SSL... on or off?

Should SSL be on or off? DO I change PORT numbers if it's on or off?
Does SSL on really do any good or enough good??? I hear it makes things slower.

that's the issue -- mail won't go out on one account address - our HOA had us by an umbiklical cord for 15 years than dumped us to fend for ourselves --- hubby uses outlook mail on an XP (while I use ALL apple stuff and do have SSL checked ) new server people in Califronia say keep SSL off - this on or off has been a bone of contention for about the past 10 years - locals said on HOA waivered back and forth. Does it really make anything more secure?

Similar Messages

What is the AT&T smtp server for? The SSL is set to "off"

I was looking around at my Mail settings on my iPhone and noticed there's an AT&T smtp server window. You access it my Settings/Mail Contacts Cal/one of your email accounts/SMTP server/. At the top is the smtp server for your email address which is on, and below are smtp server panes for your other email accounts which are set to off. But one of those smtp server panes is for the AT&T smtp. For what function is it used for? It's vreyed out but SSL set to OFF for the AT&T smtp and the Yahoo smtp, but all the other smtp's are set to ON for SSL.
Isn't it better for the Secure Sockets Layer (SSL) to be on? Why is Yahoo's and AT&T's set to OFF. I can't find where to access a non-greyed out AT&T's smtp window pane.

Allan Sampson wrote:
when sending/receiving via AT&T's cellular network, all data is encrypted over the network, which is a GSM standard.
Note that in the USA a weaker version of the GSM encryption is used than in Europe.
http://www.gsm-security.net/faq/gsm-encryption-algorithm-a5-cipher.shtml
Also, the GSM encryption has been broken a long time ago, but someone whould have to sit between the phone and the basestation to capture and decode the traffic (or they must have access to the network operator's, so called, Legal Intercept interface).
http://www.gsm-security.net/faq/gsm-a5-broken-security.shtml
And, AFAIK, the GSM encryption is only in use on the wireless connection between the device and the basestation it is connected to (not on the operator's backbone network, and not when the traffic exits the operator's network and goes to the Internet outside, which it must, in order to get to SMTP servers not in the operator's machine rooms).
And a last point: Even if you use SSL/TLS between the client and the SMTP server, it is not necessarily used from the SMTP server to the receiving email server (which might mean that the message travels through tens of systems unencrypted until it reaches its destination).

Plain nodemanager throws BEA-090476 Invalid/unknown SSL header -

I have a default installation of weblogic. I do not want to use SSL for communication to nodemanager. I turned the ssl listen port off on the managed server, and then i set SecureListener to false in my nodemanager.properties.
Here is my nodemanager.properties:
#Tue Feb 12 09:34:54 EST 2008
DomainsFile=/root/bea/wlserver_10.0/common/nodemanager/nodemanager.domains
LogLimit=0
PropertiesVersion=10.0.0.0
javaHome=/root/bea/jrockit90_150_06
AuthenticationEnabled=true
NodeManagerHome=/root/bea/wlserver_10.0/common/nodemanager
JavaHome=/root/bea/jrockit90_150_06/jre
LogLevel=INFO
DomainsFileEnabled=true
StartScriptName=startWebLogic.sh
ListenAddress=127.0.0.1
NativeVersionEnabled=true
ListenPort=5556
LogToStderr=true
SecureListener=true
LogCount=1
StopScriptEnabled=false
QuitEnabled=false
LogAppend=true
StateCheckInterval=500
CrashRecoveryEnabled=false
StartScriptEnabled=false
LogFile=/root/bea/wlserver_10.0/common/nodemanager/nodemanager.log
LogFormatter=weblogic.nodemanager.server.LogFormatter
ListenBacklog=50
Here is the startup output from nodemanager:
<Feb 12, 2008 10:17:39 AM> <INFO> <dizzyworld> <States = {dizzy3=RUNNING, AdminServer=UNKNOWN, dizzy1=UNKNOWN, dizzy2=RUNNING, domain_bak=UNKNOWN}>
<Feb 12, 2008 10:17:42 AM EST> <Warning> <Security> <BEA-090476> <Invalid/unknown SSL header was received from peer localhost.localdomain - 127.0.0.1 during SSL handshake.>
Here is the error message that is logged when I issue a start command to the managed server from the admin console:
<Feb 12, 2008 10:17:42 AM> <Warning> <Uncaught exception in server handler: javax.net.ssl.SSLHandshakeException: [Security:090476]Invalid/unknown SSL header was received from peer localhost.localdomain - 127.0.0.1 during SSL handshake.>
javax.net.ssl.SSLHandshakeException: [Security:090476]Invalid/unknown SSL header was received from peer localhost.localdomain - 127.0.0.1 during SSL handshake.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Lcom.certicom.tls.interfaceimpl.AlertEvent;)V(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Lcom.certicom.tls.record.alert.Alert;)Lcom.certicom.tls.interfaceimpl.AlertEvent;(Unknown Source)
at com.certicom.tls.record.ReadHandler.fireAlert(Lcom.certicom.tls.record.alert.Alert;)V(Unknown Source)
at com.certicom.tls.record.ReadHandler.getProtocolVersion(III)Lcom.certicom.tls.interfaceimpl.ProtocolVersion;(Unknown Source)
at com.certicom.tls.record.ReadHandler.checkVersion()V(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord()I(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete()V(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake()V(Unknown Source)
at com.certicom.tls.record.ReadHandler.read([BII)I(Unknown Source)
 at com.certicom.io.InputSSLIOStreamWrapper.read([BII)I(Unknown Source)
 at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:411)
 at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:453)
 at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:183)
 at java.io.InputStreamReader.read(InputStreamReader.java:167)
 at java.io.BufferedReader.fill(BufferedReader.java:136)
 at java.io.BufferedReader.readLine(BufferedReader.java:299)
 at java.io.BufferedReader.readLine(BufferedReader.java:362)
 at weblogic.nodemanager.server.Handler.run(Handler.java:66)
 at java.lang.Thread.run()V(Unknown Source)

Hi,
I am also facing the same kind of problem...can anyone assist me?
 
