Sievefilter over SSL (port 443)
Does anybody know how i can get sievefilter to work if i use SSL? I have installed the sievefilter function and it works fine over http but the server will not display the sievefilters when i'm using https. Why?
Sieve filters settings work through iDA, not webmail. You have to turn ssl on for that web server, too.
Similar Messages
-
Error with default SSL port (443) on Solaris
Hi all
I would like to config default SSL port 443 on Solaris but I found this error. What is the problem?
I use WebLogic 8.1 sp3
SSL port : 443
Unable to create a server socket on Channel Default for port: 443. java.net.BindException: Permission denied Perhaps another process is using port 443
I dont sure about permission. How can I do?Oh I can use root start weblogic and I can use 443 port, but when I use other users. I can't use 443 port
-
Custom sig: Non-SSL over SSL port
I am trying to build a custom signature for detecting non-SSL traffic on a specific SSL port (let's say tcp/443). This has to do with CONNECT tunnels through an HTTP proxy. Conceptually, it's not a complicated idea. Whether or not it can technically be done effectively with the Cisco IPS I don't know.
It seems that very early in every SSL connection, there is an SSL "client hello" message(SYN,SYN/ACK,ACK,CLIENT HELLO). There are two relevant record formats, SSLv2 and SSLv2/TLS. I would like to create a signature that fires when it DOES NOT see the client hello message very early in a given TCP session. I would want the signature to only need to check the very first n packets of any given TCP session (n = max size of connection establishment + max size of client hello packet). Has anyone created such a beast or willing to help? Here are a couple packets.
SSLv3 Client Hello
0000 00 00 5e 00 01 67 00 a0 8e 82 ec 5d 08 00 45 00 ..^..g.....]..E.
0010 00 8e 33 b8 40 00 3e 06 94 16 ce c3 c3 6c 40 22 ..3.@.>......l@"
0020 a2 49 58 27 01 bb b7 42 c6 92 fd 36 a3 d1 50 18 .IX'...B...6..P.
0030 44 70 08 e2 00 00 16 03 00 00 61 01 00 00 5d 03 Dp........a...].
0040 00 44 5f 9a 77 69 49 5a 85 52 a0 96 38 b3 b4 15 .D_.wiIZ.R..8...
0050 8f db f2 0f c9 0e ea 10 f5 69 39 8c 58 87 e5 33 .........i9.X..3
0060 70 20 ba 06 1e 3f d4 4e 3c d0 de a8 ea 4e a3 7f p ...?.N<....N..
0070 0f 07 fd 5f 88 07 17 ef 50 ce 6b cf 10 e3 84 99 ..._....P.k.....
0080 04 a2 00 16 00 04 00 05 00 0a 00 09 00 64 00 62 .............d.b
0090 00 03 00 06 00 13 00 12 00 63 01 00 .........c..
TLSv1 Client Hello
0000 00 0f 20 6c 99 8b 00 a0 8e 82 c4 c1 08 00 45 00 .. l..........E.
0010 00 96 a2 89 40 00 7f 06 32 b3 ce c3 c2 29 ce c3 [email protected]....)..
0020 c6 74 0d 13 01 bb 38 17 d5 89 98 0f fc 73 50 18 .t....8......sP.
0030 44 70 6c 75 00 00 16 03 01 00 69 01 00 00 65 03 Dplu......i...e.
0040 01 44 5f 9a 84 8a 94 ab f3 78 e7 b1 c9 ca 04 34 .D_......x.....4
0050 3b 95 1b 86 51 05 5f ac 9d a0 b0 69 fe 0c 27 e5 ;...Q._....i..'.
0060 9c 20 78 08 00 00 ce c3 c2 29 58 58 58 58 58 58 . x......)XXXXXX
0070 58 58 58 58 58 58 58 58 58 58 48 9a 5f 44 8c 4b XXXXXXXXXXH._D.K
0080 05 00 00 1e 00 04 00 05 00 2f 00 33 00 32 00 0a ........./.3.2..
0090 00 16 00 13 00 09 00 15 00 12 00 03 00 08 00 14 ................
00a0 00 11 01 00 ....
SSLv2 Client Hello
0000 00 00 5e 00 01 67 00 a0 8e 82 ec 5d 08 00 45 00 ..^..g.....]..E.
0010 00 82 fb a7 40 00 3e 06 cf 32 ce c3 c3 6c 9f 35 ....@.>..2...l.5
0020 40 36 58 6d 01 bb b7 78 06 1b cd e2 e2 3d 80 18 @6Xm...x.....=..
0030 44 70 47 6b 00 00 01 01 08 0a 31 fd f9 51 00 00 DpGk......1..Q..
0040 00 00 80 4c 01 03 00 00 33 00 00 00 10 00 00 04 ...L....3.......
0050 00 00 05 00 00 0a 01 00 80 07 00 c0 03 00 80 00 ................
0060 00 09 06 00 40 00 00 64 00 00 62 00 00 03 00 00 [email protected].....
0070 06 02 00 80 04 00 80 00 00 13 00 00 12 00 00 63 ...............c
0080 7b af 57 75 f8 a9 72 54 23 29 32 50 bf ef 1e a9 {.Wu..rT#)2P....Hi mhellman:
I can see 3 difficulties with this kind of sign.
1) To determine the order of the packets.
2) To determine that happen at the very begining of the conection
3) fire when the traffic doesn't match with the signature.
The difficulty number 3, I think, is imposible to resolve because the sensor can compare the trafic with a well defined pattern and fire when it match, but not when it doen't.
The difficult number 2
You need a kind of state signature because this can be classified like a machine state (first three way handshake, then hello packet) but I can't see fields in the state engine that help in this case.
The difficult number 1 could be resolved by a Meta signature.
You will need to create an a custom atomic signature for the syn packet, another for the syn ack, another to ack, and the last one for hellow packet.
Then create a meta signature and add the fourth atomic singatures whith a strict order.
but guess what...
Meta signature doesn't permit custom signatures.
I think this kind of signature is imposible to write.
