Something wrong with my SSL reverse proxy config.  HELP!

Using Sun ONE Web Proxy Server 3.6-SP6
1. Got Wildcard SSL Certificate from Verisign
2. Ran sec-key
made alias
used password from Verisign
3. Installed certificate
Used "Trusted Certificate Authority (CA)"
Pasted Cert in "Message Text (with headers)"
4. Verified Certificate install in "Manage Certificates."
5. Created regular and reverse mappings.
When I try to turn on encryption, it says:
Unable to read key file (9)
What did I do wrong? I appreciate help from anyone.
-ba

What is the OS ?
If it's Solaris, a truss will give you more details on the error.
Verify the rights on your folder alias and all its contents.
Can we have a more detailled error log file when you try to start the Proxy instance.
Another remark :
In the Admin Guide the scenario is called "Setting up a secure reverse proxy ".
The problem is, that if the Webserver request for Client-Authentication
within the SSL-Handshake the Proxy-Server has to present a cert signed as Client-Cert.
Solution:
- Proxy Server owner has own CA.
Create CSR within Proxy Server and let the CSR be signed as Client Cert.
- Proxy Server owner has not own CA.
Choose a CA which allows to get client certs using CSR (e.g. tctrustcenter)
Create CSR withing Proxy Server, at the common name use your name/Email=your.name@yourdomain
Get the client cert at the CA using this CSR
Import the cert into the Proxy Server.
Create regular and reverse mappings
e.g regular: http://test.content.org https://test.content.org
reverse: https://test.content.org http://test.content.org
Choose "initialize certificates only" at security settings for proxy instance.

Similar Messages

  • CSS110501 - CE590 (ACNS 5.1), reverse proxy config issue

    Guys,
    I'm trying to get the following to work:
    Client on internet (no explicit proxy config) is connecting to a webserver. The VIP resides on the CSS which has a reverse proxy config pointing to the CE590.
    |Client|
    |
    |
    | CSS |----------| CE590 |
    |
    |
    | Web |
    I used the config from the Cisco web, but I can't get it to work.
    I can connect to the webserver, but it looks like the CE590 is not acting as a proxy, at least not completely.
    Because it looks like it 'hangs' on collecting the graphics.
    This is my config on the CSS:
    service bktpce1
    protocol tcp
    port 80
    no cache-bypass
    ip address 192.168.0.2
    type transparent-cache
    active
    eql cacheable
    description "This EQL contains extensions of cacheable content"
    extension pdf "Acrobat"
    extension fdf "Acrobat Forms Document"
    extension au "Sound audio/basic"
    extension bmp "Bitmap Image"
    extension z "Compressed data application/x-compress"
    extension gif "GIF Image image/gif"
    extension html "Hypertext Markup Language text/html"
    extension htm
    extension js "Java script application/x-javascript"
    extension mocha
    extension jpeg "JPEG image image/jpeg"
    extension jpg
    extension jpe
    extension jfif
    extension pjpeg
    extension pjp
    extension mp2 "MPEG Audio audio/x-mpeg"
    extension mpa
    extension abs
    extension mpeg "MPEG Video video/mpeg"
    extension mpg
    extension mpe
    extension mpv
    extension vbs
    extension m1v
    extension pcx "PCX Image"
    extension txt "Plain text text/plain"
    extension text
    extension mov "QuickTime video/quicktime"
    extension tiff "TIFF Image image/tiff"
    extension tar "Unix Tape Archive application/x-tar"
    extension avi "Video for Windows video/x-msvideo"
    extension wav "Wave File audio/x-wav"
    extension gz "application/x-gzip"
    extension zip "ZIP file application/x-zip-compressed"
    content p_cm_vip-prod-appl-www
    protocol tcp
    port 80
    vip address 123.13.112.56
    add service x-appl-server1
    active
    content p_nc_vip-prod-appl-www
    sticky-inact-timeout 15
    add service x-appl-server1
    port 80
    url "/*"
    protocol tcp
    vip address 123.13.112.55
    active
    content p_rp-vip-http-web
    protocol tcp
    port 80
    url "/*" eql cacheable
    add service bktpce1
    vip address 123.13.112.55
    active
    This is the config on the CE590:
    ! ACNS version 5.1.15
    http proxy outgoing host 123.13.112.56 80 primary
    http l4-switch enable
    interface FastEthernet 0/0
    ip address 192.168.0.2 255.255.255.248
    no autosense
    bandwidth 100
    full-duplex
    no cdp enable
    exit
    ip default-gateway 192.168.0.1
    no bypass load enable
    rule action use-proxy 123.13.112.56 80 pattern-list 1 protocol all
    Do I need to configure something else?
    Regards,
    Edwin