I am facing a problem while configuring the SSL set up for weblogic cluster. (1 Admin server & 2 Managed servers)
 
 
I configured the Keystore & SSL information for all 3 servers in cluster. I also disabled their Listen Ports (http) and enabled SSL Listen Ports (https).
 
 
When I restarted all 3 servers and see the console on admin server (console-->domain-->Servers), I get state="UNKNOWN" for both managed servers. For admin server its "RUNNING".
 
 
Also I get following log entries in Admin server log.
 
<Feb 10, 2006 4:07:32 PM EST> <Warning> <Security> <BEA-090476> <Invalid/unknown SSL header was received from peer >Managed_1_name.domain.com - Managed_1 IP during SSL handshake.>
 
<Feb 10, 2006 4:08:28 PM EST> <Warning> <Security> <BEA-090476> <Invalid/unknown SSL header was received from peer >Managed_2_name.domain.com - Managed_2 IP during SSL handshake.>
 
 
In Managed_1 log :
 
<Feb 10, 2006 4:20:31 PM EST> <Warning> <Security> <BEA-090475> <Plaintext data for protocol T3 was received from peer >Managed_1_name.domain.com - Managed_1 IP instead of an SSL handshake.>
 
 
In Managed_2 log :
 
<Feb 10, 2006 4:24:05 PM EST> <Warning> <Security> <BEA-090475> <Plaintext data for protocol T3 was received from peer >Managed_2_name.domain.com - Managed_2 IP instead of an SSL handshake.>
 
 
Can anyone please help me here and direct me to resolve this problem? What could be the problem area? Do I need to set up anything else?
 
 
Thanks in advance.

Running iphone exchange without SSL cert.

I have multiple exchange servers (for different companies)
for which I am trying to setup users Iphones,
the only one I have gotten to work is the company that has a
purchased certificate, one of the companies that has a self signed cert
seemed to accept it but never downloads the folders or mail, later
it starts requesting the user name and password which it does not accept.
I have other exchange servers that do have OWA enabled and working but do
not have a cert. I have tried SSL on and off with these, no diffrence.
what am I missing can iphone exchange work at all WITHOUT a cert?
sorry for the long post,
I've been working on this for almost 5 hrs now...:-(
thanks,
Jonathan

You probably CAN do this, but the question is WHY?
It might seem like a pain to obtain and install and configure the certificate, but if users besides the iPhone folks access OWA, then web browsers will probably throw up a lot of errors and warnings that are irritating to users and look unprofessional. If you are consulting or managing the servers for these companies I suggest explaining that in today's insecure environment, encrypted, authenticated email access is the only way to do this--and that getting the certificate is necessary. Godaddy.com probably sells them for around 30$/year for 3 years or so?
To your specific problem, can users access OWA on the server from their browser, but not the phone? There a a lot of problems that could happen--the company firewall may not be forwarding the traffic correctly or allowing http to the server, Exchange may not have non-ssl traffic allowed to the mobile website, etc.

When I try to set up my Optimum account email I get a message saying Cannot Connect Using SSL.

When I try to set up my Optimum email account I get an error message saying Cannot Connect Using SSL.

What mail provider is it?
Have you Googled for: setup XXX email on iPhone
where xxx is the provider
You can try going to Mail>the accounts>Advanced and turn Use SSL on or off, the opposite of what it is now.

SSL + Wallet Manager

Hi All,
I am trying to configure SSL on my application.I am using OHS11g. I got the certificate from CA. I downloaded the rootCA , primary and secondary Intermediate certificates. I have imported the rootCA first. When i try to import Primary CA then i am getting an error like *"Trusted Certificate Installation Failed" possible errors: Some trusted Certificates could not be installed and Trusted certificate is already present in the wallet* . Then i try to import the user certificate then its giving the error like "user *certificate import has failed because the ca certificate does not exist"*. I tried some combination like removed rootCA and imported PrimaryCA. Then also i am getting the same error.
Please let me know a solution for this.
Thanks,
Manikandan

