. When it started working for me, I stopped experimenting because figuring this all out already took way too much time. The iPhone is horribly undocumented when it comes to details of its peculiar behaviors. If you experiment more and have more accurate information, please feel free to post here as a reply to this message.
    You have to import your root certificate into your iPhone embedded in a profile via the iPhone Configuration Utility (free, but only available in Windows or a Mac; details here: http://nat.guyton.net/2012/01/20/adding-trusted-root-certificate-authorities-to- ios-ipad-iphone/ ), after having first added it to Windows' certificate store as a trusted root certificate. This way the Utility will sign your certificate for the phone and it becomes usable; if you just add it from the phone it will be there but won't be used. Using a profile has the added benefit of being able to configure mail settings in it too, and that saves a lot of time when you have to install, remove, reconfigure, install again, etc. a million times until it works.
    Another undocumented constraint is that the key size is limited to a max of 4096. You can actually install a root certificate with a larger key, the iPhone Configuration Utility will do that for you without a word. The only suspicious thing is that on the confirmation screen shown on your iPhone when you install the profile you don't get the text "Root Certificate/ Installing the certificate will add it to the list of trusted certificates on your iPhone" in addition to your own custom prompt set up in the iPhone Configuration Utility. The missing additional text is your sign of trouble! - but how would know that before you saw it working once? In any case, if you force the big key certificate on the device, then when you open the Mail App, it opens up and then crashes immediately. Again, without a word. Supposedly Apple implemented this limit on the request of the US Government, read more here if you're interested: http://blogs.microsoft.co.il/blogs/kamtec1/archive/2012/10/13/limitation-of-appl e-devices-iphone-ipad-etc-on-rsa-key-size-bit.aspx .
    IN CLOSING...
    With all this, you can read and send email from your iPhone.
    Don't forget to set all your other clients (Thunderbird, Claws, etc.) to also use STARTTLS instead of SSL, otherwise they won't be able to connect after the changes above.

  • RDS 2012 External access for Session Hosts over different port to default 443

    Hello there
    I am having problems solving this problem as you may see on other posts, so I am going to try again.
    I have two Server 2012 machines for RDS. Server 1 one with all roles (Gateway, Broker, Session host etc.) and second machine, Server 2 as a session host only. I am running RDWeb Apps, with CA certificate installed and
    everything works fine internally.
    Due to limitations on the router I had to change the default SSL port on the gateway (Server 1) to 4043. I have this and 3391 for UDP open to Server 1 from the router.
    Working externally, I can login to the RDS site and open apps form Server 1, but when I try to open an app installed on Server 2, I get a certificate error.  The error is:
    “Your computer can’t connect to the remote computer because the Remote Desktop Gateway server address
    and the certificate subject name do not match. Contact your network administrator for assistance". 
    The certificate address the error points to is referring to is an SBS 2011 cert for RWW and email. Experimenting, if I use 443 on the Server 1
    gateway instead of 4043 and change the router accordingly, it then works. I can open apps form both session hosts externally . But not if is set to 4043. 
    For the record Server 2 session host also gives this error:
    Event ID: 1280 Warning Microsoft Windows TerminalServcies-session broker client 
    Remote Desktop Services failed to join the Connection Broker on server sever-vm1.local.
    Error: Current async message was dropped by async dispatcher, because there is a new message which will override the current one.
    Because everything works fine using default 443, I figure this is a communication or firewall issue between the gateway and the session host on Server 2.  
    Can anyone help here? 
    Many Thanks 
    MIS5000

    Hi,
    Thanks for your comment.
    Have you check the connection on your second server?
    Can you ping the server 2 from server 1?
    As from the event ID 1280 it seems there is some network connectivity to RDCB server. Also please “Add the RD Session Host server to the Session Broker Computers group” & RDWeb server's computer account needs to be a member of the local TS Web Access Computers
    group on your RDSH server.  You can get the detailed information from this article.
    In addition, do you have certificate purchased and install from trusted root authority. There is some requirement to use certificate for RDS environment, please consider following points.
    1. The certificate is installed into computer’s “Personal” certificate store. 
    2. The certificate has a corresponding private key. 
    3. The "Enhanced Key Usage" extension has a value of either "Server Authentication" or "Remote Desktop Authentication" (1.3.6.1.4.1.311.54.1.2). Certificates with no "Enhanced Key Usage" extension can be used as well. 
    You can get more details regarding certificatehere.
    Hope it helps!
    Thanks.
    Dharmesh Solanki
    TechNet Community Support

  • FTP/File Sender Adapter over SSL - 500 Illegal PORT command.

