SSL Connectivity Configuration
Hi,
I installed the SSL Certificates on the windows machine where our CPO server is configured. And I also configured the web service adapter to use secured authentication on the default port.
Is there anything else I would need to configure other than the above inorder to have the SSL connectivity? Also are there any standard tests I can perform from CPO inorder to validate this configuration.
Thanks,
Greg
You need to make sure you have followed all the steps on page 12 of the Northbound Web Services guide. If you have you can test by opening a browser and going to https:// teo server>:/WS/Process?WSDL
You can test with portal feeding information in or you can run web service executes (in CPO) against it to further test.
Similar Messages
-
SSL Connection Configuration between Apache and Weblogic 8,1
I'm currently using Apache web server as a front end server for Weblogic server 8.1 and now i' facing some configuration problem to setting up the SSL connection between this 2 server. When i open my web application page, it shows
Failure of Server Apache bridge
No backend server available for connection: timed out after 10 seconds or idempotent set to OFF.
and my proxy.log shows:
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: SSL is configured
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: SSL configured successfully
Thu Nov 03 09:36:41 2011 <182413202842013> Using Uri /favicon.ico
Thu Nov 03 09:36:41 2011 <182413202842013> After trimming path: '/favicon.ico'
Thu Nov 03 09:36:41 2011 <182413202842013> The final request string is '/favicon.ico'
Thu Nov 03 09:36:41 2011 <182413202842013> SEARCHING id=[ebwdsk298.ebworx.com:7002] from current ID=[ebwdsk298.ebworx.com:7002]
Thu Nov 03 09:36:41 2011 <182413202842013> The two ids matched
Thu Nov 03 09:36:41 2011 <182413202842013> @@@FOUND...id=[ebwdsk298.ebworx.com:7002], server_name=[10.122.50.218], server_port=[80]
Thu Nov 03 09:36:41 2011 <182413202842013> attempt #0 out of a max of 5
Thu Nov 03 09:36:41 2011 <182413202842013> general list: trying connect to '10.122.50.48'/7002/7002 at line 2696 for '/favicon.ico'
Thu Nov 03 09:36:41 2011 <182413202842013> New SSL URL: match = 0 oid = 22
Thu Nov 03 09:36:41 2011 <182413202842013> Connect returns -1, and error no set to 10035, msg 'Unknown error'
Thu Nov 03 09:36:41 2011 <182413202842013> EINPROGRESS in connect() - selecting
Thu Nov 03 09:36:41 2011 <182413202842013> Setting peerID for new SSL connection
Thu Nov 03 09:36:41 2011 <182413202842013> 0a7a 3230 5a1b 0000 .z20Z...
Thu Nov 03 09:36:41 2011 <182413202842013> Local Port of the socket is 2121
Thu Nov 03 09:36:41 2011 <182413202842013> Remote Host 10.122.50.48 Remote Port 7002
Thu Nov 03 09:36:41 2011 <182413202842013> general list: created a new connection to '10.122.50.48'/7002 for '/favicon.ico', Local port:2121
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Host]=[10.122.50.218]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Connection]=[keep-alive]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept]=[*/*]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[User-Agent]=[Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Encoding]=[gzip,deflate,sdch]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Language]=[en-US,en;q=0.8]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Charset]=[ISO-8859-1,utf-8;q=0.7,*;q=0.3]
Thu Nov 03 09:36:41 2011 <182413202842013> URL::sendHeaders(): meth='GET' file='/favicon.ico' protocol='HTTP/1.1'
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Host]=[10.122.50.218]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept]=[*/*]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[User-Agent]=[Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Encoding]=[gzip,deflate,sdch]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Language]=[en-US,en;q=0.8]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Charset]=[ISO-8859-1,utf-8;q=0.7,*;q=0.3]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Connection]=[Keep-Alive]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[WL-Proxy-Client-IP]=[10.122.50.48]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Proxy-Client-IP]=[10.122.50.48]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[X-Forwarded-For]=[10.122.50.48]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[X-WebLogic-Force-JVMID]=[unset]
Thu Nov 03 09:36:41 2011 <182413202841921> INFO: No session match found
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: No CA was trusted, validation failed
Thu Nov 03 09:36:41 2011 <182413202841921> INFO: DeleteSessionCallback
Thu Nov 03 09:36:41 2011 <182413202842013> ERROR: SSLWrite failed
Thu Nov 03 09:36:41 2011 <182413202842013> SEND failed (ret=-1) at 789 of file ../nsapi/URL.cpp
Thu Nov 03 09:36:41 2011 <182413202842013> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 790 of ../nsapi/URL.cpp
Thu Nov 03 09:36:41 2011 <182413202842013> Marking 10.122.50.48:7002 as bad
Thu Nov 03 09:36:41 2011 <182413202842013> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0, line 790 of ../nsapi/URL.cpp]: at line 3078
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: Closing SSL context
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: Error after SSLClose, socket may already have been closed by peer
Thu Nov 03 09:36:41 2011 <182413202842013> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
Can anyone tell me what should i do in order to correct this error? Your help is kindly appreciate!!! Please~1) Is the managed server up?