Different animal, I have notes : (Older, but I think OK)
Oracle 10G SSL Configuration
There are three major steps needed to configure SSL in OracleAS 10g:
I. Create an Oracle Wallet which contains an SSL Certificate.
II. Configure httpd.conf directives to enable SSL with OHS.
III. Configure the opmn.xml to enable Oracle Application Server 10G to allow SSL with OHS.
STEP I: Configuring Oracle Wallet Manager (OWM)
=========================================================================
1. Start Oracle Wallet Manager from the OracleAS 10g $ORACLE_HOME.
Note: If you wish to use AutoLogin features you must start OWM as
the user owning the httpd parent process.
To start Oracle Wallet Manager:
On Windows: select Start -> Programs -> OracleAS 10g - ORACLE_HOME -> Integrated Management Tools -> Wallet Manager
On UNIX: enter "owm" at the command line.
2. Create an Oracle Wallet which contains a SSL Certificate:
- Select Wallet -> New
- Enter a password for the wallet (e.g Welcome1)
- Create a Certificate Request.
- Enter the details for the request. For example:
Common Name: <host.domain>
Organizational Unit: Support
Organization: Oracle
Location: Reading
State: Berkshire
Country: United Kingdom
Key Size: 1024bits
* Common Name has to match the host.domain that the webserver is known as. This is the ServerName parameter in the httpd.conf file and the host.domain that users will access from the browser URL.
- Click OK.
- Click 'Certificate:[Requested]' and select from the Menu 'Operations' and 'Export Certificate Request'
- Save to a file (e.g server.csr)
- Select Wallet -> Save
- Save to a directory e.g /tmp/wallet/
- Open the file in a text editor and copy the contents of the certificate signing request.
An example is shown below:
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBtzCCASACAQAwdzELMAkGA1UEBhMCR0IxEjAQBgNVBAgTCWJlcmtzaGlyZTEQMA4GA1UEBxMHcmVhZGluZzEPMA0GA1UEChQGb3JhY2xlMRAwDgYDVQQLFAdzdXBwb3J0MR8wHQYDVQQDFBZ1a2RoMTkzNC51ay5vcmFjbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYkFMb9x4ehsG3yQ2ub319GxPW+/TC3NSIYRLzEa49EziqBUr08R3Ssn9+6nolVjj1eb3rzwCfjiOSzsp1lSa/B9Vo63pwP6xLbCgF8J86YfcZvavgLzY0Yc1fPfRxpZkb/jjt+F1zkaI6Lilm5YU3bRNYMb36TAWxUYL1m6wZOwIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEACKXTmPHaSe3Lx3onnKJk/qI8SzpKyQC/B29vJGg1+7Lb7gl052Y9WKxbKHzOQOYr8yYxMXNBCUwW6kBAFoxTWSpIxIQOpJXcsu1RlHKaLfAnw053LiwpRB6do7MBrVgMRiv3AyTkJkgRzSxABWAgNpBPbhH+L6PZj5tSjOPErKA=
-----END NEW CERTIFICATE REQUEST-----
3. Request a Certificate from a Certificate Authority.
For the purposes of this note it is assumed you have OracleAS 10g Oracle Certificate Authority configured within your organization.(NB: If you want to use another CA then follow the next section then proceed on to Step II in this document.)
=======================================================================
Request a Certificate from a Certificate Authority:
- Load a web browser and go a Certificate Authority website of your choice.
The examples below are from www.thawte.com:
- Click on 'request your free trial'.
- Fill in the necessary name and address details etc. and 'Submit'.
- Paste in the certificate request into the box under the 'Certificate Signing Request' Section.
- Select "Test X509v3 SSL Cert" and hit "Generate Test Certificate"
- Once submitted the Trial Certificate will appear on screen similar to below:
-----BEGIN CERTIFICATE-----
MIICnDCCAgWgAwIBAgIDD9m+MA0GCSqGSIb3DQEBBAUAMIGHMQswCQYDVQQGEwJaQTEiMCAGA1UECBMZRk9SIFRFU1RJTkcgUFVSUE9TRVMgT05MWTEdMBsGA1UEChMUVGhhd3RlIENlcnRpZmljYXRpb24xFzAVBgNVBAsTDlRFU1QgVEVTVCBURVNUMRwwGgYDVQQDExNUaGF3dGUgVGVzdCBDQSBSb290MB4XDTAxMTAyNDE0MDIxOVoXDTAxMTExNDE0MDIxOVowdzELMAkGA1UEBhMCR0IxEjAQBgNVBAgTCUJlcmtzaGlyZTEQMA4GA1UEBxMHUmVhZGluZzEPMA0GA1UEChQGT3JhY2xlMRAwDgYDVQQLFAdTdXBwb3J0MR8wHQYDVQQDFBZ1a3AxNTkxOC51ay5vcmFjbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDiQbg8KHjQ8hazvFe+OFhQa6ka+i5oShUty1MhlH+//xXP+j82h4VlyPG6IGKeQdXLhnKXgLuxTZ8/VDtLZyucmpIB95o2A3Betjp7UdImC572rKrQTA+1mCt/KLWcNE+fQuCmhloaERh3jsWTng0TKsDpJeAJdW2F4tCy/E/EMwIDAQABoyUwIzATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBACffzyC3qvAlvNWc6mBPMjFu6XWUGZBuNawFCz8qGw5/ce3rWFNI4zOjc1OncoJg7FjDJgAWqiJFHgdV4gwQm/8lTJX6wD1FhMtrJDXf29ei1DAe8kBOBWiFMio8Qjp24TdxoI6/53/32ydl91CPtTKAix3SaC2bBS5lG73AbKRr
-----END CERTIFICATE-----
- Copy the certificate to a file called server.crt
- Get the Trusted CA Root certificate by accessing:
https://www.thawte.com/roots/index.html
- Copy the certificate that appears on the screen to a file called servertest.crt
- Ftp or move the files to a directory on your server
- In Wallet Manager select Operations -> Import User Certificate.