But I'd try.
Regards
Alberto Giorgi from spain. -
How do i temporarily disable TLS/SSL port 443 going to server on CSS
We are having issues with truncating packets that go through the CSS
I did a capture after the CSS and there is truncation............however i cant read it before the since everything is encrypted.
They hit vip address 172.20.120.16. on the CSS and get redirected to 2 servers depening on what the url says
They server team would like to turn it off just to test..i tried removing
"add service ARR-public-ssl" from the contetn below and we lost http and https to the server
so in essence i want to try and turn the 443 connection to a port 80---than it goes to port 7777 backend to 172.20.212.6
content BYE-WEB-SSL
vip address 172.20.120.16
protocol tcp
port 443
advanced-balance ssl
application ssl
add service ARR-public-ssl
active
ssl-server 40
ssl-server 40 rsacert byetest
ssl-server 40 vip address 172.20.120.16
ssl-server 40 cipher rsa-with-rc4-128-sha 172.20.120.17 80
ssl-server 40 cipher rsa-with-rc4-128-md5 172.20.120.17 80
ssl-server 40 urlrewrite 1 *
ssl-server 40 cipher rsa-with-3des-ede-cbc-sha 172.20.120.17 80
ssl-server 40 rsakey byekey
backend-server 50
backend-server 50 type initiation
backend-server 50 server-ip 69.xxx.xxx.xxx
backend-server 50 ip address 69.xxx.181.xxx
backend-server 50 rsacert byetest
backend-server 50 rsakey byekey
active
!************************** SERVICE **************************
service TIE-SSLINIT
protocol tcp
ip address 69.xxx.xxx.xxx
keepalive type tcp
keepalive port 443
slot 2
type ssl-init
add ssl-proxy-list HR-SSL
active
owner PublicBYE
content BYE-WEB-ARRR
vip address 172.20.120.17
protocol tcp
port 80
url "/arr*"
advanced-balance arrowpoint-cookie
balance aca
arpt-lct http-100-reinsert
add service BYE-ods-web1
active
content BY-WEB-TIX
protocol tcp
port 80
url "/tix*"
advanced-balance arrowpoint-cookie
balance aca
arpt-lct http-100-reinsert
add service BYE-ods-web2
vip address 172.20.120.17
active
content BYE-WEB-TIX-CLEARTEXT
add service TIX-SSLINIT
vip address 172.20.120.19
protocol tcp
port 80
active
content BYE-WEB-Nav
vip address 172.20.120.17
protocol tcp
port 80
url "/na*"
balance aca
arpt-lct http-100-reinsert
add service BYE-ods-web1
active
content BYE-WEB-SSL
vip address 172.20.120.16
protocol tcp
port 443
advanced-balance ssl
application ssl
add service ARR-public-ssl
active
service BYE-ds-web1-ssl
ip address 172.20.212.5
port 443
keepalive type ssl
active
service BYE-ds-web2
ip address 172.20.212.6
port 7777
keepalive port 7777
keepalive type tcp
active
service BYE-ds-web2
ip address 172.20.212.6
port 7777
keepalive port 7777
keepalive type tcp
active
service BYEos-web2-ssl
ip address 172.20.212.6
port 443
keepalive type ssl
activeCSS11506# sh ver
Version: sg0810205 (08.10.2.05)
Flash (Locked): 08.10.1.06
Flash (Operational): 08.10.2.05
Type: PRIMARY
Licensed Cmd Set(s): Standard Feature Set
Secure Management
Yeah..if done a packet trace before it hits the CSS and after......the only issue is that everything is engrypted before it hits the LB so i cant really read anythign....i did a pacet trace after the LB and on the Server itself its seems we get this
I thought i saw some bug info from cisco but i cant tell if its related
CSCsx05640—When you configure the CSS for a Layer 5 (L5) content rule and it receives an HTTP method POST with the HTTP header in one packet that is quickly followed by many packets of POST data or payload, it could fail to deliver all the data to the back-end server. The CSS Flow Manager (FM) application could incorrectly handle the POST and the data packet as a spanned content request and could cause the data to be mishandled. Workaround: Use less than 1-Gb connections in the network; a 100-Mb link does not exhibit this issue.
As you can see after the content-length..........nothing comes across........sometimes addtional stuff will come in ...but usually nothing
Is there a bug related to this on the CSS?
POST /TIXX/DocumentRepository_Service HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/soap+xml;charset=UTF-8;action="urn:ihe:iti:2007:ProvideAndRegisterDocumentSet-b"
User-Agent: Jakarta Commons-HttpClient/3.1
Host: www.xxxxxxxxxxxx.net
Content-Length: 9044 -
NRM over SSL (port 8009) doesn't respond
Netware 6 Sp5 box + post patches. This is an old box that I'm trying to migrate over to a VM by enabling iscsi and setting that up. I've done this with 6.5x without issue. Anyway, NRM will respond and function over http on port 8008 without issue. however, if i click the 'iSCSI Services" link at the bottom.. it throws an Unauthorized Access Denied error. After doing some digging online, someone said to try logging into NRM via SSL (port 8009) and it worked for him. Well, I'm unable to do that. When I try to access NRM over https/8009 the browser just spins and spins. I checked TCPCON and it appears that its listening on port 8009.. I telnet'd to port 8009 and it doesnt deny me.. but nothing comes up. I've done PKIDiags, httpstk /reset and re-loaded with /ssl /keyfile:"SSL CertificateIP" with no change. No errors with certificates that I can find
Kind of out of ideas. Any out there still familiar with this? :)Originally Posted by AndersG
Try unload httpstk, then load it
http://www.novell.com/rms
Have done that at least 100 times :) with /reset , etc. actually just figured out it works with Firefox, but not ie or chrome -
OIM 9102 , AD Password Sync 91x, JBoss 423GA - issue over SSL port.
Followed the steps describe in "Deploying the connector"
http://download.oracle.com/docs/cd/E11223_01/doc.910/e11218/install_config.htm#insertedID0
section
Pre-Installation both SSL n non-SSL works for SPML verification.
