SJWS 7 and SquirrelMail using SSL

Similar Messages

• Webcal and webmail where Calendar and Mail use SSL but Web does not

  I have Lion Serer 10.7.3 up and running. I have the same SSL cert in use for calendar, address book, and email, but not for web service. Calendar is running great via iCal.app and on iOS.
  1.  Trying to access the webcal at http://myserver.com/webcal returns a page saying "Calendar service is turned off. You can turn it on by using the Server app on the server." Accessing webcal via https://myserver.com/webcal fails when it redirects for authentication - the resulting page, gives me an apache 404 error that /auth could not be found - the url it is trying to reach is: https://myserver.com/auth?redirect=https://myserver.com/webcal/
  There is a bit of a hack for this that I have discovered - I change the url to eliminate the https on the url, but leave it on the redirect:
  http://myserver.com/auth?redirect=https://myserver.com/webcal/
  I can then authenticate and get into the calendar and it works as expected from there.
  2. Trying to access webmail via https://myserver/webmail fails with a page saying "Mail is turned off..." But it all works fine using the non-ssl connection.
  If I turn off all certs, then it works fine. If I turn on all certs, it works fine. But turning on SSL for my website is not an option - it's a blog that does not need the extra overhead (and my certs are self-signed, making them look nefarious to most web browsers). 
  So, I am looking for suggestions on how to obtain access to webcal where the calendar server (and address book server) are using an ssl certificate but the web service is not.
  Does anyone have suggestions on how to make this work appropriately, where the webcal and webmail are served on SSL protected connections and the Web Service uses an unencrypted, non-SSL connection?

  bump.
  Anyone? It seems this question has been asked a couple of different times and in a couple of different ways (including here: https://discussions.apple.com/message/16100639#16100639).
  Thanks for your help!

• HT201320 When i try to set up my mail account and get to save/verifying - I get a notice saying Cannot Connect Using SSl-

  When i try to set up my mail acct. and get6 to save/verifying - I get a notice saying Cannot connect to SSL.

  What mail provider is it?
  Have you Googled for: setup XXX email on iPhone
  where xxx is the provider
  You can try going to Mail>the accounts>Advanced and turn Use SSL on or off, the opposite of what it is now.

• When I try to set up my Optimum account email I get a message saying Cannot Connect Using SSL.

  When I try to set up my Optimum email account I get an error message saying Cannot Connect Using SSL. 

  What mail provider is it?
  Have you Googled for: setup XXX email on iPhone
  where xxx is the provider
  You can try going to Mail>the accounts>Advanced and turn Use SSL on or off, the opposite of what it is now.

• Configuring SquirrelMail to use SSL with SMTP

  I ran the conf.pl script to have SquirrelMail access my IMAP server via SSL, and everything works.
  I then tried to use SSL with SMTP as well but when I used SquirrelMail to send mail, I got an error saying "Can't open SMTP stream". What is the correct setting to tell conf.pl to use?
  I had secure SMTP enabled and chose CRAM-MD5 for the authentication method.
  I actually have my web server and smtp server on the same machine, so this is more of a hypothetical question. In the end I turned off secure SMTP and set authentication back to none.
  Ben

  I don't have access to logs right now, but to answer your other question, SSL works fine when sending from Mail.
  But with Mail, I supply the username and password; which user does SquirrelMail use to send?

• Squirrelmail: Unknown username or password incorrect, using SSL

  I'm trying to use SSL for email on Mac OSX Server. It works fine from clients using Mozilla Thunderbird but Squirrelmail won't connect. Using the webmail interface I get "Unknown username or password incorrect" every time I try to login.
  I went through the squirrelmail conf.pl script and made sure it had cyrix and that the authentication method matches the one checked in Server Admin. The configtest.php returns info followed by this error:
  ERROR: You need the openssl PHP extension to use SMTP/IMAP TLS!
  The thing is I've tryed this without SSL and still get the "Unknown username" error. In other words, I'm willing to go without SSL IMAP if it will just get this to work but it seems likely there is some other problem than the missing PHP library.
  On php.net it has the following:
  To use PHP's OpenSSL support you must also compile PHP --with-openssl[=DIR].
  I would rather not diverge from Apple's standard config but why isn't SSL for IMAP assumed in the php config that ships on Mac OSX Server? What is the best way to enable the openssl module of php without breaking anything else? Anyway, where are the php files on Mac OSX server?
  Mac mini; iMac G5; PowerMac G3 B&W, Rev1, 400Mhz   Mac OS X (10.4.3)  