- It will then ask you if you want to Paste the certificate or load from a file. Choose 'Select a file that contains a certificate'.
- Select the file server.crt and hit OK.
- At this point, the Wallet Manager may complain that the Trusted CA Root Certificate does not exist in the wallet. It will ask if you want to import it now. Select Yes. See Below
- Select 'Select a file that contains a certificate' and select the servertest.crt file.
- If this completes successfully you should see Certificate:[Ready] and the Thawte Test CA Root will appear in the list of trusted certificates.
- If you desire Oracle HTTP Server to AutoLogin to the Wallet, then select AutoLogin. (Wallet Manager must have been started as the owner of the httpd parent process for this to work).
- From the menu, File -> Save
Save the Wallet in a directory where the 9iAS user has permission to access
* If you generated your test certificate via www.verisign.com there is an additional step required if OWM is not accepting the Trusted CA Root Certificate. The step is as follows:
In OWM, at the point of message "User certificate import has failed because the CA certificate does not exist". You are expected to import the CA certificate. For Verisign, that would be the 'Test CA Root' for the Trial version. Verisign's email has instructions on how to download the Test CA Root. One problem with the Test CA Root is that it is saved as DER encoding, but OWM expects BASE64 encoding.
Please do following, using Internet Explorer 5.X as example.
1. Following Verisign instructions and install Test CA Root certification into IE.
2. Export 'Test CA Root' from IE in BASE64 format Tools -> Internet Options -> Contents -> Certificates -> Trusted Root Certificate Authorities
Select CA issued by Versign with following Description in 'Issued to' column
"For Versign authorized testing only ....."
Export -> Next -> select Base-64 encoded X.509(.cer)
The file saved must me accessible to OWM
3. When prompted to load 'CA certificate ', provide the Base64 encoded file. Then, continue where you left off when OWM did not accept your Trusted CA Root Certificate.
Access the URL from which the OCA install resides (e.g.https://host.domain:4400/oca/user)
- Note, the first time you access this site from a browser, the browser will inform you that the certificate is not trusted. Depending on your environment the following is required:
On Windows using IE (tested with 5.5), accept the certificate for the session and then once the OCA page has been loaded, select 'click here to import the certificate authority certificate into your browser'. This will prompt you to download and install a file called certImport.cer. Double click on this file and then select “Install Certificate” to launch the Certificate Import Wizard.
From there, follow the wizard to successfully import the certificate into the browser. The certificate can then be managed by going to Tools -> Internet Options -> Content -> Certificates.
On Unix using Mozilla (tested with 1.0.1), select the option to Remember this certificate permanently and once the OCA page has been loaded, select 'click here to import the certificate authority certificate into your browser'. A dialog box will then prompt to trust host? for the following purposes:
- Trust this CA to identify web sites.
- Trust this CA to identify email users.
- Trust this CA to identify software developers.
Once one or more of these options are selected, the certificate has been imported and can be found under:
Edit -> Preferences -> Privacy and Security -> Certificates -> Manage Certificates -> Authorities -> Certificate Name is Oracle Corporation.
On Unix or Windows, using Netscape (tested with 6.0), a dialog box will prompt you with the following options:
- Accept this certificate permanently.
- Accept this certificate temporarily for this session.
- Do not accept this certificate and do not connect to this web site.
As long as the third option is not selected the prompt will be eliminated. Once the OCA page has been loaded the option to select 'click here to import the certificate authority certificate into your browser' will bring up a pop-up prompting you to trust name? for the following purposes:
- Trust this CA to identify web sites.
- Trust this CA to identify email users.
- Trust this CA to identify software developers.
Once one or more of these options are selected, the certificate has been imported and can be found under:
Edit -> Preferences -> Privacy and Security -> Certificates -> Manage Certificates? -> Authorities.
- In the URL https://host.domain:4400/oca/user, click on the Server/SubCA Certificates