    Hello Experts!
    I'm trying to configure FTP Sender Adapter over SSL. This is the configuration I'm using:
    Server: server01
    Port: 21
    Data Connection: Active
    Timeout: 100
    Connection Security: FTPS (FTP Using SSL/TLS) for Control and Data Connection
    Command Order: AUTH TLS, USER, PASS, PBSZ, PROT
    I have imported ftp server certificate into TrustedCAs key store. When the sender adapter tries to connect it receives the error 500 Illegal PORT command when getting files list.
    This is an excerpt of the logs of connection steps:
    #Plain##ftp server returns reply '220 Restricted Access. All Actions are monitored.'#
    #Plain##Detected 'AUTH TLS' command: Preparing TLS/SSL connection upgrade#
    #Plain##'AUTH TLS' successful: Upgrading control channel to TLS/SSL#
    #Plain##ftp server returns reply '234 Proceed with negotiation.'#
    #Plain##ftp server returns reply '331 Please specify the password.'#
    #Plain##ftp server returns reply '230 Login successful.'#
    #Plain##ftp server returns reply '200 PBSZ set to 0.'#
    #Plain##ftp server returns reply '200 PROT now Private.'#
    #Plain##ftp server returns reply '215 UNIX Type: L8'#
    #Plain##ftp server returns reply '200 Switching to ASCII mode.'#
    #Plain##ftp server returns reply '250 Directory successfully changed.'#
    #Plain##ftp server returns reply '500 Illegal PORT command.'#
    Does anybody know how to solve it?
    Thank you in advance!
    Roger Allué i Vall

    Ok! This is the maximum i could obtain:
    Fri Dec 11 15:28:12 2009 [pid 15206] FTP response: Client "10.58.42.108", "220 Restricted Access. All Actions are monitored."
    Fri Dec 11 15:28:12 2009 [pid 15206] FTP command: Client "10.58.42.108", "AUTH TLS"
    Fri Dec 11 15:28:12 2009 [pid 15206] FTP response: Client "10.58.42.108", "234 Proceed with negotiation."
    Fri Dec 11 15:28:12 2009 [pid 15206] FTP command: Client "10.58.42.108", "USER iubsint"
    Fri Dec 11 15:28:12 2009 [pid 15206] [iubsint] FTP response: Client "10.58.42.108", "331 Please specify the password."
    Fri Dec 11 15:28:12 2009 [pid 15206] [iubsint] FTP command: Client "10.58.42.108", "PASS <password>"
    Fri Dec 11 15:28:12 2009 [pid 15205] [iubsint] OK LOGIN: Client "10.58.42.108"
    Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "230 Login successful."
    Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PBSZ 0"
    Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "200 PBSZ set to 0."
    Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PROT P"
    Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "200 PROT now Private."
    Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "SYST"
    Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "215 UNIX Type: L8"
    Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "TYPE I"
    Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "200 Switching to Binary mode."
    Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "CWD /interfaces"
    Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "250 Directory successfully changed."
    Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PORT 10,58,45,108,159,112"
    Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "500 Illegal PORT command."
    I think we found the problem though. FTP Administrator says this is wrong:
    Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PORT 10,58,45,108,159,112"
    it should be
    Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PORT 10,58,42,108,159,112"
    Something is making SAP PI to take a wrong ip address (This server has two).
    I'll let you know if we solve it!!
    Thank you!!!