2) from apache server are you able to bind the managed server port?
3) can you pls send the weblogic ssl configuration? -
FTP/SSL Connection Problem for FTP Receiver Adapter
Hello All,
We are trying to establish an FTPS/SSL connection with one of our customers from our XI(Unix) system, and are receive following error:
<b>iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier</b>
Communication Channel Parameters:
Connection Security: FTP (FTP Using SSL/TLS) for Control Connection or FTP (FTP Using SSL/TLS) for Control Connection and Data Connection
Command Order: AUTH TLS, USER, PASS, PBSZ, PROT
Checkbox - Use X.509 Certificate.... checked (Certificate was provided by third party (customer issued) and uploaded to service_ssl certificate store on J2EE server)
Data Connection: Passive
Port: 10021
Keystore: service_ssl
X.509 Certificate & Private Key: ssl-credentials
Note: Initial handshaking occurs but connection is being dropped by the third party FTP Server when SSL certificate credentials are being validated. We also tried connecting to the third party FTPS server using standard FTPS client(FileZilla software), this connection gets established successfully with no certificate issues which means certificate and third party FTP Server is functioning correctly.
We therefore are thinking that the problem lies with our XI system being unable to load the certificate information correctly at the point when FTPS session is being established.
Your help and suggestions will be greatly appreciated.
Thanks and Best Regards
Prashant RajaniHello All,
Further in order to test connection set up and communication channel configuration we tried simulating the FTP connection locally by configuring FTP Server using FileZilla at a local machine and accessed it from Client's XI Server.
This set up simulates the problem we encounter with our customer's FTP Server.
If connection security parameter in communication channel for Sender FTP Adapter is set to <b>"FTPs( FTP Using SSL/TLS) with Control Connection" only</b>, file gets successfully created with data at the FTP server but as soon as we switch the connection security parameter to <b>"FTPs( FTP Using SSL/TLS) with Control and Data Connection"</b>, we receive error "Certificate rejected by Chain Verifier". The initial handshaking happens successfully and file gets created at the FTP Server but its empty, connection fails when attempt is made to write data into file and we end up with said error thereby closing the connection.
This is what the FTP (FileZilla) sees when the XI system attempts to set-up a fully encrypted data (FTPS) connection i.e., connection security parameter value as<b>"FTPs( FTP Using SSL/TLS) with Control and Data Connection"</b> :-
- (not logged in) (10.18.106.34)> Connected, sending welcome message...
- (not logged in) (10.18.106.34)> 220-FileZilla Server version 0.9.18 beta
- (not logged in) (10.18.106.34)> 220-written by Tim Kosse ([email protected])
- (not logged in) (10.18.106.34)> 220 Please visit http://sourceforge.net/projects/filezilla/
- (not logged in) (10.18.106.34)> AUTH TLS
- (not logged in) (10.18.106.34)> 234 Using authentication type TLS
- (not logged in) (10.18.106.34)> SSL connection established
- (not logged in) (10.18.106.34)> USER test
- (not logged in) (10.18.106.34)> 331 Password required for test
- (not logged in) (10.18.106.34)> PASS ***********
- test (10.18.106.34)> 230 Logged on
- test (10.18.106.34)> PBSZ 0
- test (10.18.106.34)> 200 PBSZ=0
- test (10.18.106.34)> PROT P
- test (10.18.106.34)> 200 Protection level set to P
- test (10.18.106.34)> SYST
- test (10.18.106.34)> 215 UNIX emulated by FileZilla
- test (10.18.106.34)> PWD
- test (10.18.106.34)> 257 "/" is current directory.
- test (10.18.106.34)> CWD /payment/
- test (10.18.106.34)> <b>250 CWD successful. "/payment" is current directory.</b>- test (10.18.106.34)> TYPE I
- test (10.18.106.34)> 200 Type set to I
- test (10.18.106.34)> PASV
- test (10.18.106.34)> <b>227 Entering Passive Mode (10,27,7,103,15,63)</b>- test (10.18.106.34)> STOR BHPDSB20060911-153840-834.txt
- test (10.18.106.34)> <b>150 Connection accepted</b>
- test (10.18.106.34)> <b>Data connection SSL warning: SSL3 alert read: fatal: bad certificate</b>
- test (10.18.106.34)> <b>Data connection SSL warning: SSL_accept: failed in SSLv3 read client certificate A</b>- test (10.18.106.34)> <b>Data connection SSL warning: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate</b>- test (10.18.106.34)> <b>Data connection SSL warning: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure</b>- test (10.18.106.34)> <b>426 Connection closed; transfer aborted.</b>- test (10.18.106.34)> QUIT
- test (10.18.106.34)> 221 Goodbye
- test (10.18.106.34)> SSL connection established
Please suggest your valuable inputs if we are missing out something. Any helpful inputs in this regard is highly appreciated.
