SSL Accelerators and WLS???

Similar Messages

• SSL Acceleration between iPlanet and WLS

  I was wondering if anybody has successfully deployed a SSL accelerator card for SSL acceleration between iPlanet and WLS?

  This is a feature in the latest release, WebLogic Server 6.1.0
            <http://e-docs.bea.com/wls/docs61/////adminguide/nsapi.html#101168>. It is
            not available for WebLogic Server 5.1.0.
            Regards,
            -- Ian
            "Abhinandan" <[email protected]> wrote in message
            news:3ba5dfa9$[email protected]..
            > Can i get SSL communication between iPlanet and Weblogic 5.1? if yes then
            how??
            

• Nortel (Alteon) ISD SSL Accelerators

  Hi everybody. Just wondering if somebody can share their experience
  configuring a pair of Nortel (Alteon) Load Balancers and ISD SSL
  Accelerators to work with WLS 6.1 SP1.
  According to the Nortel Systems Engineer, in order to off-load the HTTPS
  traffic to the accelerator, I need to create two listeners for clear traffic
  and another listener for SSL traffic. The first clear listener is used for
  normal HTTP traffic. In that situation, the browser sends up normal HTTP to
  the load balancer. The load balancer routes the HTTP traffic to WLS.
  In the case of HTTPS traffic, the load balancer sends the HTTPS traffic to
  the ISD. The ISD performs the SSL handshake, the decryption, etc. Once the
  traffic is in the clear, the ISD sends the (clear) traffic back to the load
  balancer which then forwards the (clear) request to the second (clear)
  listener. This apparently is needed so that (1) the WLS instance gets to
  process clear traffic and (2) when it replies, the load balancer knows that
  to send the clear response to the ISD for encryption.
  I was wondering if that is how you set up your environment.
  Thanks.
  Bernie
  978-513-6155 (w)

  Hi everybody. Just wondering if somebody can share their experience
  configuring a pair of Nortel (Alteon) Load Balancers and ISD SSL
  Accelerators to work with WLS 6.1 SP1.
  According to the Nortel Systems Engineer, in order to off-load the HTTPS
  traffic to the accelerator, I need to create two listeners for clear traffic
  and another listener for SSL traffic. The first clear listener is used for
  normal HTTP traffic. In that situation, the browser sends up normal HTTP to
  the load balancer. The load balancer routes the HTTP traffic to WLS.
  In the case of HTTPS traffic, the load balancer sends the HTTPS traffic to
  the ISD. The ISD performs the SSL handshake, the decryption, etc. Once the
  traffic is in the clear, the ISD sends the (clear) traffic back to the load
  balancer which then forwards the (clear) request to the second (clear)
  listener. This apparently is needed so that (1) the WLS instance gets to
  process clear traffic and (2) when it replies, the load balancer knows that
  to send the clear response to the ISD for encryption.
  I was wondering if that is how you set up your environment.
  Thanks.
  Bernie
  978-513-6155 (w)

• NCA doesn't work with ssl accelerators

  I am trying to implement NCA on apache 2.0 on solaris 10. It seems to work fine, except for https - we use ingrian ssl accelerators. The apache website comes up fine and everything works, except ssl just keeps timing out. Has anyone got this feature to work using ssl accelerators?

  Hi Sanjit,
  I've tried this on multiple PCs and get the same problem everywhere.
  See picture with IE11 and chrome.
  Sincerely,
  Davy

• SSL Accelerators Anyone?

  Hi,
  were currently using version 6.2 of the portal software. We're trying to let it work together with an SSL accelerator (Sun 4000/internal card).
  The SSL accelerator seems to work ok for a webserver on the same machine.
  But for the gateway we went through the whole process of the manual. All config goes well, but when starting the gateway it never asks for a password to access the sra-keystore.
  P.S.
  I know that there is a design document stating that SSL accelerators don't work with portal, but why put it in the manual and have activation switches ;-)
  I think what they mean is that it does not normally do acceleration of the bulk encryption. the 4000 card can do this but you need to change the default cipher for this to work.

  What hardware acceleration are you using and what performance problems are you using ?

• Cannot access to any site with ssl connection and fail to open safari and keychain, unless restart computer and login in with Guest account.

  when Update to 10.7.2 ,I cannot access to any site with ssl connection and fail to open safari and keychain, unless restart computer and login in with Guest account.
  OS:10.7.2
  Macbook Pro 2010-mid 13inch

  I also have the same problem, however if I use Firefox or Opera sites with ssl connection work fine. Still, I can't use Google Chrome (ssl), Safari (ssl), the Mac app store (generally), or the iTunes store (generally). Both the iTunes store, Safari and the app store won't respond, and Chrome displays this error: (net::ERR_TIMED_OUT). The problem persists regardless of what network I'm using. Also, when trying to access the keychain or iCloud, the process will not start (will hang). I didn't have these problems at all before updating to 10.7.2.
  Sometimes rebooting helps, and sometimes not. If the problem disappears by rebooting, then it only lasts a few minutes before it reappears. It is very frustrating, especially since there doesn't seem to be any obvious or consistent way of which to fix it.
  I'm also using a Macbook Pro 13-inch mid 2010.