  It's just not supported and not needed.
  The traffic is local, never hits a network so no need to encrypt the traffic.
  I would recommend that you have the IMAP SSL option in ServerAdmin set to "Use" not "Require" so that is allows both port 143 and 993.
  Have your imap clients connect to port 993 (ssl). Also have this port open through the firewall if needed.
  Your Squirrelmail web site should be set to use HTTPS so it's authentication (actually all content) is encrypted over the public internet.
  SquirrelMail config can be configured for regular imap on port 143. And block this port at the firewall.
  With this setup, anything traversing the public internet is secured.
  Jeff

• Any Problems using SSL with Safari and the move with Internet explorer to require only TLS encryption.

  Any Problems using SSL with Safari and the move with Internet explorer to require only TLS encryption.

  Hi .
  Apple no longer supports Safari for Windows if that's what you are asking >  Apple apparently kills Windows PC support in Safari 6.0
  Microsoft has not written IE for Safari for many years.

• Connecting Using SSL Authentication Without Username and Password

  Hi,
  We're on RedHat Linux 4.0 using 10.2.0.3 (server/client). We're trying to figure out a way to connect to the database using instantclient and JDBC-OCI and SSL authentication without using a username or password. According to the documentation this should be possible but no sample code is given.
  LD_LIBRARY_PATH is set /opt/app/oracle/product/10.2.0/db_1/lib:/usr/lib:/home/oracle/instantclient where the instantclient was installed from the 10.2.0.1 client software
  and we are using JDK version 1.6.0_03.
  We're also referencing the following paper:
  http://www.oracle.com/technology/tech/java/sqlj_jdbc/pdf/wp-oracle-jdbc_thin_ssl_2007.pdf
  We've got our client and server wallets configured and the sample code we tried looks like this:
  import java.sql.*;
  import java.sql.*;
  import java.io.*;
  import java.util.*;
  import oracle.net.ns.*;
  import oracle.net.ano.*;
  import oracle.jdbc.*;
  import oracle.jdbc.pool.*;
  import java.security.*;
  import oracle.jdbc.pool.OracleDataSource;
  public static void main(String[] argv) throws Exception {
  DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
  Security.addProvider(new oracle.security.pki.OraclePKIProvider());
  System.setProperty("oracle.net.tns_admin", "/opt/app/oracle/product/10.2.0/db_1/network/admin");
  String url = "jdbc:oracle:thin:@orcl";
  java.util.Properties props = new java.util.Properties();
  props.setProperty("oracle.net.authentication_services","(TCPS)");
  props.setProperty("javax.net.ssl.trustStore",
  "/opt/app/oracle/product/10.2.0/db_1/admin/wallet/server/cwallet.sso");
  props.setProperty("javax.net.ssl.trustStoreType","SSO");
  props.setProperty("javax.net.ssl.keyStore", "/opt/app/oracle/product/10.2.0/db_1/admin/wallet/client/cwallet.sso");
  props.setProperty("javax.net.ssl.keyStoreType","SSO");
  props.put ("oracle.net.ssl_version","3.0");
  props.put ("oracle.net.wallet_location", "(SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=/opt/app/oracle/product/10.2.0/db_1/admin/wallet/client)))");
  System.out.println("At Here...");
  OracleDataSource ods = new OracleDataSource();
  //ods.setUser("scott");
  //ods.setPassword("tiger");
  ods.setURL(url);
  ods.setConnectionProperties(props);
  System.out.println("At Here1...");
  Connection conn = ods.getConnection();
  System.out.println("At Here2...");
  Statement stmt = conn.createStatement();
  ResultSet rset = stmt.executeQuery("select 'Hello Thin driver SSL "
  + "tester ' from dual");
  while (rset.next())
  System.out.println(rset.getString(1));
  rset.close();
  stmt.close();
  conn.close();
  When this code is compiled and run, the following error is thrown:
  Exception in thread "main" java.sql.SQLException: invalid arguments in call
  at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:112)
  If a username and password is supplied, the code works. So does anyone have a working of using SSL to authenticate without supplying username/password?
  Thanks
  mohammed

  Hi,
  I just solved this. I noticed from another thread that I was not using the OCI driver (see below):
  String url = "jdbc:oracle:thin:@pki14";
  Once I changed it to:
  String url = "jdbc:oracle:oci:@pki14";
  The code worked perfectly. One more setting that you'll have to do is to create the user you want to connect as externally:
  create user scott identified externally as
  'CN=acme, OU=development, O=acme, C=US';
  grant connect,create session to scott;
  Note that the DN should be the same as the SSL certificate that you created in your wallet.
  hth
  mohammed

• Is there any way to config iws6.0 to connect to LDAP directory using SSL client and server authentication.  Only SSL server authentication worked when I tried.