- Click 'Request a Certificate'
- Paste in the certificate request and fill in the form details. For example,
PKCS#10 Request:
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBtzCCASACAQAwdzELMAkGA1UEBhMCR0IxEjAQBgNVBAgTCUJlcmtzaGlyZTEQMA4GA1UEBxMHUmVhZGluZzERMA8GA1UEChQIY29tcGFueTExDjAMBgNVBAsUBWRlcHQxMR8wHQYDVQQDFBZ1a3AxNTg0OS51ay5vcmFjbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBU47J7Ob5N7lBTcztAzkJQ9jx8atJayrTVjVh3io6a0NIS98ADdc3+/ECKL4i8SfDnnSQKFw/tKv3snF0H86JFphoRoExrOA2ZdJPEunzH4u2nkRadZGGtZqzG1L+1jIYLJ669zh0k7XJQJgG8oQyBGDaCtbRQSniHZMEWXDbBQIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEADfwkv3WUngj5cCnxOHNQ3A3q7bWWZWrz0pHt+QHXFDEwrRsz7qUQY/JijIWfS67ekh71R/6eDysCRZGP+/dXOcxTZM/x4VS2INeY+scGWiXvaU8NLC2YxPYYNl38Wl19MIIW8VF0PaZRBtL4Ntgadc54Qei2EXUJJXmkgHi1PBE=
-----END NEW CERTIFICATE REQUEST-----
Name: Fred Bloggs
Email: [email protected]
Certificate Usage: SSL/Encryption
Validity Period: 1 year
- Hit the 'Submit' button
- A page will appear similar to the following:
Information
Your certificate request is accepted. Administrator will contact you for certificate issuance. Your request ID is "4". Please use this request ID for future reference.
4. If you are not the Certificate Authority, then wait until the CA has contacted you to say the certificate is ready and then proceed on to step (5).
If you are the Oracle Certificate Administrator then perform the following:
- Access the OCA Administration page from which the OCA install resides (e.g. https://host.domain:4400/oca/admin)
- Click on the 'Certificate Management' tab
- Here you will see the Certificate Requests awaiting action.
- Select the radio button for "Request ID" 4. Select 'View Details'
- This will bring up a page similar to the following:
Certificate Request Information
Status : PENDING
Certificate Type : server
Certificate Usage : SSL, Encryption
Serial Number : 4
Subject DN : CN=midtier.uk.oracle.com,OU=dept1,O=company1,L=Reading,ST=Berkshire,C=GB
Request Date : Tue Sep 16 14:17:15 BST 2003
Algorithm : RSA
Exponent : 65537
Subject(Requestor) CN=midtier.uk.oracle.com,OU=dept1,O=company1,L=Reading,ST=Berkshire,C=GB
Validity Period: 365 days
- Select 'Approve'
- You will get a page similar to the following:
Certificate Request is approved. The serial number of the issued certificate is "5". Requestor Name: Fred Bloggs Requestor Email: [email protected]
5. Once the certificate has been approved, access the following URL:
https://host.domain:4400/oca/user
- Click on the 'Server/Sub CA Certificate' tab
- Select "Search" -> "Certificate Request" -> "ID/Serial No."
- Enter number 4 in the box, where 4 is the request ID number as per step 4)and select 'Go'
- A page shoud be displayed similar to the following:
Request ID 4
User DN CN=midtier.uk.oracle.com,OU=dept1,O=company1,L=Reading,ST=Berkshire,C=GB
Request Type server
Request Date 16 September 2003
Status Certified
Serial Number 5
As the status is certified we know the certificate has been issued and we can download it. Click on the Serial Number (e.g 5) and this will display a page with the base 64 certificate:
BASE64-Encoded Certificate.
-----BEGIN CERTIFICATE-----
MIIDqjCCApKgAwIBAgIBBTANBgkqhkiG9w0BAQQFADBKMQswCQYDVQQGEwJHQjEPMA0GA1UEChQGT3JhY2xlMRAwDgYDVQQLEwdTdXBwb3J0MRgwFgYDVQQDFA9SdXNzIFN1cHBvcnQgQ0EwHhcNMDMwOTE2MTMyNjMxWhcNMDQwOTE1MTMyNjMxWjB3MQswCQYDVQQGEwJHQjESMBAGA1UECBMJQmVya3NoaXJlMRAwDgYDVQQHEwdSZWFkaW5nMREwDwYDVQQKFAhjb21wYW55MTEOMAwGA1UECxMFZGVwdDExHzAdBgNVBAMUFnVrcDE1ODQ5LnVrLm9yYWNsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMFTjsns5vk3uUFNzO0DOQlD2PHxq0lrKtNWNWHeKjprQ0hL3wAN1zf78QIoviLxJ8OedJAoXD+0q/eycXQfzokWmGhGgTGs4DZl0k8S6fMfi7aeRFp1kYa1mrMbUv7WMhgsnrr3OHSTtclAmAbyhDIEYNoK1tFBKeIdkwRZcNsFAgMBAAGjgfEwge4wDAYDVR0PBAUDAwfoADCB3QYDVR0fBIHVMIHSMIHPoIHMoIHJhoHGbGRhcDovL3VrcDE1ODQ5LnVrLm9yYWNsZS5jb20vMzg5L2NuPW9jYTEsY249Q1JMVmFsaWRhdGlvbixjbj1WYWxpZGF0aW9uLGNuPVBLSSxjbj1Qcm9kdWN0cyxjbj1PcmFjbGVDb250ZXh0P2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/b25lP29yY2xQS0lJc3N1ZXJETj1DTj1SdXNzIFN1cHBvcnQgQ0EsT1U9U3VwcG9ydCxPPU9yYWNsZSxDPUdCMA0GCSqGSIb3DQEBBAUAA4IBAQAmZ6k2J9S3WJ08jHKx4o3zKp+3YMYoAkeiIGK5JerIWpc2n7knPW6zkuGTQaO7t0E2Uj8LKNny 62ZSZtqw6s0Myb0beYDwHpmUxp4AypL/LVPhz4KZt8eOa0lkDQJUJzvCbxvauQRzIgsBKsm3WP1tdDuogNY1loRzhI24MlIN8+7z5ZU1FrEGiANMMgZNbvTTs7Jny3K7IuJTKNhxK2is6uV1hoaAENdQaFdfpRMbHmgOVJcrocRIPzzod5MJlTUNQjPqyLuiQMndrnLPd+tn1VCoJwzNW54nAWBNFrVZJB3DdcA1GXYMqpe8UdwaaCn5AvMV6YJnE3swOEvgRypU
-----END CERTIFICATE-----
- Click on 'Download Certificate' and save to a file (e.g server.crt)