Thanks and Best Regards
Prashant -
SSL connection, KeyManager and TrustManager
Hello everyone,
I am trying to established an SSL connection to a OC4J Server. The server is correctly configured, as the communications using Internet Explorer goes well.
I am using JDK 1.3.1_06 with JSSE 1.0.3 and OC4J 9.0.3.
But now I have a stand-alone java program that sends SOAP messages to the ssl port in the server using JAXM. When I send the message, I received the following exception:
javax.net.ssl.SSLException: untrusted server cert chain
The following I tried was to connect using a socket to test the handshacking. I received the same exception.
I am using a KeyStore dinamically generated with the PKCS12 certificate of the cliente that is requesting the service, and a TrustStore dinamically generated with the CA certificate for both the client and the server. I am also tries to use the default cacerts file with this certificate imported in.
The KeyManager is initialized in this way:
----- KeyManager start -----
java.security.KeyStore ks = java.security.KeyStore.getInstance
("pkcs12", "SunJSSE");
ks.load(new FileInputStream(file),pass.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance ("SunX509", "SunJSSE");
kmf.init(ks, pass.toCharArray());
KeyManager[] km = (KeyManager[])kmf.getKeyManagers();
----- KeyManager end -----
The TrustManager is initialized in this way:
----- TrustManager start -----
FileInputStream fis = new FileInputStream(file);
java.io.DataInputStream dis = new java.io.DataInputStream(fis);
byte[] bytes = new byte[dis.available()];
dis.readFully(bytes);
java.io.ByteArrayInputStream bais =
new java.io.ByteArrayInputStream(bytes);
java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509");
java.security.cert.X509Certificate caCert =
(java.security.cert.X509Certificate)
cf.generateCertificate(bais);
java.security.KeyStore ksCA =
java.security.KeyStore.getInstance("pkcs12", "SunJSSE");
ksCA.load(null, null);
ksCA.setCertificateEntry("trustedCA", caCert);
TrustManagerFactory tmf =
TrustManagerFactory.getInstance("SunX509", "SunJSSE");
tmf.init(ksCA);
TrustManager[] tm = (TrustManager[])tmf.getTrustManagers();
----- TrustManager end -----
And finally, this is the way I create the ssl connection:
----- main start -----
// loads the jsse provider
System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
java.security.Security.addProvider(
new com.sun.net.ssl.internal.ssl.Provider());
// keymanager
com.sun.net.ssl.KeyManager[] km = getKeyManager(args[0], args[1]);
// trustmanager
com.sun.net.ssl.TrustManager[] tm = getTrustManager(args[2]);
// ssl context configuration
com.sun.net.ssl.SSLContext ctx =
com.sun.net.ssl.SSLContext.getInstance("SSL");
ctx.init(km, tm, null);
com.sun.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(
ctx.getSocketFactory());
// url
URL url = new URL(
"https", my_ip
my_port, a_page,
new com.sun.net.ssl.internal.www.protocol.https.Handler());
// connection
com.sun.net.ssl.HttpsURLConnection conn =
(com.sun.net.ssl.HttpsURLConnection)url.openConnection();
conn.connect();
----- main end -----
This is the full exception trace:
javax.net.ssl.SSLException: untrusted server cert chain
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA6275)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.OutputStream.write(OutputStream.java:56)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect(DashoA6275)
at com.sun.net.ssl.internal.www.protocol.https.NetworkClient.openServer(DashoA6275)
at com.sun.net.ssl.internal.www.protocol.https.HttpClient.l(DashoA6275)
at com.sun.net.ssl.internal.www.protocol.https.HttpClient.<init>(DashoA6275)
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.<init>(DashoA6275)
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a(DashoA6275)
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a(DashoA6275)
at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect(DashoA6275)
at pruebas.SSLClient.main(SSLClient.java)
Has anyone some idea of what is happening. Thanks in advance,
Jorge Hidalgohi
how your client i.e stanadlone application (SOAP client) is getting the server certificates if client doesn't get the server certificate and vice versa then u will get this exception.
check on both side.
pras -
Dual Monitors functionality with SSL connections?