    I can see traffic hitting the VIPs:
    p_cm_vip-prod-ap Active x-appl-server1 5827
    p_nc_vip-prod-ap Active x-appl-server1 1574
    p_rp-vip-http-we Active bktpce1 1149
    When I look in the apache error logs there are no entries.
    When I look in the appache access logs I only see the following entries from my client host:
    82.4.195.39 - - [02/Aug/2005:10:24:37 +0200] "GET / HTTP/1.1" 200 5296 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
    82.4.195.39 - - [02/Aug/2005:10:24:37 +0200] "GET /outerframe.php?language=NL&strSiteCountry=NL&BRCHERKOMST=BRC HTTP/1.1" 200 3624 "http://preprod.daarginds.nl/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
    82.4.195.39 - - [02/Aug/2005:10:24:37 +0200] "GET /main.php?language=NL&strSiteCountry=NL&BRCHERKOMST=BRC HTTP/1.1" 200 36569 "http://preprod.daarginds.nl/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
    82.4.195.39 - - [02/Aug/2005:10:24:37 +0200] "GET /js/dropdown_initialize.js.php?language=NL&strSiteCountry=NL&BRCHERKOMST=BRC HTTP/1.1" 200 228 "http://preprod.daarginds.nl/main.php?language=NL&strSiteCountry=NL&BRCHERKOMST=BRC" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
    82.4.195.39 - - [02/Aug/2005:10:24:37 +0200] "GET /js/dropdownC.js.php?language=NL&strSiteCountry=NL&BRCHERKOMST=BRC HTTP/1.1" 200 15928 "http://preprod.daarginds.nl/main.php?language=NL&strSiteCountry=NL&BRCHERKOMST=BRC" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
    82.4.195.39 - - [02/Aug/2005:10:24:37 +0200] "GET /css/daarginds.css HTTP/1.1" 304 - "http://preprod.daarginds.nl/main.php?language=NL&strSiteCountry=NL&BRCHERKOMST=BRC" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
    When I do a tcpdump on destination port 80 on the server, I see the following:
    preprod.daarginds.nl.http: . ack 52149 win 64860 (DF)
    10:34:05.957776 82.4.195.39.6242 > preprod.daarginds.nl.http: . ack 10204 win 64860 (DF)
    10:34:06.058767 82.4.195.39.6242 > preprod.daarginds.nl.http: P 1403:1905(502) ack 10204 win 64860 (DF)
    10:34:06.058777 82.4.195.39.6243 > preprod.daarginds.nl.http: R 1064:1064(0) ack 53295 win 0 (DF)
    10:34:06.070434 82.4.195.39.6242 > preprod.daarginds.nl.http: R 1905:1905(0) ack 10372 win 0 (DF)
    10:34:27.020617 192.168.0.2.55444 > preprod.daarginds.nl.http: S 1662943048:1662943048(0) win 5840 (DF)
    10:34:27.020866 192.168.0.2.55444 > preprod.daarginds.nl.http: . ack 155787170 win 5840 (DF)
    10:34:27.020889 192.168.0.2.55444 > preprod.daarginds.nl.http: F 0:0(0) ack 1 win 5840 (DF)
    10:34:27.021240 192.168.0.2.55444 > preprod.daarginds.nl.http: . ack 2 win 5840 (DF)
    So the CE is hitting the webserver (although not shown in the apache log files).
    But the 192.168.0.2 you see with the tcpdump is listed every 60 sec, and this is the is-a-live test of the CE.....
    You don't see an entry in tcpdump or in the apache log files when hitting the server with a browser.
    Edwin

  • Reverse Proxy Configuration - Apache as an SSL reverse-proxy

    Hi,
    We have EP 6.0 SP 14 installed with SSL configured.
    We are in need to open the application to internet.
    For the same we have set up a reverse proxy server (Apache as SSL
    Reverse Proxy).
    Our requirement is to open the application to the internet with
    web address https://abc.domain.com.
    The issue is we are able to access the application from internet only when
    https://abc.domain.com/irj/potal is typed.
    (ie.) Mapping is working fine for
    https://abc.domain.com/irj/portal to
    our EP Portal address https://abc2.domain.com:50001/irj/portal
    And not working for mapping https://abc.domain.com to our EP Portal
    address https://abc2.domain.com:50001/irj/portal
    We have been working on to resolve this issue for days together but have been really unsuccessful
    Kindly help us in resolving the same asap.
    Note : The references we used are:
    1. SAP's document:
    "Apache Reverse Proxy Configuration for J2ee 6.20 and 6.40 Web Applications"
    2. Weblogs:
    The Reverse Proxy Series -- Part 1: Introduction
    The Reverse Proxy Series -- Part 3: Apache as a reverse-proxy
    The Reverse Proxy Series -- Part 3.1: Apache as an SSL reverse-proxy
    Regards,
    venkat.