For JBoss Application Server:
http://IP ADDRESS:8080/spmlws/services/HttpSoap11
https://IP ADDRESS:8443/spmlws/services/HttpSoap11
Post Installation - configured SSL.
On AD machine logs following error message is displayed:
MAX_RETRY LIMIT count is not updated: OIM is down
Following meta-link ID 1073889.1
https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&doctype=PROBLEM&id=1073889.1
explains to verify 'oimhost and oimport' - oimhost is machine ip address ( AD machine is able to ping OIM machine through ip address and machine name )
oimport is 8443
Any suggestion.
Or anyone previously successfully deployed password sync over SSL for OIM 9102 and AD Password sync 91x,
as i found a similar thread in OTN forum where user had issues over SSL.Did anyone resolve this issue? I have the same running SSL Password Sync on OAS 10.1.3.4 and OIM 9.1.0.2 BP09a with AD 2003.
Debug [7/8/2010 6:35:45 AM] oimport is
Debug [7/8/2010 6:35:45 AM] 4443
Debug [7/8/2010 6:35:45 AM]
Debug [7/8/2010 6:35:45 AM] oimsslclient is
Debug [7/8/2010 6:35:45 AM] nw-dc-01.nwocaland.nwoca.org
Debug [7/8/2010 6:35:45 AM]
Debug [7/8/2010 6:35:45 AM] oimuserattr is
Debug [7/8/2010 6:35:45 AM] USR_UDF_SAM_ACCTNAME
Debug [7/8/2010 6:35:45 AM]
Debug [7/8/2010 6:35:45 AM] oimusessl is
Debug [7/8/2010 6:35:45 AM] Y
Debug [7/8/2010 6:35:45 AM]
Debug [7/8/2010 6:35:45 AM] oimappservertype is
Debug [7/8/2010 6:35:45 AM] 2
Debug [7/8/2010 6:35:45 AM]
Debug [7/8/2010 6:35:45 AM] End of sgsloidi::getConfigParamters
Debug [7/8/2010 6:35:45 AM] Inside sgsloidi::setParameters
Debug [7/8/2010 6:35:45 AM] The SOAP start element is
Debug [7/8/2010 6:35:45 AM] <SPMLv2Document xmlns="http://xmlns.oracle.com/OIM/provisioning">
Debug [7/8/2010 6:35:45 AM] The SOAP end element is
Debug [7/8/2010 6:35:45 AM] </SPMLv2Document>
Debug [7/8/2010 6:35:45 AM] The path is
Debug [7/8/2010 6:35:45 AM] /spmlws/HttpSoap11
Debug [7/8/2010 6:35:45 AM] End of sgsloidi::setParameters -
How to set up iPhone 5 iOS 6 email with IMAP over SSL on a custom port?
Basically I have the same problem as this guy 5 years ago but the thread contained no useful answer. Maybe there are people out there who became smarter in the meantime? Please help me out how to get my iPhone read emails via IMAP over SSL on a custom port to the corporate server. The issue is that the iPhone only seems to work if you use the standard 993 port for IMAPS, not with a custom port as we have. I've installed the corporate root certificate in a profile, and it shows up as trusted and verified in the phone, so that should not be the issue. The mail app in the iPhone tries to connect, I can verify that from the server, but then does nothing, doesn't try to authenticate, doesn't log out, nothing is going on, and then drops the connection after 60 seconds. Repeats this every 5 minutes (as set to fetch e-mail every 5 minutes.)
Original thread 5 years ago: https://discussions.apple.com/message/8104869#8104869Solved it by some (a lot) of fiddling.
Turns out it's not a bug in the iPhone, it's a feature.
Here's how to make it work.
DOVECOT
If the IMAPS port is anything other than 933 (the traditional IMAPS port) the iPhone's Mail App takes the "Use SSL" setting on the IMAP server as 'TLS', meaning it starts the communication in plain text and then issues (tries to issue) the STARTTLS command to switch the connection to encrypted. If, however, Dovecot is set up to start right away in encrypted mode, the two cannot talk to each other. For whatever reason neither the server nor the client realizes the connection is broken and only a timeout ends their misery.
More explanation about SSL/TLS in the Dovecot wiki: http://wiki2.dovecot.org/SSL
So to make this work, you have to set Dovecot the following way. (Fyi, I run Dovecot 2.0.19, versions 1.* have a somewhat different config parameters list.)
1. In the /etc/dovecot/conf.d/10-master.conf file make sure you specify the inet_listener imap and disable (set its port to 0) for imaps like this:
service imap-login {
inet_listener imap {
port = --your port # here--
inet_listener imaps {
port = 0
ssl = yes
This of course enables unencrypted imap for all hackers of the universe so you quickly need to also do the things below.
2. In the /etc/dovecot/conf.d/10-ssl.conf file, make sure you set (uncomment) the following:
ssl = required
This sets Dovecot to only serve content to the client after a STARTTLS command was issued and the connection is already encrypted.
3. In /etc/dovecot/conf.d/10-auth.conf set
disable_plaintext_auth = yes
This prevents plain text password authentication before encryption (TLS) is turned on. If you have also set ssl=required as per step 2, that will prevent all other kinds of authentications too on an unencrypted connection.
When debugging this, please note that if you connect from localhost (the same machine the server runs on) disable_plaintext_auth=yes has no effect, as localhost is considered secure. You have to connect from a remote machine to make sure plain text authentication is disabled.
Don't forget service dovecot restart.
To test if your setup works as it's supposed to, issue the following (green) from a remote machine (not localhost) (I'm using Ubuntu, but telnet and openssl is available for almost all platforms) and make sure Dovecot responds with something like below (purple):
telnet your.host.name.here yourimapsportnumber
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED] Dovecot ready.
Most importantly, make sure you see 'STARTTLS' and 'LOGINDISABLED'. Then issue STARTTLS and hopefully you see something like this:
a STARTTLS
a OK Begin TLS negotiation now.