  • Non SSL website on port 443

    Hi, I have a non-SSL website running on port 443. When I access this website using Chrome or IE it works just fine, but Firefox can't seem to accept what I have done. All browsers on the same machine and using the same web proxy.
    I access the website as http://xyz:443.
    Just a bit of background info as to why I need this. Where I work I can only access ports 443 and 80 via the web proxy. I have two distinct websites running on a couple of devices at home behind a very config-wise limited router which has ports 80 and 443 redirected to these hosts. There is no way for me to setup two port forward rules on port 80 to two different devices. I cannot setup SSL on either of the websites.
    Regardless of options that could exist to overcome my particular issue, I would like to check if you guys know how to make Firefox work with a website running on port 443 whilst not having a certificate assigned to it.
    Firefox 32.0.3
    Error message:
    The connection was reset
    The connection to the server was reset while the page was loading.
    The site could be temporarily unavailable or too busy. Try again in a few moments.
    If you are unable to load any pages, check your computer's network connection.
    If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

    What type of ssl are you running? [https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/]
    You can somehow remove the Strict-Transport-Security header or if there is a feature that forced encryption but by default https uses 443 for encryption. I do not know if this is possible.

  • Kernel SSL (KSSL) Proxy isn't listening on port 443

    Hello
    I'm having some trouble with Solaris 10 KSSL. The SMF says it's configured and online but netstat shows nothing listening on 443. The configuration I'm using is below so you can try it if you like.
    Thanks for any insight.
    J
    --- config commands start here ---
    - Generate certificate and key (In this case self-signed for testing)
    /usr/sfw/bin/openssl req -x509 -nodes -days 365 -subj "/C=NZ/ST=Canterbury/L=MtHutt/CN=`hostname`" -newkey rsa:1024 -keyout /var/tmp/mykey.pem -out /var/tmp/mycert.pem
    - Configure KSSL Proxy instance
    echo "password" > /var/tmp/kssl.pass
    cat /var/tmp/mycert.pem /var/tmp/mykey.pem > /var/tmp/mystuff.pem
    rm /var/tmp/mykey.pem /var/tmp/mycert.pem
    (NOTE: The following command must be run from Global Zone.)
    ksslcfg create -f pem -i /var/tmp/mystuff.pem -p /var/tmp/kssl.pass -x 8080 443
    - Configure web server
    (This example uses the Solaris supplied Apache in /usr/apache2)
    hostname=`hostname`
    ipaddr=`grep $hostname /etc/hosts | awk '{ print $1 }'`
    cat /etc/apache2/httpd.conf-example | sed "s/^Listen 80/Listen $ipaddr:8080/" > /etc/apache2/httpd.conf
    svcadm enable apache2
    Edited by: ajcook on 9/01/2009 00:25

    The answer, as it often is, was user error. I had neglected to restart the Apache server to listen on the KSSL proxy port (port 8080 in the example given).
    Mildly interesting exercise because it means that the KSSL doesn't start listening on it's SSL port until it verifies that the proxy port is available.
    As soon as Apache was restarted, KSSL burst into life, ie.
    /usr/sfw/bin/openssl s_client -connect localhost:443
    CONNECTED(00000004)

  • SSL on port 443

    BM 3.8 sp5, Open Enterprise 6.5 SP6 - SSL - listening port 443 - Craig
    advised to change to port 444 because it conflicts with Apache on the
    server. Do my users need to type :444 when they authenticate or is this
    change will be transparent to them? Also, one of our NetAdmins indicates
    we are not running Apache...
    Please provide me with more info. on this issue.
    Thank you in advance for your help

    Is wrote:
    > BM 3.8 sp5, Open Enterprise 6.5 SP6 - SSL - listening port 443 - Craig
    > advised to change to port 444 because it conflicts with Apache on the
    > server. Do my users need to type :444 when they authenticate or is this
    > change will be transparent to them?
    I assume you're referring to proxy authentication, where the user enters
    credentials in the browser to gain access to the proxy. In this case the
    BM server automatically redirects users to the port 444 URL... they
    don't type it in. Thus, the port the proxy listens on for SSL
    *authentication* requests doesn't matter much, as long as it doesn't
    conflict with other services running on the server.
    Jim
    Support Sysop