Hi, I'm configuring a new ASA5510 w/ SSL licensing and a coworker asked me some questions on functionality of remote access. I'm new to the ASA device and have never configured one before.
Both of these questions are assuming the user is at home and using their personal computer (not a laptop or work computer). If a user successfully creates a SSL connection, I understand it's basically like a remote desktop session to that particular user's desktop.
Q1: If the work computer is running dual LCD screens, are there any remote desktop options that will allow the home user to do the same or even to switch? Can those settings be saved as if it was a profile?
Q2: Same situation only the home user would like to print to his personal printer at home.
ThanksThanks for the responses Farrukh. I'm reading the config example now.
I'm trying to visualize the step by step process the end user would go through in order to remotely connect.
With my previous employer, I've used and I'm most familiar with using the ipsec VPN Client. Now, with my new employer I'm tasked with setting up a remote access solution using SSL.
The new company uses a Sonicwall solution that works like this:
1. https://vpngateway
2. user authentication with AD login
3. CompanyName Virtual Office
4. there is a pre-configured bookmark (remote access) for only that particular end user's desktop (forces static ip address)
5. WinXP login prompt
6. connection completed to end user's desktop with the normal group policies applied
I've never seen/used a remote access solution like this and was wondering if Cisco's clientless SSL works the same. -
Create outgoing SSL connections in WebLogic 4.5.1 using JSSE
Hi,
Does anyone know how to create outgoing SSL connections from a WLS 4.5.1 using
JSSE.
I've implemented an application using JSSE for POSTing data to an HTTPS server
that requires client authentication and it worked fine. But when used inside the
WebLogic server it doesn't work, because the WLS SSL classes are used instead
of the JSSE ones. It returns a "java.io.IOException: Alert: fatal handshake_failure".
If the ssl.enable property is set to false probably it will work, but I need it
set to true. Does anyone a way to solve this problem?
Thanks in advance.Hi,
I also need to do the same in weblogic 5.1 (sp8). I know
it is not possible with JSSE, but how do I achieve with
weblogic implementation of Https? I am getting "Non
supported cipher requested" error. How do I remove this message. It will be
of great help if someone can list
down the configuration step in weblogic. I am trying
to find it in weblogic documentation but no success so far.
Thanks in advance for your help!
- Rishi
"Jerry" <[email protected]> wrote in message
news:[email protected]..
Hi Nuno,
I don't think that you can use JSSE to make outgoing SSL connections inWLS 4.5.1 because
of the many conflicts between JSSE and the WLS SSL classes
In versions of 5.1 (such as sp9 and up), and also 6.0 and 6.1, BEA gotrid of these
conflicts to make the use of JSSE possible with WebLogic to do outgoingSSL.
In 4.5.1, I believe you are out of luck.
Joe Jerry
Nuno Carvalho wrote:
Hi,
Does anyone know how to create outgoing SSL connections from a WLS 4.5.1
using
JSSE.
I've implemented an application using JSSE for POSTing data to an HTTPSserver
that requires client authentication and it worked fine. But when usedinside the
WebLogic server it doesn't work, because the WLS SSL classes are usedinstead
of the JSSE ones. It returns a "java.io.IOException: Alert: fatalhandshake_failure".
If the ssl.enable property is set to false probably it will work, but Ineed it
set to true. Does anyone a way to solve this problem?
Thanks in advance. -
Could not initiate SSL connection when DS is launched from Eclipse
Hello,
I am wondering whether anyone has faced this issue connecting to the BIP with https when Design Studio is launched from the Eclipse IDE.
The URL is something like : https://myservername.domain.net/dswsbobje/services/Session
We get the following error message when entering the URL : "Could not initiate SSL connection. Check the Web Service Url"
However, when Design Studio is launched directly, the same URL works fine and we can connect to the BIP normally.
I would imagine something is missing in the Eclipse configuration or there is an issue elsewhere. I did not find anything relevant in the SDK guide.
We checked the following SAP notes :
1807142 - How to enable HTTPS/SSL Designer against BIP
-> Web service configured properly, the URL works fine and it works when Design Studio is started without Eclipse
1975475 - Unable to select authentication method in BIP logon dialog of SAP Design Studio
Tried the solution : set to Direct. Tried to remove proxy entries in IE. No improvement. Also, I tried to set the connectivity to Direct in the Eclipse. But, no luck.
Software :
Design Studio 1.2 SP01 + SDK 1.2 SP01
BI 4.0 SP06
Java EE IDE (Kepler) Version: 2.0.1.20130919-0803
Java JRE 1.6.0.35. It's old, I know...
Thanks in advance.
JoelHi Joel,
any progress?
do you use a self signed certficate?
Kind regards
Frank -
How to connect Java Application to ORACLE8i over SSL connection
Hi,
I would like to know how to make an existent Java application connect to an ORACLE8i database over a secure SSL connection?
can I user ResultSets?