- Select the 'Home' tab and then select 'click here to download the Certificate Authority certificate to your file system' and save to a file (e.g rootca.crt).
This is the rootCA that has to be loaded in the wallet.
6. Load the root CA and server certificate into the wallet.
In Wallet Manager select Operations -> Import Trusted Certificate.
- It will then ask you if you want to Paste the certificate or load from a file. Choose 'Select a file that contains a certificate'.
- Select the file server.crt and select OK.
- At this point, the Wallet Manager may complain that the Trusted CA Root Certificate does not exist in the wallet. It will ask if you want to import it now. Select Yes.
- Locate 'Select a file that contains a certificate' and select the rootca.crt file.
- If this completes successfully you should see Certificate:[Ready] and the Oracle Certificate Authority Root certificate will appear in the list of trusted certificates.
- If you desire Oracle HTTP Server to AutoLogin to the Wallet, then select AutoLogin. (Oracle Wallet Manager must have been started as the owner of the httpd parent process in order for this to work).
- From the menu, select File -> Save. Save the Wallet in a directory.
Note : After Certificate has been signed :
Import rootca.crt as trusted CERT.
Import server.crt as user CERT.
STEP II: Configuring Oracle HTTP Server (OHS)
=========================================================================
Starting in Oracle Application Server 10G, all SSL related directives are stored in $ORACLE_HOME/Apache/Apache/conf/ssl.conf.
1. Please review the default directives in the ssl.conf file that relate to SSL by opening the file in a text editor and search on "SSL". If you have not already done so, please make a back up of this file. Do NOT hand edit this file without reading the precautions in the 10G Documentation. You should use the Enterprise Manager (EM) Application Server Control to modify this file:
Farm > Application Server: sid.host.domain > HTTP Server > Administration Tab> Advanced Server Properties > Edit ssl.conf.
2. For SSL to work, the SSL 'listen' port must match the "VirtualHost _default_" directive within the file. All other SSL parameters are set to the default, and you can modify at a later time, depending on your needs.
## SSL Support
Listen 4446
#4446 is the SSL port number.
## Further down in file:
<VirtualHost default:4446>
For the purposes of a basic SSL configuration, you should only need to change the following directives:
SSLWallet
SSLWalletPassword
3. Change the SSLWallet directive to the path where you saved your wallet, i.e: SSLWallet file:/tmp/wallet
- If you did not select AutoLogin, then you need to change the SSLWalletPassword to your clear text Wallet password by adding the following into your ssl.conf
SSLWalletPassword <yourPassword>
- If you wish to encrypt the SSLWalletPassword refer to the following:
[NOTE:184677.1] - How to Use IASOBF to Encrpyt a Wallet Password Within 9iAS Release 2.
- Save the configuration
- Run dcmctl updateconfig -ct ohs if you did not use EM Application Server Control and used a text editor to update the file.
STEP III: Modifying opmn.xml to allow OHS with SSL
=========================================================================
By default, SSL is turned off in HTTP Server for Oracle Application Server 10G.In order for SSL to work you must update the opmn.xml file to re-enable SSL.
1. Do NOT hand edit this file without reading the precautions in the 10G documentation. You should use the Enterprise Manager (EM) Application Server Control to modify this file: Farm > Application Server: sid.host.domain > Process Management.
2. Edit the ORACLE_HOME/opmn/conf/opmn.xml and change ssl-disabled to ssl-enabled,
e.g:
<ias-component id="HTTP_Server">
<process-type id="HTTP_Server" module-id="OHS">
<module-data>
<category id="start-parameters">
<data id="start-mode" value="ssl-enabled"/>
</category>
</module-data>
<process-set id="HTTP_Server" numprocs="1"/>
</process-type>
3. Save the changes
4. Run dcmctl updateconfig -ct opmn if you did not use EM Application Server Control and used a text editor to update the file.
5. Run opmnctl reload
6. Restart the Oracle HTTP Server
7. Test a URL to Oracle HTTP Server in SSL mode: https://<host.domain>:<port>
Note : After the restart of the Oracle HTTP Server, if you can’t access the site in SSL mode, restart the entire opmn process by issuing:
##### For Forms, you must change the JPI download page to use https instead of http in the $ORACLE_HOME/forms/server/formsweb.cfg file otherwise you’ll get “Page contains both secure and non-secure items” warning.
Opmnctl stopall
Opmnctl startall
Then retry.