(The 'a' in front of STARTTLS is not a typo, a prefix is required by the IMAP server in front of all commands.)
Close the telnet (with 'a logout' or Ctrl+C) and you can use openssl to further investigate as you would otherwise; at the end of a lot of output including the certificate chain you should see a line similar to the one below:
openssl s_client -starttls imap -connect your.domain.name.here:yourimapsportnumber
. OK Pre-login capabilities listed, post-login capabilities have more.
You can then use the capability command to look for what authentication methods are available, if you see AUTH=PLAIN, you can then issue a login command (it's already under an encrypted connection), and if it's successful ("a OK Logged in"), then most likely your iPhone will be able to connect to Dovecot as well.
a capability
* CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN
a login username password
* CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS
a OK Logged in
POSTFIX
Likewise, you have to set Postfix to wait for STARTTLS before encrypting the communication.
1. You have to delete the setting smtpd_tls_wrappermode=yes from /etc/postfix/master.cf and/or /etc/postfix/main.cf, if it was enabled. This will mean Outlook won't be able to connect any more because it requires a TSL connection without issuing STARTTLS as per Postfix documentation (haven't tested.) In my case we don't use Outlook so I didn't care. Outlook + iPhone + custom SMTPS port are simply not possible together at the same time as far as I understand. Pick one to sacrifice.
2. Require encrypted (TLS) mode for any data transfer in /etc/postfix/main.cf:
smtpd_tls_security_level = encrypt
3. Authentication should only happen while already in encrypted (TLS) mode, so set in /etc/postfix/main.cf:
smtpd_tls_auth_only = yes
Don't forget postfix reload.
To test if this works, issue the following telnet and wait for the server's greeting:
telnet your.host.name.here yoursmtpsportnumber
220 your.host.name ESMTP Postfix (Ubuntu)
Then type in the EHLO and make sure the list of options contains STARTTLS and does not include an AUTH line (that would mean unencrypted authentication is available):
ehlo your.host.name.here
250-STARTTLS
Then issue starttls and wait for the server's confirmation:
starttls
220 2.0.0 Ready to start TLS
Once again, it's time to use openssl for further testing, detailed info here http://qmail.jms1.net/test-auth.shtml
CERTIFICATES
You also need to be aware that iOS is somewhat particular when it comes to certificates. First of all, you have to make sure to set the following extensions on your root certificate (probably in the [ v3_ca ] section in your /etc/ssl/openssl.cnf, depending on your openssl setup), especially the 'critical' keyword:
basicConstraints = critical,CA:true
keyUsage = critical, cRLSign, keyCertSign
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
And then on the certificate you sign for your mail server, set the following, probably in the [ usr_cert ] section of /etc/ssl/openssl.cnf:
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
subjectAltName = DNS:your.domain.name.here
issuerAltName=issuer:copy
Please note, the above are results of extensive google-ing and trial and error, so maybe you can omit some of the stuff above and it still works. When it started working for me, I stopped experimenting because figuring this all out already took way too much time. The iPhone is horribly undocumented when it comes to details of its peculiar behaviors. If you experiment more and have more accurate information, please feel free to post here as a reply to this message.
You have to import your root certificate into your iPhone embedded in a profile via the iPhone Configuration Utility (free, but only available in Windows or a Mac; details here: http://nat.guyton.net/2012/01/20/adding-trusted-root-certificate-authorities-to- ios-ipad-iphone/ ), after having first added it to Windows' certificate store as a trusted root certificate. This way the Utility will sign your certificate for the phone and it becomes usable; if you just add it from the phone it will be there but won't be used. Using a profile has the added benefit of being able to configure mail settings in it too, and that saves a lot of time when you have to install, remove, reconfigure, install again, etc. a million times until it works.
Another undocumented constraint is that the key size is limited to a max of 4096. You can actually install a root certificate with a larger key, the iPhone Configuration Utility will do that for you without a word. The only suspicious thing is that on the confirmation screen shown on your iPhone when you install the profile you don't get the text "Root Certificate/ Installing the certificate will add it to the list of trusted certificates on your iPhone" in addition to your own custom prompt set up in the iPhone Configuration Utility. The missing additional text is your sign of trouble! - but how would know that before you saw it working once? In any case, if you force the big key certificate on the device, then when you open the Mail App, it opens up and then crashes immediately. Again, without a word. Supposedly Apple implemented this limit on the request of the US Government, read more here if you're interested: http://blogs.microsoft.co.il/blogs/kamtec1/archive/2012/10/13/limitation-of-appl e-devices-iphone-ipad-etc-on-rsa-key-size-bit.aspx .
IN CLOSING...
With all this, you can read and send email from your iPhone.
Don't forget to set all your other clients (Thunderbird, Claws, etc.) to also use STARTTLS instead of SSL, otherwise they won't be able to connect after the changes above. -
RDS 2012 External access for Session Hosts over different port to default 443
Hello there
I am having problems solving this problem as you may see on other posts, so I am going to try again.
I have two Server 2012 machines for RDS. Server 1 one with all roles (Gateway, Broker, Session host etc.) and second machine, Server 2 as a session host only. I am running RDWeb Apps, with CA certificate installed and
everything works fine internally.
Due to limitations on the router I had to change the default SSL port on the gateway (Server 1) to 4043. I have this and 3391 for UDP open to Server 1 from the router.
Working externally, I can login to the RDS site and open apps form Server 1, but when I try to open an app installed on Server 2, I get a certificate error. The error is:
“Your computer can’t connect to the remote computer because the Remote Desktop Gateway server address
and the certificate subject name do not match. Contact your network administrator for assistance".
The certificate address the error points to is referring to is an SBS 2011 cert for RWW and email. Experimenting, if I use 443 on the Server 1
gateway instead of 4043 and change the router accordingly, it then works. I can open apps form both session hosts externally . But not if is set to 4043.
For the record Server 2 session host also gives this error:
Event ID: 1280 Warning Microsoft Windows TerminalServcies-session broker client
Remote Desktop Services failed to join the Connection Broker on server sever-vm1.local.
