SSL & URL Problem

I have a customer who requires client access to specific SSL / https content on different servers using different TCP port numbers.
Using standard http we used the 'url' command in the content rules as follows:
url "/scripts/wgate/webgui_TST*"
However, when we try this in a content rule using SSL it doesn't work as (I presume) the SSL Hello never gets responded to.
I have seen a few messages already posted highlighting this problem.. Does anyone have any suggestions on workaround options..? Is there a way to redirect SSL / https traffic.?
My contnent rule for standard http looks as follows:
content standard-http
add service sss02-83
add service sss03-83
vip address xxx.xxx.xxx.xxx
balance aca
protocol tcp
port 80
url "/scrs/wate/webgui_STS*"
advanced-balance arrowpoint-cookie
active
I need to do the same but using SSL..
Any help would be appreciated.
Cheers....J Pepper
EDS

Steve,
Thanks for the reply.
We did come up with a workaround using the 'redirect' command in the main http Contnet Rules. This 'redirected' user traffic to a different url which in turn pointed at a Contnet Rule / VIP configured for SSL. This means users only ever had to remember specific business http url's
An extract from our test config is shown below. It seems to work ok. Do you see this as a valid configuration.?
content abc-http
vip address 192.168.1.100
balance aca
protocol tcp
port 80
url "/scs/ate/gui_TST*"
advanced-balance arrowpoint-cookie
redirect "https://wwwtst.tst.zero.com/scs/ate/gui_TST/!"
active
content ssl-abc
add service ssl-as02-ts-port-1443
add service ssl-as03-ts-port-1443
advanced-balance ssl
application ssl
balance aca
vip address 192.168.1.101
protocol tcp
port 443
url "/*"
active
Cheers...John

Similar Messages

ACE module SSL url rewrite and path rewrite

Hi all,
I'm hoping some of you helpful people on this forum can guide me or suggest a solution to a problem I'm faced with.
I am currently load balancing exchange 2010 traffic via an ACE module. Software version is A2(3.3). I have most parts of it working fine however I am having an issue when it comes to SSL termination for Outlook Web Access (OWA).
The problem comes down to a HTTP header (field is location). I have configured an action list to re-write the SSL pure URL as per page 96 of the "Cisco Application Control Engine Module SSL Configuration Guide". example:
ssl url rewrite location bnecas\.mycompany\.com sslport 443
That part works, the http header location field that comes back from the GET request is changed to https://cas.mycompany.com which is great. However, in addition to that url, there is also a path or something following that part. The actual string that is returned is:
https://cas.mycompany.com/owa/auth/logon.aspx?url=http://cas.mycompany.com/owa/&reason=0
The first bit of it, (https://cas.mycompany.com) is changed by the ssl url rewrite command, however the last part (http://cas.mycompany.com/owa/&reason=0) isn't changed.
This is where I've been trying to get the http Header Rewrite command to do something. I don't know if it can work in conjunction with the ssl url rewrite function however with the ssl rewrite function it seems it can't change bits of the string that aren't the pure URL at the front.
The end result is that while I have an SSL connection to the OWA login page, when I do login to OWA it reverts back to HTTP. I'm fairly sure it is because of the last part of the location string above. Is there a way to change that location string to do the following:
1. change the first part of the string to be https://cas.mycompany.com (like the ssl url rewrite function)
2. change the last part of the location string to put https in there instead of http
Ideally I would love to have this string
http://cas.mycompany.com/owa/auth/logon.aspx?url=http://cas.mycompany.com/owa/&reason=0
replaced with this one
https://cas.mycompany.com/owa/auth/logon.aspx?url=https://cas.mycompany.com/owa/&reason=0
I had originally tried the following in the action list:
header rewrite response location header-value "(owa/auth/logon\.aspx\?url=)http(://bnecas\.thiess\.aus/owa/&reason=0)" replace "%1https%2"
ssl url rewrite location bnecas\.mycompany\.com sslport 443
but it didn't work. I'm probably screwing up the regex somewhere however there doesn't seem to be very clear examples anywhere I can find.
Any help will be greatly appreciated and of course I will be sure to rate every post that responds to my plea for help.
Brad

Hi Brad,
try this:
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
action-list type modify http X
header rewrite response Location header-value "http://(.*url=)http://(.*)" replace "https://%1https://%2"
we wont be using ssl url rewrite in this case
Also we will be needing persistence rebalance applied through application parameter map and apply that under the VIP class

HT3281 Podcasts from Current Tv, since three weeks prior to the Nov 2012 election have had a url problem and cannot be played on my mac mini 2011 with 10.8.2 and the latest Itunes? anyone know why ? I am in contact with Itunes now and they wanted screensh

Podcasts from Current Tv, since three weeks prior to the Nov 2012 election have had a url problem and cannot be played on my mac mini 2011 with 10.8.2 and the latest Itunes? anyone know why> ? I am in contact with Itunes now and they wanted screenshots of the problem, I can get these current tv episodes with a vpn and my isp says they are not blocking them, but i was surprised that prior to the election they were blocked, ?
I also can get them on my Android Samsung Galaxy note 2 with no problem but on the Macmini cannot>/? I Unsubscribed and subscribed many times but still no luck, any ideas? I am waiting for the senior advisor to get back to me on this issue. I am in THailand now where the problem is happening and as I said the ISP says they do not block any podcasts.I also do not want it on my iphone 5, so I have to wait and see why the mac mini is not getting it.

I seem to have fixed it by putting <div class="clearfloat"></div> after the navigation bar?