• SSL certificates and Web Services Usage inside Oracle Database Questions!

  We have implemented a specific business logic using PL/SQL for our client, so we open a file and process each line of this, doing something in the Database and also call a Web Services (Service1) using UTL_HTTP package. Service1 runs in a Windows 2008 Server in the DMZ as Database server.
  Service1 is already working, and we can call the service from PL/SQL without troubles.
  However, according with security client's policies they requires all Web services be consumed via https including Service1, so we must to follow the procedure established for Oracle in order to enable the calling of service1 via https from the Database.
  Our client's DBA and IT Team are concerned about two subjects before to continue to follow the certificate installation:
       - SSL Certificates:
  1- Can installed certificates in the Database put in risk the stability of the database?
            2- Can installed certificates in the Database generate performance issues?
            3- Can installed certificates reloading the Databases?
            2- Can installed certificates in the Database generate security issues?
       - Web services:
  1- Can web services calling from the Database put in risk the stability of the database?
  2- Can web services calling from the Database generate performance issues?
  3- Can web services calling from the Database generate security issues in the DMZ?
  Could you please give us any clues, about the possible negative impact related with the SSL certificates and Web Services Usage inside Oracle Database, if it’s the case this impact exists?.
  Those are the links describing the procedure mentioned above.
  1 -http://www.kotti.es/2009/11/oracle-wallet/
  DB: Oracle 9i.
  Average number of lines in file: 300
  Periodicity: Twice at day.

  Thiago:
  You are correct in that there should be no problem interacting with a Web service that has an HTTPS endpoint as long as you create a wallet and specify it when you make your UTL_HTTP calls, like the PayPal example.
  I am not aware of a PL/SQL utility to create a XMLDsig Standard message, but if you find some Java source out there that does it, you may be able to follow a technique I used for a similar use case:
  http://jastraub.blogspot.com/2009/07/hmacsha256-in-plsql.html
  Regards,
  Jason

• WebDev Install with JDeveloper and WLS

  I'm familiar with the installation of a JDE WebDev Client and now I've been tasked with a JDeveloper 11.1.1.2 and WLS install. Is there any good guides on how to set this up?
  EnterpriseOne 811
  Tools 8.98.3.1
  Any help would be greatly appreciated.
  Thank you,
  Al

  Hi Al,
  Try this:
  https://support.us.oracle.com/oip/faces/secure/km/DocumentDisplay.jspx?id=1302209.1
  This doc explains what components you need to have on a E1 Client that will be used to build and deploy BSSV Packages to a Bus Services Server. The Combination of JDeveloper and WLS probably indicates that you are intending to setup a Bus Services Server. However, this is only supported as of 811SP1.
  If you are running 811SP1, the process of setting up a Bus Services Server involves:
  - defining a BSSV instance via Server Manager
  - setting up a E1 Client with JDeveloper that will be used to build and deploy a Business Services Package
  The following doc has useful links to the MTRs for Bus Services Server as well as other useful resources on BSSV.
  https://support.us.oracle.com/oip/faces/secure/km/DocumentDisplay.jspx?id=967281.1
  Edited by: user621397 on 15/04/2012 22:03
  Edited by: user621397 on 15/04/2012 22:04

• Dr.Watson troubling me and WLS 5.1  ?!?!?!?!?!

  I have installed Weblogic 5.1 with Service Pack 2 and often the Dr.Watson error message is displayed. The Weblogic Server is then shutdown.Any solution for me friends!

  Hi,
  can you post some more details? Which Virtual Machine (java
  -fullversion), which database driver? Any other native code? When will
  Dr. Watson occur? When starting the server or after a while?
  Daniel
  -----Original Message-----
  From: shivakumar [mailto:[email protected]]
  Posted At: Tuesday, August 28, 2001 1:59 PM
  Posted To: performance
  Conversation: Dr.Watson troubling me and WLS 5.1 ?!?!?!?!?!
  Subject: Dr.Watson troubling me and WLS 5.1 ?!?!?!?!?!
  I have installed Weblogic 5.1 with Service Pack 2 and often
  the Dr.Watson error message is displayed. The Weblogic Server
  is then shutdown.Any solution for me friends!

• Building /deploying sample plugin in WLI 2.1 and WLS 6.1

  I'm running WLI 2.1 (service pack 1) and WLS 6.1. I'm trying to build and deploy
  the sample plugin (sampleplugin-ejb.jar) but have had numerous problems.
  Specifically, though there are no errors and the WLS admin console tells me the
  plugin is deployed I cannot actually see any of the plugin actions etc. on the
  WLI Studio and am told that the plugin is not loaded when I open the template
  definitions.
  I've even resorted to deploying the version of the plugin bundled in WLI_HOME\lib\sampleplugin-ejb.jar
  i.e. one I didn't build myself but again, although there are no errors, the plugin
  does not seem to be correctly loaded.
  In order to get this far I've had to include the plugin jar file in the server
  CLASSPATH. Otherwise I get an 'java.lang.NoClassDefFoundError: com/bea/wlpi/common/plugin/PluginObject'
  error. I know I shouldn't have to include the EJB in the CLASSPATH but it seems
  to resolve this error. Perhaps this is contributing to the other problem ????
  Any help gratefully appreciated. Has anyone successfully built and deployed the
  sample plugin to WLI 2.1/ WLS 6.1 ?