    Thanks much for the feedback. We're using the default settings on the HTTP rule we have set up for the portal on the ISA server. We'll be looking into the details of what the default rule settings are, however we did find a note in the Microsoft Knowledge base detailing with the ISA server screening high bits in URL strings for Outlook Web Access (OWA). This generates a similar error message. Here is the link to the detailed note on the Microsoft web site:
    http://support.microsoft.com/?scid=kb;en-us;837865
    Also,we are going to be applying the SP1 upgrade to the ISA server (released in March) to see if this might be some type of issue that may have been identified and corrected by the service pack. We'll see what happens with that.
    One area where we can recreate the problem at will is when we set up the system landscape configuration. We can navigate to a system configuration object, however when we attempt to right click to edit the object we get the error. There are other circumstances where we get errors but that is one that occurs for sure. Anyone have any idea as to what might be special about that type of transaction??
    Thanks again.
    Rich

  • My phone wont let me download anything even free stuff or update.it keep saying something wrong with my billing info so i fix it but still cant download.I signed out sign back in still nothing please help i'm getting angry

    My phone wont let me download anything even free stuff or update.it keep saying something wrong with my billing info so i fix it but still cant download.I signed out sign back in still nothing please help i'm getting angry

    If it says your billing info is wrong that means that your credit card issuer is refusing to approve your account. You will have to solve the problem with your bank or credit card company.

  • I have a Mid 2009 Macbook Pro 13 with no restore disk; it has OS 10.8.4 I believe there is something wrong with the OS due to I can not install flash player to view Youtube videos and the when we plug in a Bose headset the sound out will work sometimes

    I bough a used Macbook Pro mid 2009 that came with OS 10.8.9 it didn't have a backup restore disk with S/N W8******66D
    When trying to view some youtube videos; a window would pop up saying "it needs adobe flash player is required for video play back get the latest flash player" but after downloading the file and during installation would have errors and will not installed.....tried to reboot and install again.....but still the same.
    The othe thing I had noticed is when using a good Bose headset with mic the sound output would noticed the headset and then switch from headset to Internal speekers and headset.....thinking that there might be something wrong with the plug in port of the computer or the headset.....the headset works with no issues on my iPad so there must be something wrong with the computer.....tried to move the plugin around the port but no change....while the headset is plug in can hear a short clicking noise and the sound would get lost and back again......but with nothing plugin to the port there is no issue with the sound or mic.
    Thanks for your feed back......it looks like I have two different issues one is a software issue and the outher is a hardware issue
    <Edited By Host>

    The "restore disk" is built into the Mac. See About Recovery.
    Need more specifics about what error messages you got while installing Adobe Flash.
    However, you can almost avoid Flash altogether by setting YouTube to play the HTML5 version instead.
    Click the Try something new! link at the bottom of the YouTube page.
    I don't know about the sound issue. Might be hardware as you think. Try other headphones to check.

  • I'm not able to down load free apps without money on a credit card but the app is fee is this correct or is something wrong with my ipad

    I can not download apps that are free without money on a credit card. Is this right or is something wrong with my ipad

    Read here... https://discussions.apple.com/thread/5979741
    Keeka36 wrote:
    is something wrong with my ipad
    No.

  • There is something wrong with the volumes buttons in my macbook pro, every time i pressed the one who raises the volume, it leads me to the screen where (i do not no what its called) the background is black with the date and time and a calculator.

    There is something wrong with the volumes buttons in my macbook pro, every time i pressed the one who raises the volume, it leads me to the screen where (i do not no what its called) the background is black with the date and time and a calculator. However, when i lower it, my safari tab goes out of the screen. What do you guys think i should do? I'm getting very nervous.

    hey HAbrakian!
    You may want to try using the information in this article to adjust the behavior of your function keys to see if that resolves the behavior:
    Mac OS X: How to change the behavior of function keys
    http://support.apple.com/kb/ht3399
    Take care, and thanks for visiting the Apple Support Communities.
    -Braden

  • There is always a blue screen appears after the Apple logo during the booting process. And then everything is back to normal. What is this thing? Is there something wrong with my screen or something?