HT201320 When i try to set up my mail account and get to save/verifying - I get a notice saying Cannot Connect Using SSl-

When i try to set up my mail acct. and get6 to save/verifying - I get a notice saying Cannot connect to SSL.

What mail provider is it?
Have you Googled for: setup XXX email on iPhone
where xxx is the provider
You can try going to Mail>the accounts>Advanced and turn Use SSL on or off, the opposite of what it is now.

SSL certificate expired for Google Mail

Hi there everyone, I am new here so please be gentle with me! I have had a Palm Pre on the 02 network since October and have been able to use my email fine. I use Googlemail and 02 using IMAP and today it keeps giving me error messages saying the SSL certificate has expired. I have tried turning SSL on and off, and have downloaded the software update for Palm OS but it's still not working. Is there an easy fix for this? If I change to POP will that work and how do I do that? Many thanks. Hellywobs.
This question was solved.
View Solution.

Just to say that I have solved this from another source - the date was wrong on my phone. No idea why, but now I've set the date to today, it's working again. I went to the Date and Time App and made the change. Just thought I would post here in case anyone else has the same trouble - it is an easy solution.

Cannot send email from the Mail App?

I've had an izymail subscription for 1 year and just renewed it last week. I could never send an email from my Mail App without a window popping up stating "izymail cannot connect to the server" and the sending bar (along the bottom of the screen) just freezes and will not send.
I've a Hotmail account linked up to izymail. Anyone know how to fix this problem?

I fixed my problem - I deleted my email account on my iPhone, then tried to setup a new account. I had a few problems setting it up. It wouldn't recognize the incoming or outgoing servers and I lost my email altogether for a few hours. Then I changed every setting possible and finally figured out that I had 2-3 "Other SMTP Servers" as well as my "Primary Server". Once I deleted the Other SMTP Servers, my email worked and i'm able to send emails now!
I also think changing the "Server Port" number helped solve my problem also, and making sure "Use SSL" was turned off.

Can not start Enterprise Manager web page

I can not start Enterprise Manager web page.
Here is my steps:
1. Start enterprise manager
emctl start
Waiting for EM to initialize ...Started
2. Check status:
emctl status
EMD is up and running : 200 OK
3. Start the web page
http://myhost:1810/
4. get following error
"There was no response. The server could be down or is not responding"
System info:
Database: 8.1.7.2
OAS: 9.2.0.2
JDK: 1.3.0_02
Server OS: SunOS 5.8
My question is where is the log file of enterprise manager and what the problem is.
Thanks in advance
Don

diego,
Thank you for your help. when I try your command I get following error:
emctl start iasconsole
Unknown command option
Usage::
emctl start|stop|status
emctl reload | upload
emctl set credentials [<Target_name>[:<Target_Type>]]
emctl gencertrequest
emctl installcert [-ca|-cert] <certificate base64 text file>
emctl set ssl test|on|off|password [<old password> <new password>]
emctl set password <new pwd>
emctl authenticate <pwd>
emctl switch home [-silent <new_home>]
emctl config <options>
emctl config options can be listed by typing "emctl config"

I cannot send email on my iPad

Hi, I'm using ios5 on a 32gb wifi ipad2.
Before upgrading my brand new iPad from ios4.xxx I was sending emails fine. Now the iPad email app will show sending...for ages then a message will appear saying; could not send mail. Smtp server for xxxx could not be verified....or something along those lines. This is the same email account that I use on my iMac without any issues.
The email account causing me problems was synced from my iMac using iTunes originally and I have not made any changes to any settings that came over from the iMac.
Since the problem arose, I have trawled the net looking for fixes. I've tried erasing and resetting the iPad. That is both partial and total erase and reset. Neither fixed the problem.
I have also tried various wifi networks around town to verify the issue. I do not think it is a wifi issue or my own wifi settings.
I have tried re-entering my mail accounts settings manually but that did not fix it either.
Has anyone had or is having this issue with ios5? Has anyone found a fix?
It is a deal breaker for me and I am considering send this thing back.
Thank in advance
Tonino

Hey rbrylawski, just wanted to let you know that my ipad email problems have been solved. Called Apple Sup in OZ, I'm in NZ. Daniel Barber was the support tech from heaven!! I was about to return the ipad but solving this issue reset my faith in phone support.....perhaps until I call a differnet companys phone support eh? Anyhow, for reference the fix is below. My accounts are all POP not IMAP, and the primary smtp server setting had defaulted to have SSL switched on and the port was set to 5XX (something, cant remember). Anyhow, SSL was switched off and the port was swithced to 25. VOILÀ!! Settings/Mail, contacts, calendars/My POP mail account/smtp/primary server/ >>> server on, no username and password, use SSL off, no authentication, Server Port 25 Thanks for having a crack at it. This might help when assisting another user. Cheers Tonino

Sub-account cannot send email from Apple Mail

I've tried setting up two sub-accounts to send/receive email but no matter what I try, these accounts error out on sending email. Looks like they aren't recognized by smtp server. Is there a different setting for sub-accounts?

I fixed my problem - I deleted my email account on my iPhone, then tried to setup a new account. I had a few problems setting it up. It wouldn't recognize the incoming or outgoing servers and I lost my email altogether for a few hours. Then I changed every setting possible and finally figured out that I had 2-3 "Other SMTP Servers" as well as my "Primary Server". Once I deleted the Other SMTP Servers, my email worked and i'm able to send emails now!
I also think changing the "Server Port" number helped solve my problem also, and making sure "Use SSL" was turned off.

Cannot send mail from iPhone using Godaddy account/email

Was working perfectly until recently. Incoming mail still ok.
Now get error message when sending mail "Cannot Send Mail - The connection to the outgoing server "smtpout.secureserver.net" failed.
Have tried various fixes including using cwmx.com server, other ports and SSL on and off but no luck.
Have spoken to Godaddy support but they can't help as say must be local issue with iPhone.
Is GoDaddyGuy out there?

SizzyB and Joe,
I've read over your posts and see that you've both tried a few different troubleshooting steps with our support. The next step would be removing the whole email address from your iPhone and setting it back up. When you set up the email address, you should use the step by step walk through instructions available at http://help.godaddy.com/article/3423.
SizzyB, please note that cwmx.com is an AT&T specific server. Your UK provider might list a comparable SMTP server as a default or you might need to contact them to get their settings.
Joe, I would also like to note that you would specifically need to have our Unlimited email plan to utilize the IMAP service feature.
If either of you have further issues, please post the full details (including any errors messages you receive) and we'll continue to work on a solution.