  I found WLI sp2.
  Thanks.
  Sangeetha
  "Sangeetha.R" <[email protected]> wrote in message
  news:[email protected]..
  Thanks Chris.
  But, I couldn't find this in the support downloads too.
  Could you let me know, from where can I download this?
  Thanks,
  Sangeetha
  "Chris Stead" <[email protected]> wrote in message
  news:[email protected]..
  Sangeetha,
  WLI 2.1 SP2 will go live tomorrow (7/31) and is compatible with WLS 6.1SP3.
  Cheers,
  Chris
  Sangeetha.R wrote:
  Is there a service pack for WLI 2.1 that is compatible with WLS 6.1
  sp3
  Thanks in advance.
  Sangeetha

• Folding accelerators and pop-up menu for non-Java files?

  For Java files, 11g honors the expand/collapse accelerators and displays an expand/collapse menu when right-clicking in the gutter for the +/- folding handles. For other files (HTML, CSS, JavaScript, etc.), the folding handles are present, but neither the accelerators nor the menu are available. Is there a way to config JDev to make that work? Thanks.

  Thanks for reporting - I filed bug 7719290 for this

• SSL Session and Connection

  What is the difference between SSL Session and Connection. I understand, that session is negotiation of parameters and connections are built upon the sessions. But please help me understand, how it works in practicaly as in when using a Any connect client or browser, how does it function.

  How about something like:
  // It appears there may be issues with TLS...
  // so to prevent it from being used, we'll be
  // specific...SSLv3
  SSLContext context = SSLContext.getInstance("SSLv3");
  context.init(kmFactory.getKeyManagers(), null, null);
  SSLSocketFactory ssf = context.getSocketFactory();
  com.sun.net.ssl.HttpsURLConnectionHttpsURLConnection.setDefaultSSLSocketFactory(ssf);
  That do ya?
  -michael

• SSL termination and redirect

  We have moved SSL termination to a loadbalancer (F5) from the Sun webservers. The load balancer after terminating SSL goes to the http listener on the webservers. We have some NSAPI code that does a redirect. It used to do the redirect based on the original scheme of the listener (if http then the redirect was http based. If https then redirect https). Of course, now all redirects come back http even though the user may have an https session.
  For weblogic we can feed a header from the F5 (WL-PROXY-SSL) and it would recognize that a load balancer was used for SSL termination and perform java redirects using the correct scheme. Is there any header like this I can feed to the Sun Webserver so it recognizes that a loadbalancer has terminated the SSL session and any redirects should be https?

  It might be easiest to configure separate HTTP listeners (e.g. separate ports) for SSL and non-SSL requests. You can configure which scheme should be used in self-referencing URLs (such as those used in redirects) per HTTP listener. In Sun Java System Web Server 7.0, you can do that using the admin GUI, CLI, or by editing the server.xml configuration. If you edit server.xml, you need to specify the <server-name> element in the appropriate <http-listener> element.

• Disable SSL v2 and weak cipers on a RV325 for PCI compliance

  How do you disable SSL v2 and weak cipers on a RV325 to become PCI compliant?

  Hello
  per Cisco RVS4000 product site information this router is already end of life since January 30, 2010. Last date of support is also already missed - April 30, 2013. This means that according Cisco policy no further updates to existing firmware will be done - neither security-related fixes. And I am afraid that this is fact with which you have to deal.
  regarding RV320 - it seems that there is no any possibility to restrict SSL/TLS protocol/version by your own in current version. Francis - I would recommend you to open service request to Cisco SMB Support if you still have valid support contract. I hope there is good chance to get it fixed as this security related inability.
  lastly - for all products (including RVS4000) - I would suggest to keep management interface of router separated most as possible - i.e. restrict access to management interface only to single subnet/host(s) only (via Firewall feature). With having administration/management subnet and certain client(s) which is a part of this subnet can help to avoid eavesdropping your connection to router. Of course disabling remote management is the best thing you can do in any case (including avoid of possible firmware bugs, loggin attempts and so on).

• 2 quest ssl offload and DR

  1. ssl offload - how do I secure clear text pwd sent from ACE to serverfarm?
  2. If 2 DR site say CA and UK, and CA has earthquake, can pair of ACE be design to keep website going in UK.

  Hi,
  1/ ACE can be configured to setup a second ssl tunnel and encrypt data between ACE and server. For more details:
  http://www.cisco.com/en/US/partner/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/ssl/guide/initiate.html
  Is this what you are looking for?
  2/ Where are the ACEs? Are they load balancing traffic to servers in both CA and UK?
  --Olivier