    There is always a blue screen appears after the Apple logo during the booting process. And then everything is back to normal. What is this thing? Is there something wrong with my screen or something?

    Nah - that's just the normal boot process.
    Clinton

  • I synced. All my music disappeared. Now it will only sync my apps and not my music. Is something wrong with the port on my ipod, the USB cord, or Itunes?On Itunes it says I still have all my music. :(

    I synced my ipod to my computer and all my music disappeared. I tryed resyncing it and it would only sync my apps and not my music. I cant add music to my ipod. I something wrong with the USB port in the IPOD, the USB Cord, or ITUNES itself. Itunes still shows that all my music is there on my ipod. Itunes is recognizing that my ipod is connected, but it doesnt recognize that theres no music on my ipod anymore. Im so sad. Someone please help me. I miss my music.

    The music sync is one way - computer to ipod.  The only exception is itunes purchases.
    The ipod is not a storage/backup device.  It simply mirrors the selected content of your computer.
    As the music came from your computer in the first place, it should still be there and in your backup copy of your computer.

  • "The file 'Acknowledgements.rtf' cannot be installed because the file cannot be found in the cabinet file 'iTunes.cab'.  Is there something wrong with the latest installer? (11.3.1)

    Getting error message as shown: "The file 'Acknowledgements.rtf' cannot be installed because the file cannot be found in the cabinet file 'iTunes.cab'.  Is there something wrong with the latest installer? (11.3.1)

    Installs fine for me, so I'd guess you got an incomplete or corrupt download. See the Further Information area of Troubleshooting issues with iTunes for Windows updates for direct links and download a fresh copy of the installer.
    tt2

  • Something wrong with my CD/DVD drive??

    I think there is something wrong with my CD/DVD drive. here are the things I notice:
    At time the CD drive will act up and make a little noise (same normal noise as when mac starts up) but for no reason
    When I put my mac on stand by, my CD drive decided to make some noise and then it woke the computer from sleep mode
    Any suggestions? What could be the problem here?
    Thanks.
    Dorian

    well i live in a small town so finding an apple repair service is out of the question....but i will probably just make an appointment....now my biggest problem is i cant find the receipt from best buy where i bought it from. but as soon as i got home and turned it on i registered it online and when i went to check it earlier and typed the serial number it says its still under limited warranty until january 18 2008...can i just tell them the serial number since i dont have the receipt anymore or will they charge me since i dont have the receipt? should i just buy applecare before i make an appointment and bring it in? thanks for all of your help

  • I just purchased Final Cut Pro X and I want to burn a dvd but the tabs do not see the option of SHARE. Is there something wrong with my Final Cut Pro X?

    I just purchased Final Cut Pro X and I want to burn a dvd but the tabs do not see the option of SHARE. Is there something wrong with my Final Cut Pro X?

    It's also under the File menu.

  • Just got an Ipad and am working on setting it up.  the one issue I am having with it is my screen will not rotate no matter what I do to the settings, I can't figure out if the settings are wrong or if there really is something wrong with my Ipad.

    just got an Ipad and am working on setting it up.  the one issue I am having with it is my screen will not rotate no matter what I do to the settings, I can't figure out if I have a setting wrong or if there really is something wrong with my Ipad.  any help would be greatly appreciated.

    Double click the home button (square)  and all the things you did are there.keep sliding the bar that will come up on the bottom to the left till it cant go anymore there should be a icon looking like this.press that and it should work
    Good luck hope it works.

  • Is there something wrong with this table row definition?