  As my previous question, I followed the following instructions to setup up connection between iws and an LDAP server.
  "Using SSL to Communicate with LDAP
  You should require your Administration Server to communicate with LDAP using SSL. To enable SSL on your Administration Server, perform the following steps:
  1.Access the Administration Server and choose the Global Settings tab.
  2.Click the Configure Directory Service link.
  3.Select Yes to use Secure Sockets Layer (SSL) for connections.
  4.Click Save Changes.
  5.Click OK to change your port to the standard port for LDAP over SSL. "
  Q1. Any other steps needed to setup client authentication (or mutual authentication)?
  Q2. Do I need to enable security for connection groups in order to have this setup to work?

  Check out:
  http://docs.iplanet.com/docs/manuals/enterprise/60sp1/ag/esecurty.htm#1008113
  You will need to turn on Client Auth as described above. Hope it helps.

• What is "use SSL" and "S/MIME" mail settings for?

  What is "use SSL" and "S/MIME" mail settings for?

  it has do with encrypting your mail when sent over the web

• Unable to use SSL between Access Manager and Directory Server

  I am trying to set up Access Manager to use SSL when communicating with Directory Server. Access Manager 7 is running under Sun Web Server 6.1. I have configured Directory Server to use SSL using a Self-Signed CA and have imported the CA certificate into the certificate database for Web Server. When I change the Access Manager configuration as specified in the Admin Guide to use SSL and restart the Web Server, Access Manager fails with the message
  (among many others)
  netscape.ldap.LDAPException: SSL connection to
  eauth1.arc.nasa.gov:636, SSL_ForceHandshake failed: (-8157) Certificate extension not found. (91); Cannot
  connect to the LDAP server
  I am able to connect to the Directory Server instanc with JXplorer using SSL (with a complaint about an unknown CA). Can someone explain the error message so that I can fix the problem or work around it?
  Thanks

  in the initial part of AMConfig.properties, you'll find an entry similar to trustSSLCerts . This, by default, is set to false. Trying setting it to true (AM web server instance will need a restart). This lets AM continue with SSL handshaking inspite of errors. Am not sure if this affects AM to DS connectivity as well. It sure affects AM to AM communication (in a multiple server configuration).
  Naturally, it is not recommended that you use this feature when you are ready for production, but atleast it'll let you be sure that apart from the cert issue, everything else is okay.
  Hope this helps.

• I can't set up gmail in my iPad 2. Keep on saying ' can't connect with SSL and ask me whether to connect without using SSL, then I press 'yes' and it said again IMAP is not working and tell me to see network connection and incoming mail server.

  I can't set up gmail in my iPad 2. Keep on saying ' can't connect with SSL and ask me whether to connect without using SSL, then I press 'yes' and it said again IMAP is not working and tell me to see network connection and incoming mail server. No idea how to do anymore. Already tried to figure out. But not work. Can anyone pls help me?

  Nope, doesn't pass verification. I get the spinner for a minute or so, then the alert about setting it up without SSL. Are you suggesting I disable Fetch and Push BEFORE I enter the account details? Because I never get past the account details screen, unless I choose "Set up without SSL" after the warning.

• Anyone using SSL and successfully getting RSS updates about WIKI changes

  My group was hoping to use Mac Mini servers for WIKI and group collaboration servers, but I've run into problems. We're security conscious, so we keep the web & wiki server locked-down using SSL (by redirecting port 80-->443, using instructions found in these forums). That part seems to work ok. But we really want (and my boss REALLY wants!) to have a working RSS feed so he gets notifications in is Mac Mail when wikis are updated. I've had no real success getting this to work reliably. Sometimes I'll get updates in osx Mail, but other times, it won't update. I can't put my finger on the flakiness.
  1) Does anyone have this configuration working reliably, that is, Can it be done? Or should I give up and return these two mac mini servers.
  2) If so, any hints or tips as to how to get a reliable RSS feed over SSL?
  Thanks much,
  Rick.