Could you please tell me what parameters to set on the database and, especially, what new code must be added for the Java Application so send data over an SSL connection.
Your advice/hints will be greatly appreciated.
VaniUse usual Oracle' encryption. SSL configuration is a nightmare.
DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
Properties props = new Properties();
try {
props.put("user", "scott");
props.put("password","tiger");
props.put("oracle.net.encryption_client", "REQUIRED");
props.put("oracle.net.encryption_server", "REQUIRED");
props.put("oracle.net.encryption_types_client", "( RC4_56 )");
props.put("oracle.net.encryption_types_server", "( RC4_56 )");
props.put("oracle.net.crypto_checksum_client", "REQUIRED");
props.put("oracle.net.crypto_checksum_server", "REQUIRED");
props.put("oracle.net.crypto_checksum_types_client", "( MD5 )");
props.put("oracle.net.crypto_checksum_types_server", "( MD5 )");
props.put("sqlnet.crypto_seed", "769764576979045769576907");
} catch (Exception e) { e.printStackTrace(); }
Connection conn=DriverManager.getConnection("jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=orcl)(PORT =1521)))(SDU=32767)(CONNECT_DATA=(SERVICE_NAME=orcl)(SID=orcl))", props);
Statement stmt = conn.createStatement ();
ResultSet rset = stmt.executeQuery ("select ENAME from EMP");
while (rset.next ())
System.out.println (rset.getString (1));
rset.close();
stmt.close();
conn.close(); -
SSL connectivity - Weblogic 8.1 and Apache web server 2.0
I'm using a Apache web server 2.0.64 as a front end web server for Weblogic server v8.1 sp6. I have managed setup the connection between both server and now i want to configure the SSL connection Apache web server. However i have face some problems with the SSL connection and i can't figure out the problems. I'm using the ssl.conf* to do the SSL connection. Here are the changes i did on my ssl.conf:
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#<IfDefine SSL>
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache dbm:logs/ssl_scache
SSLSessionCacheTimeout 300
<VirtualHost default:443>
DocumentRoot "C:/Program Files/Apache Group/apache2/htdocs"
ServerName 10.122.50.218:443
ServerAdmin [email protected]
ErrorLog logs/ssl_log TransferLog logs/access_log
SSLEngine on
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key
</VirtualHost>
#</IfDefine>
When i testing the application, it comes out :
NOT Found
The requested URL /secureWebAuth/ was not found on this server.
Apache/2.0.64 (Win32) mod_ssl/2.0.64 OpenSSL/0.9.8o Server at 10.122.50.218 Port 443
What should i do in order to solve this problem? Thanks for your help!!!I'm using a Apache web server 2.0.64 as a front end web server for Weblogic server v8.1 sp6. I have managed setup the connection between both server and now i want to configure the SSL connection Apache web server. However i have face some problems with the SSL connection and i can't figure out the problems. I'm using the ssl.conf* to do the SSL connection. Here are the changes i did on my ssl.conf:
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#<IfDefine SSL>
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache dbm:logs/ssl_scache
SSLSessionCacheTimeout 300
<VirtualHost default:443>
DocumentRoot "C:/Program Files/Apache Group/apache2/htdocs"
ServerName 10.122.50.218:443
ServerAdmin [email protected]
ErrorLog logs/ssl_log TransferLog logs/access_log
SSLEngine on
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key
</VirtualHost>
#</IfDefine>
When i testing the application, it comes out :
NOT Found
The requested URL /secureWebAuth/ was not found on this server.
Apache/2.0.64 (Win32) mod_ssl/2.0.64 OpenSSL/0.9.8o Server at 10.122.50.218 Port 443
What should i do in order to solve this problem? Thanks for your help!!! -
Exception -CSoapExceptionTransport while testing SM59 ADS SSL connection
Hi,
I have configured SSL to access ADS from ABAP environment.
I get the following exception when testing ADS SSL connection using report FP_PDF_TEST_00.
ERROR CODE : 100.101
ERROR MESSAGE : SOAP Runtime Exception: CSoapExceptionTransport : HTTP receive failed with exception communication_failure
SOAP Framework error: SOAP Runtime Exception: CSoapExceptionTransport : HTTP receive failed with exception communication_failure(100.101)
Any idea about the cause of this exception.
I have verified all the steps involved in configuring SSL but am not able to figure out what is missing.
Thanks,
ChitraliHi Amit,
Yes I have completed all the steps mentioned in the blog. I did not have the SAP cryptographic library on ABAP stack. Hence had to perform a few additional steps to install it and had to setup SSL Client PSE to create self signed SSL client certificate to be assigned to SM59 ADS destination. Still I get this error.