  • Stratus tunneling over ports 443 and/or 80

    Would it be possible to have Stratus listen on ports 443 and
    80; and would Flash Player 10 indeed fall back to those ports, as
    with FMS?
    I am dealing with a customer who has difficulty opening 1935
    due to corporate policies.
    I have no information about port 10000+. Hopefully they pose
    no problem.
    Kind Regards,
    Frans

    The older RTMP operates over TCP port 1935 and falls back to
    tunneling over 443 and/or 80.
    The newer RTMFP uses UDP and requires the ability to make
    outbound connections to 1935 and also higher port numbers in order
    to establish a server connection.
    Running over port 443 and 80 UDP wouldn't help, the firewall
    is likely configured to open up TCP 443 (HTTPS) and TCP 80 (HTTP)
    while still blocking UDP.
    If your application needs to work in the presence of
    UDP-blocking firewalls (and note that we do several things to get
    through them, if they do allow internally-initiated UDP sessions),
    you'll need to code your own fallback to a TCP protocol like RTMP
    or HTTP.

  • WebServices over SSL - 403 Forbidden error

    Hello all,
    I am able to successfully communicate with a SSL enabled .NET webservice using apache-axis in my java code. however, when i
    try the same with weblogic based libs [%bea_home%\server\lib\webserviceclient+ssl.jar] - assume the other jars are ok, i get
    the following exception stack trace:
    Disabling strict checking on adapter weblogic.webservice.client.WLSSLAdapter@55a338
    Set TrustManager to weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@fdb00d
    Set HostnameVerifier to weblogic.webservice.client.WLSSLAdapter$NullVerifier@131303f
    Disabling strict checking on adapter weblogic.webservice.client.WLSSLAdapter@6b9c84
    Set TrustManager to weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@e1eea8
    Set HostnameVerifier to weblogic.webservice.client.WLSSLAdapter$NullVerifier@131303f
    Got new socketfactory javax.net.ssl.impl.SSLSocketFactoryImpl@18f51f
    Connecting to:www.abc.com port:443
    socket:Socket[addr=www.abc.com/12.345.67.89,port=443,localport=4802]com.certicom.tls.interfaceimpl.TLSConnectionImpl@e35bb7
    Warning: cert chain incomplete
    Warning: cert chain untrusted
    Warning: subject (www.abc.com, OU=Terms of use at www.verisign.com/rpa (c)00, OU=ABC 1, O=ABC inc, L=abc, ST=abc, C=abc) does
    not match server name (null)
    <Jul 27, 2004 10:52:49 AM GMT+05:30> <Info> <WebService> <BEA-220025> <Handler weblogic.webservice.core.handler.ClientHandler
    threw an exception from its handleResponse method. The exception was:
    javax.xml.rpc.JAXRPCException: weblogic.webservice.util.AccessException: The server at
    https://www.abc.com/abcdef/ABCWebService.asmx?WSDL returned a 403 error code (Forbidden). Please ensure that your URL is
    correct and that the correct protocol is in use..>
    A RemoteException has been thrown
    java.rmi.RemoteException: SOAP Fault:javax.xml.rpc.soap.SOAPFaultException: The server at
    https://www.abc.com/abcdef/ABCWebService.asmx?WSDL returned a 403 error code (Forbidden). Please ensure that your URL is
    correct and that the correct protocol is in use.
    Detail:
    <detail>
    <bea_fault:stacktrace xmlns:bea_fault="http://www.bea.com/servers/wls70/webservice/fault/1.0.0">
    </bea_fault:stacktrace>weblogic.webservice.util.AccessException: The server at
    https://www.abc.com/abcdef/ABCWebService.asmx?WSDL returned a 403 error code (Forbidden). Please ensure that your URL is
    correct and that the correct protocol is in use.
         at weblogic.webservice.binding.soap.HttpClientBinding.handleErrorResponse(HttpClientBinding.java:371)
         at weblogic.webservice.binding.soap.HttpClientBinding.receive(HttpClientBinding.java:233)
         at weblogic.webservice.core.handler.ClientHandler.handleResponse(ClientHandler.java:63)
         at weblogic.webservice.core.HandlerChainImpl.handleResponse(HandlerChainImpl.java:230)
         at weblogic.webservice.core.ClientDispatcher.receive(ClientDispatcher.java:229)
         at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:144)
         at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:444)
         at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:430)
         at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:270)
         at com.webservice.abc.client.proxy.ABCWebserviceSoap_Stub.getABC(ABCWebserviceSoap_Stub.java:113)
         at com.webservice.abc.client.ABC_WS_Client.main(ABC_WS_Client.java:158)
    </detail>; nested exception is:
         javax.xml.rpc.soap.SOAPFaultException: The server at https://www.abc.com/abcdef/ABCWebService.asmx?WSDL returned a
    403 error code (Forbidden). Please ensure that your URL is correct and that the correct protocol is in use.
         at com.webservice.abc.client.proxy.ABCWebserviceSoap_Stub.getABC(ABCWebserviceSoap_Stub.java:118)
         at com.webservice.abc.client.ABC_WS_Client.main(ABC_WS_Client.java:158)
    Caused by: javax.xml.rpc.soap.SOAPFaultException: The server at https://www.abc.com/abcdef/ABCWebService.asmx?WSDL returned a
    403 error code (Forbidden). Please ensure that your URL is correct and that the correct protocol is in use.
         at weblogic.webservice.core.ClientDispatcher.receive(ClientDispatcher.java:285)
         at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:144)
         at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:444)
         at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:430)END
         at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:270)
         at com.webservice.abc.client.proxy.ABCWebserviceSoap_Stub.getABC(ABCWebserviceSoap_Stub.java:113)
         ... 1 more