  I have it working reliably in Firefox, but not in Mail. Mail seems to have issues with something, either the SSL or the authentication or both. So if he would be OK having it in his FF/Safari bookmarks or in his bookmark bar, that should work.

• Im trying to set up email on my iphone4 and it is saying "cannot connect using SSL" what does this mean?? what am i doing wrong because i cannot set up email??

  how do i set up email on my iphone??? it says "cannot connect using ssl" whats this mean, i cant recieve or send emails coz of this

  Try just choosing yes when it says that.  And yes if you get it a second time.  Lots of mail providers don't use SSL.

• Confused about the 11g R2 Forms Server and using SSL

  All,
  I just installed the 11g R2 Forms Server software without configuring it.
  I then ran the config.sh script to configure it which creates a weblogic server domain.
  I'm a bit confused now. If I run opmnctl status command I get the following:
  Processes in Instance: frmrep_inst_1
  --------------------------------------------------------------+---------
  ias-component | process-type | pid | status
  --------------------------------------------------------------+---------
  emagent_frmrep_inst_1 | EMAGENT | 28279 | Alive
  RptSvr_eiaorapptest_frmrep_ins | ReportsServerComp~ | 28124 | Alive
  ohs1 | OHS | 27831 | Alive
  This looks to me like there is an Oracle Http Server installed.
  Is the Oracle Http Server answering web calls when I run forms or is the Weg Logic Server answering the call?
  Also, the Oracle Forms Installation Documentation talks about securing your environment with Oracle Identity Manager but we are not using Oracle Identity Manager. I want to use SSL but I'm not sure how to secure the environment with SSL. Do I need to configure the WebLogic server to use SSL or the OHS?
  Any help would be greatly appreciated.
  Cheers

  Fusion Middleware 11.1.x does include HTTP Server (OHS) and also requires WLS. Both HTTP Server and WLS are http listeners, amongst other things. So whether WLS handles a request or HTTP Server does it will be entirely up to you and/or the end-user.
  OHS has a listener which by default (in FMw) listens for requests on port 8888. On the other hand WLS_FORMS is preconfigured to listen on port 9001.
  This means that if your URL looks like the following, WLS_FORMS will directly answer the client:
  <blockquote>http://server:9001/forms/frmservlet?form=abc</blockquote>
  If the URL looks like the following, the HTTP Server will reply:
  <blockquote>http://server:8888/forms/frmservlet?form=abc</blockquote>
  The request path when using OHS as the listener to call Oracle Forms would look like this:
  <blockquote>CLIENT --- OHS --- WLS_FORMS --- FORMS SERVLET --- FORMS RUNTIME (frmweb.exe) --- DATABASE</blockquote>
  The request path when using WLS_FORMS as the listener to call Oracle Forms would look like this:
  <blockquote>CLIENT --- WLS_FORMS --- FORMS SERVLET --- FORMS RUNTIME (frmweb.exe) --- DATABASE</blockquote>
  Although removing OHS from the path would seem to be better because it is one less server to administer and less system resources consumed, generally it would be argued that the advantages of having it will outweigh the disadvantages.
  There are numerous advantages to use OHS in front of WLS, but the most obvious should be that OHS can be set up so that you have one and only one entry point into your FMw environment. In other words, even though for example Forms WLS listens on 9001 and Reports on 9002 and some other app on 9999, all requests can be routed through a single OHS port (e.g. 8888). This gives added security since only one port would need to be open assuming a firewall was in place. This configuration is also helpful when calling one application from another. For example when calling Reports from Forms. If you use OHS, references to other WLS managed servers can be called with a relative reference rather than a fully qualified one.
  Regarding whether or not SSL needs to be enabled at any particular point in the path is entirely up to you. You can enable SSL from the client all the way back to the db or any where in between. It is fairly common to see SSL between the client and OHS then no SSL to WLS. But if security is a great concern then you may want to consider SSL from front to back. However, keep in mind that SSL comes at a price. Performance will degrade slightly when SSL is enabled.
  Also, OAM (Oracle Access Manager) has nothing to do with SSL. SSL refers to traffic encryption. OAM is for authentication - single sign on.
  Consider reviewing the Forms Deployment Guide as well as the other Fusion Middleware documents referenced within it.
  <blockquote>http://docs.oracle.com/cd/E24269_01/index.htm</blockquote>
  Finally, and most important, this topic really has nothing to do with Oracle Forms. This is more about how a web server or its environment works.