IPhone delivering email to wrong account?

Greetings! Just picked up an iPhone over the weekend and most everything is running smoothly...except for one thing...
Just to see how things would go, I added four email accounts to the iPhone...two GMail, one RoadRunner and the one through my work (POP3, non-Exchange, set up here on my home laptop with no problems) I didn't receive any errors during setup or when sending or receiving email...at least none that I can see. As a test, I sent an email from one of my Gmail accounts (from my laptop) to my work email, and the email was delivered to my iPhone...but not to my work account. It was delivered to the "default" account...which wasn't my work account.
Is this how it's supposed to be working...everything delivered to one inbox?
A bit of additional info...I deleted and readded the accounts three times, so it wasn't just a one-time problem. The last time, I deleted all of the email accounts except my work account...and now nothing is being delivered to my work email account, so I have no idea what is going on there.
Any ideas...or education (in case I"m misinformed on how the mail accounts work on the iPhone) would be greatly appreciated.
Thanks.
Message was edited by: snarkwife

Alrighty...here we go.
I have the same result whether I'm on wi-fi or EDGE. I've been on wi-fi all morning and just tested on EDGE before posting this reply. I also confirmed via our webmail access there are indeed, three emails waiting to be downloaded.
All accounts have been deleted except for work. I checked my account settings in Entourage and neither required SSL, so I set the iPhone account's SSL requirements to "Off" for both outgoing and incoming.
I think this might be the problem...but then it would raise another issue. The SMTP server does require authentication, and I entered both my username and password in the Outgoing Mail Server settings. In Advanced, I selected "Password" for authentication...and here's the weird thing...it keeps reverting back to NTLM after I exit out, try to receive and then go back into the settings.
This isn't QUITE driving me nuts yet...but close.
Thanks!
Message was edited by: snarkwife

Error while running multiple Smart Publishing Wizards

Sorry this is so long....
When I run multiple publishing wizards (two separate source
folders to two separate destination folders) I get an error stating
"The process cannot access the file because it is being used by
another process." The file is not identified and the result varies.
I have seen the following because of this error:
1. The first publishing job completes OK but the second
wizard has to be restarted.
2. The first job resets back to the dialog where you click
Finish to start it and the second continues OK.
3. The first job resets and the second job errors when it
gets to the end of the copy.
I have been just running them one at a time but am now
maintaining 80+ sites supported by 3 project files and it doesn't
matter if the Wizards are publishing from different projects. I get
the same problem if just clicking publish from the Build dialog in
the RH project. Basically any time two publish jobs are running
they crash each other.
I've started to use batch files with xcopy statements to move
the sites from my C: to the Web server (mapped drive on the
network). I haven't seen any problems with this approach and I can
launch as many jobs as I want.
I would welcome any advice or conjecture as to resolving the
Wizard problem and any concerns with using the xcopy?

I also get the problem if from teh same project I generate
say 4 SSLs then kick off four Smart Publishing Wizards to publish
each. You can't do this by clicking Publish from the generate
dialog because RH dedicates itself to the task. So I use the Smart
Publishing Wizard from the Toolbox.
I did set up the xcopy to only copy changed files using /D
parameter. It works well and I was going to write a manager to
allow me to kick off common groupings of copies with one click and
a little monitoring app to watch it and let me know when complete.
Before I did all that I just wanted to see if the wizard
behavior is normal or if I have a problem that can be
corrected.

IChat in Lion simply doesn't work

I have a 2008 Mac Pro that has been through Leopard, Snow Leopard and now Lion upgrades.
And a 2011 MacBook Pro that saw an upgrade to Lion.
I cannot get iChat to work on either machine. Both have been transported to several different locations (hence different ISP's and router configurations), I have tried deleting and re-adding my AIM account on both machines as well. Have tried SSL on and off, Wifi, Ethernet connections. Nothing seems to work.
Username and password are obviously fine. It simply doesn't change from "offline". I have tried changing via Status, via iChat > Log In, nothing. No messages, no error messages, its like it doesn't even realize I'm giving it a command. Have also tried changing port settings, connecting without a router at all, etc. I'm very confident it is a software issue/bug, not something with my connection. As it worked just fine before the Lion upgrade (on both machines)
Any suggestions?

Hi,
Thanks for the Points.
The steps were listed in the least Destructive first.
They also served to show that it could be one or two causes.
The IMAgent issue has the possibility of messing up Face Time as well.
The Keychain issue could cause you issues with several apps like the Address book and Mail as well as Face Time and iChat due to the interlinking created by the Address Book use of your Contacts' info.
Although the last does and is sometimes the only course of action it is relatively extreme and lacks a certain finesse.
Doing all three without checking in between is a bit over the top in my book, and misses out of the staged learning I was trying to also get across.
Glad to hear you have it working.
8:49 PM Thursday; October 6, 2011
Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
 G4/1GhzDual MDD (Leopard 10.5.8)
 MacBookPro 2Gb( 10.6.8)
 Mac OS X (10.6.8),
"Limit the Logs to the Bits above Binary Images."  No, Seriously

SSL... on or off?

Similar Messages

Maybe you are looking for