The problem is I cannot even test the SSL enabled ADS Java WS using WS navigator. It does not work.
It would be great if someone can provide me some direction for troubleshooting.
Thanks.
Chitrali -
FTPS/Implicit SSL connections filter
BorderManager 3.8 on NetWare 5.1 - I have plenty of successful
ftp-port-pasv-st exceptions that I use, but now I need one for an
FTPS/Implicit SSL connection, which *should* user port 990. But when I
define an exception (creating a new packet type, TCP, All source ports to
990, stateful) I'm able to connect, but I cannot browse folders or transfer
files. For grins I even tried making an exception for ALL TCP ports from my
FTP PC to their server - oddly, that wouldn't allow me to connect at ALL.
Drop filters, and I can get it to work just fine. I would do a TCPIP DEBUG =
0, but when I do that, BorderManager usually crashes now, and last time it
crashed, it would immediately abend on reboot, and it took me 4 hours to
crawl out of this hole.
I just recently got brave enough to make new filters again (it was making
them all disappear every time I made a change for the longest time).
Anyone have any experience with this form of FTP? I've done FTP of course,
SFTP, and other secure FTP transfers, but this is the first vendor who want
FTPS/Implicit SSL, which I understand is not nearly as prevalent as Explicit
SSL.
Thanks,
BruceOn Feb 26, 3:19 pm, "Bruce Lautenschlager" <[email protected]>
wrote:
> Reference the crashes - NDS came up clean after a few passes - and I still
> had the issues.
>
> I ended up running TCPVIEW on the workstation running WS_FTP Pro, and could
> see that the little ******* was opening up various ports from 1700 up.
> Different with every file. That blows. SFTP works on the same ports every
> time - but apparently this wasn't. Whatever. Maybe someday we'll have a realsecurestandard. Right now I transfer about every way known to man,
> including PGP and VPN. (But WS_FTP can't script PGP, hence I do a lot of
> SFTP and now this FTPS).
>
> I ended up making two non stateful exceptions on all ports from myFTPPC to
> theirFTPserver. Not the best solution....but - here's why I just needed
> something to hold me over for a week or two -
>
> After many years of BorderManager (and NetWare servers in general), I'm
> finally getting to do what they hired me for some years back - migrating to
> complete AD environment, including dual ISA 2006 Enterprise servers to
> replace BorderManager. I already did the NWSAA to HIS conversions. ZFD is
> about to give way to Desktop Authority. By next year, only GroupWise will
> remain (and probably not on NetWare OS), and since I only provide the web
> portion of that, what happens to that is of little concern to me.
>
> I appreciate all the help you've doled out over the years - especially Craig
> (and the very helpful book I finally bought a couple of years ago). No
> Novell bashing here...just going in a different direction.
>
> Thanks for your help,
> Bruce
>
> "Craig Johnson" <[email protected]> wrote in message
>
> news:[email protected]...
>
> > In article <[email protected]>, Bruce
> > Lautenschlager wrote:
> >> I just recently got brave enough to make new filters again (it was making
> >> them all disappear every time I made a change for the longest time).
>
> > Sounds like you have some NDS issues there that should be looked at.
>
> >> Anyone have any experience with this form ofFTP? I've doneFTPof
> >> course,
> >> SFTP, and othersecureFTPtransfers, but this is the first vendor who
> >> want
> >> FTPS/Implicit SSL, which I understand is not nearly as prevalent as
> >> Explicit
> >> SSL.
>
> > It seems to me that there are two flavors ofsecureFTP. One uses SSH,
> > and
> > just tunnelsFTPthrough an SSH connection. This is easy since you only
> > need
> > to allow port 22 through. The other seems to be like what you are seeing,
> > and
> > is using different ports than standardFTP, but still working likeFTPin
> > terms
> > of using more than one port (for control versus data). This second type
> > can be
> > very hard to work with since there is no statefulFTPexception to work
> > with
> > it.
>
> > I would solve the TCP debug issue first, and just grab the filtered ports
> > and
> > add exceptions accordingly. If your exception of all TCP to the target
> >server
> > failed, it may be because you also need one for traffic FROM the target
> >server.
> > (And your interface selections may have been done incorrectly in the
> > exception
> > you tried).
>
> > Craig Johnson
> > Novell Support Connection SysOp
> > *** For a current patch list, tips, handy files and books on
> > BorderManager, go tohttp://www.craigjconsulting.com***
The problem here is that each time you do a directory listing or try
to upload/download a file in FTP protocol you are using a passive
client connection. With each passive connection the server assigns a
port that the client should connect to for initiating the transfer.