Error: Current async message was dropped by async dispatcher, because there is a new message which will override the current one.
Because everything works fine using default 443, I figure this is a communication or firewall issue between the gateway and the session host on Server 2.
Can anyone help here?
Many Thanks
MIS5000Hi,
Thanks for your comment.
Have you check the connection on your second server?
Can you ping the server 2 from server 1?
As from the event ID 1280 it seems there is some network connectivity to RDCB server. Also please “Add the RD Session Host server to the Session Broker Computers group” & RDWeb server's computer account needs to be a member of the local TS Web Access Computers
group on your RDSH server. You can get the detailed information from this article.
In addition, do you have certificate purchased and install from trusted root authority. There is some requirement to use certificate for RDS environment, please consider following points.
1. The certificate is installed into computer’s “Personal” certificate store.
2. The certificate has a corresponding private key.
3. The "Enhanced Key Usage" extension has a value of either "Server Authentication" or "Remote Desktop Authentication" (1.3.6.1.4.1.311.54.1.2). Certificates with no "Enhanced Key Usage" extension can be used as well.
You can get more details regarding certificatehere.
Hope it helps!
Thanks.
Dharmesh Solanki
TechNet Community Support -
FTP/File Sender Adapter over SSL - 500 Illegal PORT command.
Hello Experts!
I'm trying to configure FTP Sender Adapter over SSL. This is the configuration I'm using:
Server: server01
Port: 21
Data Connection: Active
Timeout: 100
Connection Security: FTPS (FTP Using SSL/TLS) for Control and Data Connection
Command Order: AUTH TLS, USER, PASS, PBSZ, PROT
I have imported ftp server certificate into TrustedCAs key store. When the sender adapter tries to connect it receives the error 500 Illegal PORT command when getting files list.
This is an excerpt of the logs of connection steps:
#Plain##ftp server returns reply '220 Restricted Access. All Actions are monitored.'#
#Plain##Detected 'AUTH TLS' command: Preparing TLS/SSL connection upgrade#
#Plain##'AUTH TLS' successful: Upgrading control channel to TLS/SSL#
#Plain##ftp server returns reply '234 Proceed with negotiation.'#
#Plain##ftp server returns reply '331 Please specify the password.'#
#Plain##ftp server returns reply '230 Login successful.'#
#Plain##ftp server returns reply '200 PBSZ set to 0.'#
#Plain##ftp server returns reply '200 PROT now Private.'#
#Plain##ftp server returns reply '215 UNIX Type: L8'#
#Plain##ftp server returns reply '200 Switching to ASCII mode.'#
#Plain##ftp server returns reply '250 Directory successfully changed.'#
#Plain##ftp server returns reply '500 Illegal PORT command.'#
Does anybody know how to solve it?
Thank you in advance!
Roger Allué i VallOk! This is the maximum i could obtain:
Fri Dec 11 15:28:12 2009 [pid 15206] FTP response: Client "10.58.42.108", "220 Restricted Access. All Actions are monitored."
Fri Dec 11 15:28:12 2009 [pid 15206] FTP command: Client "10.58.42.108", "AUTH TLS"
Fri Dec 11 15:28:12 2009 [pid 15206] FTP response: Client "10.58.42.108", "234 Proceed with negotiation."
Fri Dec 11 15:28:12 2009 [pid 15206] FTP command: Client "10.58.42.108", "USER iubsint"
Fri Dec 11 15:28:12 2009 [pid 15206] [iubsint] FTP response: Client "10.58.42.108", "331 Please specify the password."
Fri Dec 11 15:28:12 2009 [pid 15206] [iubsint] FTP command: Client "10.58.42.108", "PASS <password>"
Fri Dec 11 15:28:12 2009 [pid 15205] [iubsint] OK LOGIN: Client "10.58.42.108"
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "230 Login successful."
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PBSZ 0"
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "200 PBSZ set to 0."
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PROT P"
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "200 PROT now Private."
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "SYST"
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "215 UNIX Type: L8"
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "TYPE I"
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "200 Switching to Binary mode."
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "CWD /interfaces"
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "250 Directory successfully changed."
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PORT 10,58,45,108,159,112"
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "500 Illegal PORT command."
I think we found the problem though. FTP Administrator says this is wrong:
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PORT 10,58,45,108,159,112"
it should be
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PORT 10,58,42,108,159,112"
Something is making SAP PI to take a wrong ip address (This server has two).
I'll let you know if we solve it!!
Thank you!!! -
Hi, I have a non-SSL website running on port 443. When I access this website using Chrome or IE it works just fine, but Firefox can't seem to accept what I have done. All browsers on the same machine and using the same web proxy.
I access the website as http://xyz:443.
Just a bit of background info as to why I need this. Where I work I can only access ports 443 and 80 via the web proxy. I have two distinct websites running on a couple of devices at home behind a very config-wise limited router which has ports 80 and 443 redirected to these hosts. There is no way for me to setup two port forward rules on port 80 to two different devices. I cannot setup SSL on either of the websites.
Regardless of options that could exist to overcome my particular issue, I would like to check if you guys know how to make Firefox work with a website running on port 443 whilst not having a certificate assigned to it.
Firefox 32.0.3
Error message:
The connection was reset
The connection to the server was reset while the page was loading.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer's network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.What type of ssl are you running? [https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/]
You can somehow remove the Strict-Transport-Security header or if there is a feature that forced encryption but by default https uses 443 for encryption. I do not know if this is possible. -
Kernel SSL (KSSL) Proxy isn't listening on port 443
Hello
I'm having some trouble with Solaris 10 KSSL. The SMF says it's configured and online but netstat shows nothing listening on 443. The configuration I'm using is below so you can try it if you like.
Thanks for any insight.