    Hi All,
    I am new to webservice programming. I am trying to consume webservice over https. I am using weblogic 8.1 sp2. I am getting http 403 forbidden error. from the log it seems that ssl handshaking is completing.
    Algorithm: [MD2withRSA]
    Signature:
    0000: BB 4C 12 2B CF 2C 26 00 4F 14 13 DD A6 FB FC 0A .L.+.,&.O.......
    0010: 11 84 8C F3 28 1C 67 92 2F 7C B6 C5 FA DF F0 E8 ....(.g./.......
    0020: 95 BC 1D 8F 6C 2C A8 51 CC 73 D8 A4 C0 53 F0 4E ....l,.Q.s...S.N
    0030: D6 26 C0 76 01 57 81 92 5E 21 F1 D1 B1 FF E7 D0 .&.v.W..^!......
    0040: 21 58 CD 69 17 E3 44 1C 9C 19 44 39 89 5C DC 9C !X.i..D...D9.\..
    0050: 00 0F 56 8D 02 99 ED A2 90 45 4C E4 BB 10 A4 3D ..V......EL....=
    0060: F0 32 03 0E F1 CE F8 E8 C9 51 8C E6 62 9F E6 9F .2.......Q..b...
    0070: C0 7D B7 72 9C C9 36 3A 6B 9F 4E A8 FF 64 0D 64 ...r..6:k.N..d.d
    ]>
    <Jan 30, 2006 11:39:29 AM GMT+05:30> <Debug> <TLS> <000000> <SSLTrustValidator r
    eturns: 0>
    <Jan 30, 2006 11:39:29 AM GMT+05:30> <Debug> <TLS> <000000> <Trust status (0): N
    ONE>
    <Jan 30, 2006 11:39:29 AM GMT+05:30> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: S
    erverHelloDone>
    <Jan 30, 2006 11:39:29 AM GMT+05:30> <Debug> <TLS> <000000> <write HANDSHAKE off
    set = 0 length = 134>
    <Jan 30, 2006 11:39:29 AM GMT+05:30> <Debug> <TLS> <000000> <write CHANGE_CIPHER
    _SPEC offset = 0 length = 1>
    <Jan 30, 2006 11:39:29 AM GMT+05:30> <Debug> <TLS> <000000> <write HANDSHAKE off
    set = 0 length = 16>
    <Jan 30, 2006 11:39:29 AM GMT+05:30> <Debug> <TLS> <000000> <SSLFilter.isActivat
    ed: false>
    <Jan 30, 2006 11:39:29 AM GMT+05:30> <Debug> <TLS> <000000> <isMuxerActivated: f
    alse>
    <Jan 30, 2006 11:39:29 AM GMT+05:30> <Debug> <TLS> <000000> <SSLFilter.isActivat
    ed: false>
    <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 readRecord(
    )>
    <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 SSL3/TLS MA
    C>
    <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 received CH
    ANGE_CIPHER_SPEC>
    <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <SSLFilter.isActivat
    ed: false>
    <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <isMuxerActivated: f
    alse>
    <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <SSLFilter.isActivat
    ed: false>
    <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 readRecord(
    )>
    <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 SSL3/TLS MA
    C>
    <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 received HA
    NDSHAKE>
    <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: F
    inished>
    <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <write APPLICATION_D
    ATA offset = 0 length = 304>
    <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <write APPLICATION_D
    ATA offset = 0 length = 558>
    <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 read( offse
    t: 0 length: 2048 )>
    <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <SSLFilter.isActivat
    ed: false>
    <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <isMuxerActivated: f
    alse>
    <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <SSLFilter.isActivat
    ed: false>
    <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 readRecord(
    )>
    <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 SSL3/TLS MA
    C>
    <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 received AP
    PLICATION_DATA>
    <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 APPDATA dat
    abufferLen 0>
    <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 APPDATA con
    tentLength 1907>
    <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 read databu
    fferLen 1907>
    <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 read A retu
    rns 1907>
    javax.xml.soap.SOAPException: Failed to send message: weblogic.webservice.util.A