Unless you specify a port range to use within the FTP server software,
this is generally a random open port on the server > 1024. Naturally,
this can make configuring your firewall a bit more difficult :( The
solution to this is to configure your server to use a fixed port range
for passive FTP connections e.g. 1200-1300. Then in your firewall you
can configure it to allow inbound connections on these ports. Most
servers support passive port range configuration. see your server
docs for details on how to do this. One such platform-independent
server that supports this is jscape secure ftp server ...
http://www.jscape.com/secureftpserver/
Hope this helps.
Rich -
I'm trying to setup a ssl connection between a client and an Oracle 9i database.
It's a wallet mandatory to setup a ssl connection? Or configuring the listener/sqlnet/tnsnames via Net Manager and Net Configuration Assistant is enough?
Thanks a lot
PaoloSSL connections basically do two things, 1) encrypt the information being passed between your browser and the server, and 2) confirm that the remote server really is the remote server you think it is. So for instance when I make an online purchase, I want
to know that no one can read my credit card information while it's in transit, and also that I really am logged into the shopping site I think I'm on, and not some hackers copy trying to steal my information.
The first part of that is provided at all times, so yes, if you've created a self signed certificate (or used your own CA) then even if the browser displays warnings about name mismatches the connection itself is still secured, it simply can't valid the
certificate to confirm you're connecting to the server you think it is. Obviously if this is for a local setup that's probably not a major issue, it's only really a bit problem where something is accessed publically, since you can't go telling customers "don't
worry, just click to carry on anyway and ignore the warning"! -
I'm setting up Filr 1.0.1 and using external MySQL server instead of the MySQL Appliance. I have set up the MySQL server to allow SSL connections as described in http://dev.mysql.com/doc/refman/5.5/...nnections.html.
Can Filr be configured to use SSL connection for MySQL?Joseph Marton wrote:
> This has not been tested and isn't supported, though that's not to say
> you might not be able to get it to work. If the Filr, MySQL, and
> Search appliances are all on the internal network another way to
> secure the connections would be to put the appliances into their own
> VLAN. This would keep the traffic separated from all other network
> traffic and help secure it.
A followup to this... another option is to add a second NIC to the Filr
appliance. This way you could have one NIC connected to your internal
or DMZ network, and the other could be connected to an isolated VLAN
which only has the MySQL & Search appliances connected. Today we don't
support multiple NICs in the Filr appliance, but that's coming in Filr
1.1.
Your world is on the move. http://www.novell.com/mobility/
BrainShare 2014 is coming. http://www.novell.com/brainshare/ -
Wls6 outgoing ssl connections...
We're trying to setup an outgoing ssl connection essentially from a servlet
(jsp).
We've developed the "client" code using jsse and
it works fine in standalone mode. When we call
it from within a weblogic servlet (actually a jsp), the
SSL handshake takes place, but we get a certificate
not valid exception. It appears to be saying that the CA cert
for the server we are trying to connect to is expired.
The connection is like this...
WLS6, a jsp --> ssl ---> netscape web server.
The netscape web server has a valid unexpired
verisign cert. The CA for that cert is valid till 2010.
This is all verified by using IE to connect to the
netscape server.
It appears that WLS6 is keeping a store of CA certs
somewhere. We've checked the certs in
java_home/jre/lib/security/cacerts and there is a
valid ca cert for the netscape cert. Anyone have
any idea where WLS6 keeps it ca certs for outgoing
connections?
Here is the stack trace...
(thanks)
java.io.IOException: Certificate not valid:
fingerprint = 115632b0c42739458d5cf441895f1c72, not before = Wed Nov 09
15:54:17 PST 1994, not after = Fri Dec 31 15:54:17 PST 1999, holder = C=US
O=RSA Data Security, Inc. OU=Secure Server Certification Authority , issuer
= C=US O=RSA Data Security, Inc. OU=Secure Server Certification Authority ,
key = modulus length=126 exponent length=3
at
weblogic.security.SSL.SSLCertificate.verify(SSLCertificate.java:143)
at
weblogic.security.SSL.SSLCertificate.input(SSLCertificate.java:117)
at weblogic.security.SSL.Handshake.input(Handshake.java:114)
at weblogic.security.SSL.SSLSocket.getHandshake(SSLSocket.java:1019)
at weblogic.security.SSL.SSLSocket.clientInit(SSLSocket.java:383)
at weblogic.security.SSL.SSLSocket.initialize(SSLSocket.java:245)
at weblogic.security.SSL.SSLSocket.<init>(SSLSocket.java:194)
at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:45)
at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:156)
at weblogic.net.http.HttpClient.<init>(HttpClient.java:85)
at weblogic.net.http.HttpsClient.<init>(HttpsClient.java:34)
at weblogic.net.http.HttpClient.New(HttpClient.java:119)
at
weblogic.net.http.HttpURLConnection.connect(HttpURLConnection.java:99)
at
test.httptools.MiniHttpClient.setupConnection(MiniHttpClient.java:281)
at test.httptools.MiniHttpClient.openURL(MiniHttpClient.java:294)
at com.bridgespan.dhs.DhsStatus.post(DhsStatus.java:203)
at com.bridgespan.dhs.DhsStatus.updateLoanStatus(DhsStatus.java:151)
at jsp_servlet._dhsstatus._jspService(_dhsstatus.java:91)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:213)
at
weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
ntext.java:1265)
at
weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
:1631)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)Hi,
I also need to do the same in weblogic 5.1 (sp8). I know
it is not possible with JSSE, but how do I achieve with
weblogic implementation of Https? I am getting "Non
supported cipher requested" error. How do I remove this message. It will be
of great help if someone can list
down the configuration step in weblogic. I am trying
to find it in weblogic documentation but no success so far.