J
--- config commands start here ---
- Generate certificate and key (In this case self-signed for testing)
/usr/sfw/bin/openssl req -x509 -nodes -days 365 -subj "/C=NZ/ST=Canterbury/L=MtHutt/CN=`hostname`" -newkey rsa:1024 -keyout /var/tmp/mykey.pem -out /var/tmp/mycert.pem
- Configure KSSL Proxy instance
echo "password" > /var/tmp/kssl.pass
cat /var/tmp/mycert.pem /var/tmp/mykey.pem > /var/tmp/mystuff.pem
rm /var/tmp/mykey.pem /var/tmp/mycert.pem
(NOTE: The following command must be run from Global Zone.)
ksslcfg create -f pem -i /var/tmp/mystuff.pem -p /var/tmp/kssl.pass -x 8080 443
- Configure web server
(This example uses the Solaris supplied Apache in /usr/apache2)
hostname=`hostname`
ipaddr=`grep $hostname /etc/hosts | awk '{ print $1 }'`
cat /etc/apache2/httpd.conf-example | sed "s/^Listen 80/Listen $ipaddr:8080/" > /etc/apache2/httpd.conf
svcadm enable apache2
Edited by: ajcook on 9/01/2009 00:25The answer, as it often is, was user error. I had neglected to restart the Apache server to listen on the KSSL proxy port (port 8080 in the example given).
Mildly interesting exercise because it means that the KSSL doesn't start listening on it's SSL port until it verifies that the proxy port is available.
As soon as Apache was restarted, KSSL burst into life, ie.
/usr/sfw/bin/openssl s_client -connect localhost:443
CONNECTED(00000004) -
BM 3.8 sp5, Open Enterprise 6.5 SP6 - SSL - listening port 443 - Craig
advised to change to port 444 because it conflicts with Apache on the
server. Do my users need to type :444 when they authenticate or is this
change will be transparent to them? Also, one of our NetAdmins indicates
we are not running Apache...
Please provide me with more info. on this issue.
Thank you in advance for your helpIs wrote:
> BM 3.8 sp5, Open Enterprise 6.5 SP6 - SSL - listening port 443 - Craig
> advised to change to port 444 because it conflicts with Apache on the
> server. Do my users need to type :444 when they authenticate or is this
> change will be transparent to them?
I assume you're referring to proxy authentication, where the user enters
credentials in the browser to gain access to the proxy. In this case the
BM server automatically redirects users to the port 444 URL... they
don't type it in. Thus, the port the proxy listens on for SSL
*authentication* requests doesn't matter much, as long as it doesn't
conflict with other services running on the server.
Jim
Support Sysop -
Stratus tunneling over ports 443 and/or 80
Would it be possible to have Stratus listen on ports 443 and
80; and would Flash Player 10 indeed fall back to those ports, as
with FMS?
I am dealing with a customer who has difficulty opening 1935
due to corporate policies.
I have no information about port 10000+. Hopefully they pose
no problem.
Kind Regards,
FransThe older RTMP operates over TCP port 1935 and falls back to
tunneling over 443 and/or 80.
The newer RTMFP uses UDP and requires the ability to make
outbound connections to 1935 and also higher port numbers in order
to establish a server connection.
Running over port 443 and 80 UDP wouldn't help, the firewall
is likely configured to open up TCP 443 (HTTPS) and TCP 80 (HTTP)
while still blocking UDP.
If your application needs to work in the presence of
UDP-blocking firewalls (and note that we do several things to get
through them, if they do allow internally-initiated UDP sessions),
you'll need to code your own fallback to a TCP protocol like RTMP
or HTTP. -
WebServices over SSL - 403 Forbidden error
Hello all,
I am able to successfully communicate with a SSL enabled .NET webservice using apache-axis in my java code. however, when i
try the same with weblogic based libs [%bea_home%\server\lib\webserviceclient+ssl.jar] - assume the other jars are ok, i get
the following exception stack trace:
Disabling strict checking on adapter weblogic.webservice.client.WLSSLAdapter@55a338
Set TrustManager to weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@fdb00d
Set HostnameVerifier to weblogic.webservice.client.WLSSLAdapter$NullVerifier@131303f
Disabling strict checking on adapter weblogic.webservice.client.WLSSLAdapter@6b9c84
Set TrustManager to weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@e1eea8
Set HostnameVerifier to weblogic.webservice.client.WLSSLAdapter$NullVerifier@131303f
Got new socketfactory javax.net.ssl.impl.SSLSocketFactoryImpl@18f51f
Connecting to:www.abc.com port:443
socket:Socket[addr=www.abc.com/12.345.67.89,port=443,localport=4802]com.certicom.tls.interfaceimpl.TLSConnectionImpl@e35bb7
Warning: cert chain incomplete
Warning: cert chain untrusted
Warning: subject (www.abc.com, OU=Terms of use at www.verisign.com/rpa (c)00, OU=ABC 1, O=ABC inc, L=abc, ST=abc, C=abc) does
not match server name (null)
<Jul 27, 2004 10:52:49 AM GMT+05:30> <Info> <WebService> <BEA-220025> <Handler weblogic.webservice.core.handler.ClientHandler
threw an exception from its handleResponse method. The exception was:
javax.xml.rpc.JAXRPCException: weblogic.webservice.util.AccessException: The server at
https://www.abc.com/abcdef/ABCWebService.asmx?WSDL returned a 403 error code (Forbidden). Please ensure that your URL is
correct and that the correct protocol is in use..>
A RemoteException has been thrown
java.rmi.RemoteException: SOAP Fault:javax.xml.rpc.soap.SOAPFaultException: The server at
https://www.abc.com/abcdef/ABCWebService.asmx?WSDL returned a 403 error code (Forbidden). Please ensure that your URL is
correct and that the correct protocol is in use.