    ccessException: The server at https://www.3pv.net/3PVWebServices/3PVWebServices.
    asmx?wsdl returned a 403 error code (Forbidden). Please ensure that your URL is
    correct and that the correct protocol is in use.
    at weblogic.webservice.core.soap.SOAPConnectionImpl.call(SOAPConnectionI
    mpl.java:61)
    at com.ceon.pencor.threepv.ThreePVUtils.sendOrderRequest(ThreePVUtils.ja
    va:350)
    at com.ceon.pencor.threepv.ThreePVAdapterImpl.sendThreePVRequest(ThreePV
    AdapterImpl.java:119)
    at com.ceon.pencor.threepv.ThreePVAdapterImpl_ydsnbq_EOImpl.sendThreePVR
    equest(ThreePVAdapterImpl_ydsnbq_EOImpl.java:46)
    at com.ceon.pencor.threepv.ThreePVAdapterImpl_ydsnbq_EOImpl_WLSkel.invok
    e(Unknown Source)
    at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:477)
    at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
    ef.java:108)
    at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:420)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
    dSubject.java:353)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
    144)
    at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
    a:415)
    at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
    .java:30)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
    Caused by: weblogic.webservice.util.AccessException: The server at https://www.3
    pv.net/3PVWebServices/3PVWebServices.asmx?wsdl returned a 403 error code (Forbid
    den). Please ensure that your URL is correct and that the correct protocol is i
    n use.
    at weblogic.webservice.binding.http11.Http11ClientBinding.handleErrorRes
    ponse(Http11ClientBinding.java:136)
    at weblogic.webservice.binding.http11.Http11ClientBinding.receive(Http11
    ClientBinding.java:220)
    at weblogic.webservice.core.soap.SOAPConnectionImpl.call(SOAPConnectionI
    mpl.java:57)
    ... 13 more
    javax.xml.soap.SOAPException: Failed to send message: weblogic.webservice.util.A
    ccessException: The server at https://www.3pv.net/3PVWebServices/3PVWebServices.
    asmx?wsdl returned a 403 error code (Forbidden). Please ensure that your URL is
    correct and that the correct protocol is in use.
    at weblogic.webservice.core.soap.SOAPConnectionImpl.call(SOAPConnectionI
    mpl.java:61)
    at com.ceon.pencor.threepv.ThreePVUtils.sendOrderRequest(ThreePVUtils.ja
    va:350)
    at com.ceon.pencor.threepv.ThreePVAdapterImpl.sendThreePVRequest(ThreePV
    AdapterImpl.java:119)
    at com.ceon.pencor.threepv.ThreePVAdapterImpl_ydsnbq_EOImpl.sendThreePVR
    equest(ThreePVAdapterImpl_ydsnbq_EOImpl.java:46)
    at com.ceon.pencor.threepv.ThreePVAdapterImpl_ydsnbq_EOImpl_WLSkel.invok
    e(Unknown Source)
    at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:477)
    at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
    ef.java:108)
    at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:420)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
    dSubject.java:353)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
    144)
    at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
    a:415)
    at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
    .java:30)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
    Caused by: weblogic.webservice.util.AccessException: The server at https://www.3
    pv.net/3PVWebServices/3PVWebServices.asmx?wsdl returned a 403 error code (Forbid
    den). Please ensure that your URL is correct and that the correct protocol is i
    n use.
    at weblogic.webservice.binding.http11.Http11ClientBinding.handleErrorRes
    ponse(Http11ClientBinding.java:136)
    at weblogic.webservice.binding.http11.Http11ClientBinding.receive(Http11
    ClientBinding.java:220)
    at weblogic.webservice.core.soap.SOAPConnectionImpl.call(SOAPConnectionI
    mpl.java:57)
    ... 13 more
    ERROR : Exception is occurred during connecting url:https://www.3pv.net/3PVWebS
    ervices/3PVWebServices.asmx?wsdl
    Please help...
    Cordially
    Sandip