    I have am supporting a coldfusion app that manipulates several forms.  One one particular page, there is a form that consists of several tables.  The last 3 lines of the last table are
        <tr>
                <td height="35" align="right" valign="middle">Description:</td>
                <td align="left" valign="middle"><input name="tmpPurpose" class="RptStd" size="70" maxlength="100" value="" onblur="document.ExpnDtl.Purpose.value = this.value;" onchange="ChkName(<cfoutput>#Session.CCWarn#</cfoutput>)" /><input type="hidden" name="Purpose" value="" />
                             <a href="#" id="aDesc" onclick="ShowHelp('9')" style="border:none; display:inline; padding: 0px 0px 0px 0px"><img src="/images/Help_Icon.gif" height="14" width="13" border="0" /></a>
                            </td>
          </tr>
          <cfif IsDefined("form.ExpnsCntrb")>
              <tr id="CntrbErr">
                   <td colspan="2" class="Error"><cfoutput>#form.ExpnsCntrb#</cfoutput></td>
              </tr>
          </cfif>
          <tr id="expnContrib">
                  <td align="left" valign="middle" height="35" class="RptStd" colspan="2">Is expenditure a contribution to a candidate, officeholder, or political committee?    <input type="radio" name="rdoCntrb" value="Y" /> Yes    <input type="radio" name="rdoCntrb" value="N" /> No</td>
           </tr>
          <tr id="COHInfo">
              <td colspan="2" class="RptStd" align="left" valign="middle" height="35">
                  <input type="checkbox" name="chkCand" id="chkCand" value="X" onclick="if (this.checked) document.ExpnDtl.btnCOH.disabled = false; else document.ExpnDtl.btnCOH.disabled = true;" />Direct expenditure to benefit a candidate or officeholder    
                  <input type="button" name="btnCOH" value=" Enter C/OH Information " class="RptBtn" onclick="window.open('/Testing/Test_COHBenefit.cfm?Parent=' + document.ExpnDtl.ItemID.value + '&Type=EXPN&Form=' + document.ExpnDtl.ExpnCode.value, 'CandidateInfo', 'width=730px,height=475px,scrollbars,resizable,location')" disabled /> <a href="#" id="aDirExpn" onclick="ShowHelp('11')" style="border:none; display:inline; padding: 0px 0px 0px 0px"><img src="/images/Help_Icon.gif" height="14" width="13" border="0" /></a>
              </td>
         </tr>
         </table>
    Now whne the form is displayed on my page, I always see the line of text Description and the line of text Direct expenditure to benefit a candidate or officholder (in bold above).  But I never see the line of text  Is expenditure a contribution to a candidate... (in italics above).   It seems so simple but I can't figure out why that line does not display!!  Is there something wrong with that tr/td definition?

    Have you tried removing the ID?  Just to see if some CSS might be using that ID with a display:none or visibility:none statement?

  • Is there something wrong with a Oscar Gomez Fuentes 2Channel oscilloscope

    Is there something wrong with a Oscar Gomez Fuentes 2Channel oscilloscope or are my devices configured wrong. I have DAQCard-6036E and SCC-2345 with SCC-Ft01 and SCC-A10 modules. The problem is that when I am measuring with A10 it effects to FT01's RMS and DC values. But when I am measuring with Ft01 everything is ok. So what's wrong?? I attached a picture of a front panel.
    Attachments:
    front_panel.JPG ‏132 KB

    Neuvos,
    Do any of the signals you are measuring have high output impedances (> 1 kOhm)? If so, you may be seeing cross-talk (or ghosting). Below, I have included links to a number of documents that discuss this issue and methods for eliminating it:
    Data Acquisition: Troubleshooting Unexpected Voltages or Cross-talk in Analog Input Channels
    Using a Unity Gain Buffer (Voltage Follower) with a DAQ Device
    Is Your Data Inaccurate Because of Instr
    umentation Amplifier Settling Time?
    Good luck with your application.
    Spencer S.

Maybe you are looking for

  • Report to see versions of oracle financials modules

    Do you know any seeded report I can ran to see what versions of financial modules reside in our database? Can we use diagnostic tools? how to use it? I'm trying to find the version of i-expense.

  • How to add a link to html region to fire a dynamic action?

    Hi, guys: I need to add a hyper link to a html region (I wish it could be a button :( ) , the value of items in this region is loaded by a pl/sql process before loading header. And this link needs to fire a dynamic action to update database. I know h

  • SAP SD Process Hierarchy

    Hi all, Can any one please paste here SD Process Hierarchy as in tcode SE43 as my IDES is not working. Please respond. Best Regards, AI.

  • How to post an After Effects Template ?

      I would like to post After Effects templates with Download or Buy buttons linked to external sites. I saw other users that do this in "Home / Communities / Adobe Exchange Classic" . Please help me out with this matter. Thank you

  • Locating on a location on GMap using combo box using SDK

    Hi All, I have a requirement to locate a city on google map using combo box. I want name of cities to appear in combo box and on selecting a city, map should be able to locate that city. This combo box will be visible on map itself. Combo box can be