Detail:
<detail>
<bea_fault:stacktrace xmlns:bea_fault="http://www.bea.com/servers/wls70/webservice/fault/1.0.0">
</bea_fault:stacktrace>weblogic.webservice.util.AccessException: The server at
https://www.abc.com/abcdef/ABCWebService.asmx?WSDL returned a 403 error code (Forbidden). Please ensure that your URL is
correct and that the correct protocol is in use.
at weblogic.webservice.binding.soap.HttpClientBinding.handleErrorResponse(HttpClientBinding.java:371)
at weblogic.webservice.binding.soap.HttpClientBinding.receive(HttpClientBinding.java:233)
at weblogic.webservice.core.handler.ClientHandler.handleResponse(ClientHandler.java:63)
at weblogic.webservice.core.HandlerChainImpl.handleResponse(HandlerChainImpl.java:230)
at weblogic.webservice.core.ClientDispatcher.receive(ClientDispatcher.java:229)
at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:144)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:444)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:430)
at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:270)
at com.webservice.abc.client.proxy.ABCWebserviceSoap_Stub.getABC(ABCWebserviceSoap_Stub.java:113)
at com.webservice.abc.client.ABC_WS_Client.main(ABC_WS_Client.java:158)
</detail>; nested exception is:
javax.xml.rpc.soap.SOAPFaultException: The server at https://www.abc.com/abcdef/ABCWebService.asmx?WSDL returned a
403 error code (Forbidden). Please ensure that your URL is correct and that the correct protocol is in use.
at com.webservice.abc.client.proxy.ABCWebserviceSoap_Stub.getABC(ABCWebserviceSoap_Stub.java:118)
at com.webservice.abc.client.ABC_WS_Client.main(ABC_WS_Client.java:158)
Caused by: javax.xml.rpc.soap.SOAPFaultException: The server at https://www.abc.com/abcdef/ABCWebService.asmx?WSDL returned a
403 error code (Forbidden). Please ensure that your URL is correct and that the correct protocol is in use.
at weblogic.webservice.core.ClientDispatcher.receive(ClientDispatcher.java:285)
at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:144)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:444)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:430)END
at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:270)
at com.webservice.abc.client.proxy.ABCWebserviceSoap_Stub.getABC(ABCWebserviceSoap_Stub.java:113)
... 1 moreHi All,
I am new to webservice programming. I am trying to consume webservice over https. I am using weblogic 8.1 sp2. I am getting http 403 forbidden error. from the log it seems that ssl handshaking is completing.
Algorithm: [MD2withRSA]
Signature:
0000: BB 4C 12 2B CF 2C 26 00 4F 14 13 DD A6 FB FC 0A .L.+.,&.O.......
0010: 11 84 8C F3 28 1C 67 92 2F 7C B6 C5 FA DF F0 E8 ....(.g./.......
0020: 95 BC 1D 8F 6C 2C A8 51 CC 73 D8 A4 C0 53 F0 4E ....l,.Q.s...S.N
0030: D6 26 C0 76 01 57 81 92 5E 21 F1 D1 B1 FF E7 D0 .&.v.W..^!......
0040: 21 58 CD 69 17 E3 44 1C 9C 19 44 39 89 5C DC 9C !X.i..D...D9.\..
0050: 00 0F 56 8D 02 99 ED A2 90 45 4C E4 BB 10 A4 3D ..V......EL....=
0060: F0 32 03 0E F1 CE F8 E8 C9 51 8C E6 62 9F E6 9F .2.......Q..b...
0070: C0 7D B7 72 9C C9 36 3A 6B 9F 4E A8 FF 64 0D 64 ...r..6:k.N..d.d
]>
<Jan 30, 2006 11:39:29 AM GMT+05:30> <Debug> <TLS> <000000> <SSLTrustValidator r
eturns: 0>
<Jan 30, 2006 11:39:29 AM GMT+05:30> <Debug> <TLS> <000000> <Trust status (0): N
ONE>
<Jan 30, 2006 11:39:29 AM GMT+05:30> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: S
erverHelloDone>
<Jan 30, 2006 11:39:29 AM GMT+05:30> <Debug> <TLS> <000000> <write HANDSHAKE off
set = 0 length = 134>
<Jan 30, 2006 11:39:29 AM GMT+05:30> <Debug> <TLS> <000000> <write CHANGE_CIPHER
_SPEC offset = 0 length = 1>
<Jan 30, 2006 11:39:29 AM GMT+05:30> <Debug> <TLS> <000000> <write HANDSHAKE off
set = 0 length = 16>
<Jan 30, 2006 11:39:29 AM GMT+05:30> <Debug> <TLS> <000000> <SSLFilter.isActivat
ed: false>
<Jan 30, 2006 11:39:29 AM GMT+05:30> <Debug> <TLS> <000000> <isMuxerActivated: f
alse>
<Jan 30, 2006 11:39:29 AM GMT+05:30> <Debug> <TLS> <000000> <SSLFilter.isActivat
ed: false>
<Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 readRecord(
)>
<Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 SSL3/TLS MA
C>
<Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 received CH
ANGE_CIPHER_SPEC>
<Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <SSLFilter.isActivat
ed: false>
<Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <isMuxerActivated: f
alse>
<Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <SSLFilter.isActivat
ed: false>
<Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 readRecord(
)>
<Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 SSL3/TLS MA
C>
<Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 received HA
NDSHAKE>
<Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: F
inished>
<Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <write APPLICATION_D
ATA offset = 0 length = 304>
<Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <write APPLICATION_D
ATA offset = 0 length = 558>
<Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 read( offse
t: 0 length: 2048 )>
<Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <SSLFilter.isActivat
ed: false>
<Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <isMuxerActivated: f
alse>
<Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <SSLFilter.isActivat
ed: false>
<Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 readRecord(
)>
<Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 SSL3/TLS MA
C>
<Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 received AP
PLICATION_DATA>
<Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 APPDATA dat
abufferLen 0>
<Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 APPDATA con
tentLength 1907>
<Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 read databu
fferLen 1907>
<Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 read A retu
rns 1907>
javax.xml.soap.SOAPException: Failed to send message: weblogic.webservice.util.A
ccessException: The server at https://www.3pv.net/3PVWebServices/3PVWebServices.
asmx?wsdl returned a 403 error code (Forbidden). Please ensure that your URL is
correct and that the correct protocol is in use.