  • MapViewer over SSL

    Hello!
    Is it possible to use MapViewer over SSL? If so, how to handle it?
    Thanks!

    So, I have resolved my problem!
    MapViewer really can render images via SSL.
    My infrastructure:
    1. Database server with Weblogic and MapViewer installed.
    2. Web server with Apache software.
    3. Users can access only to the web server and only using port 443 (HTTPS protocol).
    4. All scripts on web server uses JavaScript API (oraclemaps.js).
    And solution is:
    1. Change "save_images_at" tag in mapViewerConfig.xml file to the following
    *<save_images_at file_prefix="omsmap"*
    url="https://WEBSERVER/mapviewer/images"
    path="../../images"
    life="0"
    recycle_interval="480"
    */>*
    2. Be sure to include mod_proxy, mod_proxy_connect and mod_proxy_http libraries in httpd.conf on the web server.
    3. Add following proxy settings to the httpd.conf file
    *<IFModule mod_proxy.c>*
    ProxyRequests On
    ProxyVia On
    *<Proxy >*
    Order deny,allow
    Allow from all
    *</Proxy>*
    SSLProxyEngine On
    ProxyPass /mapviewer https://MAPVIEWERSERVER:7002/mapviewer
    ProxyPassReverse /mapviewer https://MAPVIEWERSERVER:7002/mapviewer
    *</IFModule>*
    4. Be sure your scripts uses new (proxied) MapViewer URL, e.g.
    mapview = new MVMapView ( document.getElementById ( "map" ), 'https://WEBSERVER/mapviewer');
    As a result all maps rendering requests sending by users to the web server are proxied by Apache to the MapViewer server.
    P. S. "mapviewer" folder on the web server does not even exist!

Maybe you are looking for

  • How to get the BPEL WSDL url?

    i'm trying to generate a Stub/Skeleton with JDev to invoke a BPEL Proccess from a Java client and i don´t know which is the BPEL Process WSDL Thanks Germán

  • How can I remove apps from iPhone.

    I downloaded free apps, but I want to remove them now.

  • Smart form attachment in User decision step

    Hi, i have a requirement to display Smart form in user decision step along with Approce and reject buttons. Please guide how to attach a smart form in workflow. Thanks. Edited by: Sanjay_lnt on Jul 10, 2010 8:13 PM

  • Installing Oracle 9iDS on Solaris 8 with Oracle 9i DB already running

    Current setup is some what like this. We have SunV440 Server and have Oracle 9i Database running on it. To install 9i DB we have created a user Oracle on OS Solaris8. Now we would like to install Oracle 9iDS (Developer Suite) and configure its Separa

  • Problem with adding new contacts to CRM from Outlook

    Hello, we are trying to import contact data into CRM 2013 using the Outlook client. A lot of these contacts are coming through in forwarded emails and the client is not picking up the contact data correctly. For example, when we click the 'track' but