Thanks in advance for your help!
- Rishi
"Jerry" <[email protected]> wrote in message
news:[email protected]..
Hi Nuno,
I don't think that you can use JSSE to make outgoing SSL connections inWLS 4.5.1 because
of the many conflicts between JSSE and the WLS SSL classes
In versions of 5.1 (such as sp9 and up), and also 6.0 and 6.1, BEA gotrid of these
conflicts to make the use of JSSE possible with WebLogic to do outgoingSSL.
In 4.5.1, I believe you are out of luck.
Joe Jerry
Nuno Carvalho wrote:
Hi,
Does anyone know how to create outgoing SSL connections from a WLS 4.5.1
using
JSSE.
I've implemented an application using JSSE for POSTing data to an HTTPSserver
that requires client authentication and it worked fine. But when usedinside the
WebLogic server it doesn't work, because the WLS SSL classes are usedinstead
of the JSSE ones. It returns a "java.io.IOException: Alert: fatalhandshake_failure".
If the ssl.enable property is set to false probably it will work, but Ineed it
set to true. Does anyone a way to solve this problem?
Thanks in advance. -
Cannot establish SSL connection after fresh install
Hello,
I performed a fresh install a couple of days ago. Everything is fine, no hardware errors, pacman and curl work like a charm, HTTP servers respond as they should, but SSL servers do not respond the right way.
I tried with elinks, chromium and firefox and they get stuck on SSL negotiations for very long times.
Installed the whole thing again. Same issue.
Just tested with:
openssl s_client -connect facebook.com:443
openssl s_client -connect google.com:443
Seems to work fine, I can GET with no problems.
Also tested with:
wget --debug -O - https://facebook.com
It gets stuck to "Initializing SSL handshake" and after a couple of minutes the connection is closed with error message "Unable to establish SSL connection."
The system date/time are correct, the system is up to date, used the latest install image available at http://archlinux.org, installed following the install guide from the wiki.
All tests performed as root.
Last edited by icecoder (2013-05-30 10:07:14)WonderWoofy wrote:Initscripts maybe... ethernet... since I am not familiar with either of your systems, I cannot answer this.
As I understand, the latest arch uses systemd by default, so there's no need installing initscripts and in https://wiki.archlinux.org/index.php/In … e_internet nothing said I have to configure network as I'm using DHCP.
Last edited by tenzan (2012-10-22 00:02:42)
Maybe you are looking for
-
Internet Filtering for iPod Touch
I have a 12 year old boy that just got an iPod touch for his birthday. Is there anything anyone can reccomend to filter the internet ie. Net Nanny? Thank you!
-
Greetings, I recently shot a short 16mm film and got it telecined to DV NTSC with timecode/keycode window-burn. I imported the flex file I got from the lab into a Cinema Tools 4 database, then exported a batch capture list, and captured the footage i
-
Stupid question ? How do I PROPERLY display 16:9 in the canvas/viewer
Working in FCP6. All I want to do is capture 16:9 PAL DVCAM from a Sony DSR 450 (set, unsurprisingly, to 16:9!) I've been all over the manual and drop down menus, think I've got the settings correct, BUT the canvas and viewer show the 16:9 letterboxe
-
Oracle Db 8.1.7.4 to 11gR2
Hi, We are planning to Upgrade our database to 11g. Our Middle -tier Techonology is Java 1.4. We are using Type-4 drivers (Pure Java Impementation) i.e., thin-client where we dont required any oracle Client installed to connect to the Database . Driv
-
Help with Adobe Illustrator CS4
I have just brought a new laptop and have swapped using external hard drive all info from old to new. Everything went fine, had to reinstall my CS4 and is now up and running. But for some reason, illustrator keep quitting unexpectedly. Sometimes afte