at weblogic.webservice.core.soap.SOAPConnectionImpl.call(SOAPConnectionI
mpl.java:61)
at com.ceon.pencor.threepv.ThreePVUtils.sendOrderRequest(ThreePVUtils.ja
va:350)
at com.ceon.pencor.threepv.ThreePVAdapterImpl.sendThreePVRequest(ThreePV
AdapterImpl.java:119)
at com.ceon.pencor.threepv.ThreePVAdapterImpl_ydsnbq_EOImpl.sendThreePVR
equest(ThreePVAdapterImpl_ydsnbq_EOImpl.java:46)
at com.ceon.pencor.threepv.ThreePVAdapterImpl_ydsnbq_EOImpl_WLSkel.invok
e(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:477)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
ef.java:108)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:420)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
dSubject.java:353)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
144)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
a:415)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
Caused by: weblogic.webservice.util.AccessException: The server at https://www.3
pv.net/3PVWebServices/3PVWebServices.asmx?wsdl returned a 403 error code (Forbid
den). Please ensure that your URL is correct and that the correct protocol is i
n use.
at weblogic.webservice.binding.http11.Http11ClientBinding.handleErrorRes
ponse(Http11ClientBinding.java:136)
at weblogic.webservice.binding.http11.Http11ClientBinding.receive(Http11
ClientBinding.java:220)
at weblogic.webservice.core.soap.SOAPConnectionImpl.call(SOAPConnectionI
mpl.java:57)
... 13 more
javax.xml.soap.SOAPException: Failed to send message: weblogic.webservice.util.A
ccessException: The server at https://www.3pv.net/3PVWebServices/3PVWebServices.
asmx?wsdl returned a 403 error code (Forbidden). Please ensure that your URL is
correct and that the correct protocol is in use.
at weblogic.webservice.core.soap.SOAPConnectionImpl.call(SOAPConnectionI
mpl.java:61)
at com.ceon.pencor.threepv.ThreePVUtils.sendOrderRequest(ThreePVUtils.ja
va:350)
at com.ceon.pencor.threepv.ThreePVAdapterImpl.sendThreePVRequest(ThreePV
AdapterImpl.java:119)
at com.ceon.pencor.threepv.ThreePVAdapterImpl_ydsnbq_EOImpl.sendThreePVR
equest(ThreePVAdapterImpl_ydsnbq_EOImpl.java:46)
at com.ceon.pencor.threepv.ThreePVAdapterImpl_ydsnbq_EOImpl_WLSkel.invok
e(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:477)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
ef.java:108)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:420)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
dSubject.java:353)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
144)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
a:415)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
Caused by: weblogic.webservice.util.AccessException: The server at https://www.3
pv.net/3PVWebServices/3PVWebServices.asmx?wsdl returned a 403 error code (Forbid
den). Please ensure that your URL is correct and that the correct protocol is i
n use.
at weblogic.webservice.binding.http11.Http11ClientBinding.handleErrorRes
ponse(Http11ClientBinding.java:136)
at weblogic.webservice.binding.http11.Http11ClientBinding.receive(Http11
ClientBinding.java:220)
at weblogic.webservice.core.soap.SOAPConnectionImpl.call(SOAPConnectionI
mpl.java:57)
... 13 more
ERROR : Exception is occurred during connecting url:https://www.3pv.net/3PVWebS
ervices/3PVWebServices.asmx?wsdl
Please help...
Cordially
Sandip -
Hello!
Is it possible to use MapViewer over SSL? If so, how to handle it?
Thanks!So, I have resolved my problem!
MapViewer really can render images via SSL.
My infrastructure:
1. Database server with Weblogic and MapViewer installed.
2. Web server with Apache software.
3. Users can access only to the web server and only using port 443 (HTTPS protocol).
4. All scripts on web server uses JavaScript API (oraclemaps.js).
And solution is:
1. Change "save_images_at" tag in mapViewerConfig.xml file to the following
*<save_images_at file_prefix="omsmap"*
url="https://WEBSERVER/mapviewer/images"
path="../../images"
life="0"
recycle_interval="480"
*/>*
2. Be sure to include mod_proxy, mod_proxy_connect and mod_proxy_http libraries in httpd.conf on the web server.
3. Add following proxy settings to the httpd.conf file
*<IFModule mod_proxy.c>*
ProxyRequests On
ProxyVia On
*<Proxy >*
Order deny,allow
Allow from all
*</Proxy>*
SSLProxyEngine On
ProxyPass /mapviewer https://MAPVIEWERSERVER:7002/mapviewer
ProxyPassReverse /mapviewer https://MAPVIEWERSERVER:7002/mapviewer
*</IFModule>*
4. Be sure your scripts uses new (proxied) MapViewer URL, e.g.
mapview = new MVMapView ( document.getElementById ( "map" ), 'https://WEBSERVER/mapviewer');
As a result all maps rendering requests sending by users to the web server are proxied by Apache to the MapViewer server.
P. S. "mapviewer" folder on the web server does not even exist!
Maybe you are looking for
-
How to get the BPEL WSDL url?
i'm trying to generate a Stub/Skeleton with JDev to invoke a BPEL Proccess from a Java client and i don´t know which is the BPEL Process WSDL Thanks Germán
-
How can I remove apps from iPhone.
I downloaded free apps, but I want to remove them now.
-
Smart form attachment in User decision step
Hi, i have a requirement to display Smart form in user decision step along with Approce and reject buttons. Please guide how to attach a smart form in workflow. Thanks. Edited by: Sanjay_lnt on Jul 10, 2010 8:13 PM
-
Installing Oracle 9iDS on Solaris 8 with Oracle 9i DB already running
Current setup is some what like this. We have SunV440 Server and have Oracle 9i Database running on it. To install 9i DB we have created a user Oracle on OS Solaris8. Now we would like to install Oracle 9iDS (Developer Suite) and configure its Separa
-
Problem with adding new contacts to CRM from Outlook
Hello, we are trying to import contact data into CRM 2013 using the Outlook client. A lot of these contacts are coming through in forwarded emails and the client is not picking up the contact data correctly. For example, when we click the 'track' but