Wildcard host SSL URL rewrite

I'm working on setting up a URL rewrite that will work for all hosts of a specific domain. I could just do a ".*" in the action-list, but the business unit has requested that I restrict the rewrites to just URLs served up containing a particular domain and all of its various hosts. Would the action-list below work for *.blah.com? Like www.blah.com, apps.blah.com, etc? Thanks.
action-list type modify http blah-urlrewrite
ssl url rewrite location ".*\.blah\.com"

Hi,
That rewrite should do the trick
Cesar R
ANS Team

SSL URL REWRITE SYNTAX

Hi team.
I'm trying to write a SSL URL REWRITE expression but it doesn't work.
Imagine that I wuold write a location that covers:
www.cisco.com
www1.cisco.com/new
www.2.cisco.com/old
web.cisco.com
the fixed part here is ".cisco.com" and the headers and trailer can vary.
The experssion I wrote and doesn't work is:
.*\.cisco\.com
What I'm doing wrong?
Thank you!!

Hi David,
.*\.cisco\.com will match www.cisco.com and web.cisco.com but it will not match www1.cisco.com/new because "/". If you do .*\.cisco\.com/ then it will match www1.cisco.com/new and www.2.cisco.com/old but not www.cisco.com and web.cisco.com. I just tried that in regex builder. You can try that too. You can use .*cisco.com.* i.e wild cards both at begining and end. That should match everything before and after cisco.com.
Regards,
Kanwal

Url problem??

Hi!
I wanna know that what i should use to handle the url problem
like if there is a url
http://localhost:8080/myserver/mydir/home.jsp // mydir is physical dir
http://localhost:8080/myserver/mydir2/home.jsp
http://localhost:8080/myserver/mydir4/home.jsp
http://localhost:8080/myserver/mydir/index.html
how i can mapp more then one files regardles of only index.html file how i can map a ruquest to them like if user just enter
http://localhost:8080/myserver/mydir/
home.jsp should be shoown to him.
Waiting for reply.
Bye.

This has to do with webserver configuration, which one are you using?

Lync front end connectivity test fails (SSL certificate / URL problem)

We have a weird problem in our installation where Lync keeps complaining about connectivity issues to external reach proxy on our front end server.
The event log error codes are 41024 and 41026.
Here's the error from the snooper utility:
TL_ERROR(TF_COMPONENT) [0]1A14.0EE4::12/12/2014-10:31:30.901.0000000d (DataMCURunTime,DataProxies.ProcessResponse:1197.idx(601))
(0000000001595A27)Failed poking Proxy error=[The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.], type=[ExternalReachProxy], url=[https://dunords36.du.local:4443/Reach/DataCollaborationRelayWebService.svc]
The problem is that it makes the test with the INTERNAL FQDN (dunords36.du.local) and thus the SSL trust fails as the certificate is for our EXTERNAL FQDN on the front end server! I have verified this by testing the above URL with the external address and
the internal one. With the external one the certificate is OK.
If you're wondering; we do not use a reverse proxy. Instead we just have the firewall change the port and forward the traffic to our front end server. Our lync setup is a NAT'ed setup.
I know about the security risks so this is not what the discussion is about.
I can't find anywhere where i can change the above behaviour and tell lync to make the test on the correct, external FQDN. The settings in the topology builder all seems to be OK. And as you can see it does make the test on port 4443 which in our topology
builder is configured for our external FQDN.

Hi,
Would you please elaborate your Lync Server environment (Standard Edition or Enterprise Edition)?
Please double check if you enter the correct external base URL on Lync Topology.
Please also check if the SAN of FE Server certificate correctly.
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support

URL problems with SQL Server Reporting Services 2012 with wildcard SSL certificate

Hi,
I have single server, domain member, with SQL Server 2012 SP1 Reporting Services.
I am trying to get work with url: https://reports.mydomain.com
I have valid wildcard certificate (*.mydomain.com) implemented and configured URLs in Configuration Manager.
https://reports.mydomain.com/ReportServer - works fine
https://reports.3pro.hr/Reports/ - I got error:
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
In rsreportserver.config I have:
<Add Key="SecureConnectionLevel" Value="2"/>
When looking my ReportServerService_date.log file I have something like:
configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server internal url https://localhost:443/ReportServer.
configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server external url https://serverhostname:443/ReportServer.
configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using url root https://reports.mydomain.com/ReportServer.
configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server internal url https://localhost:443/ReportServer.
configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server external url https://serverhostname:443/ReportServer.
configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using url root https://reports.mydomain.com/ReportServer.
Also, error shown in log file:
appdomainmanager!ReportManager_0-2!4c50!03/10/2013-20:24:53:: e ERROR: Remote certificate error RemoteCertificateNameMismatch encountered for url https://localhost/ReportServer/ReportService2010.asmx.
ui!ReportManager_0-2!4c50!03/10/2013-20:24:54:: e ERROR: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException:
The remote certificate is invalid according to the validation procedure.
Btw, is there a way to delete/disable access using https://localhost and/or servername (not FQDN) since SSL will not work in this way for me, and I want access only by full url - https://reports.mydomain.com , not localhost ..
-- Hrvoje Kusulja

I spent one of my 4 free support incidents with Microsoft (part of MSDN subscription) this year to get this investigated. The tech support person helped me through several issues but had to leave to attend some training, and I got past the last hurdle
before she called me back. Here are the steps that resolved this issue for me. I know for sure that step 5 was necessary. Step 1 may not apply to you, and steps 2-4 may or may not have been necessary (they didn't immediately fix the issue,
but I didn't roll them back either so they may have been necessary.)
Step 1:
Ensure you are editing the correct rsreportserver.config file. I had been making changes to a file that was installed in C:\Program Files\Common Files\microsoft shared\Web Server Extensions\14\WebServices\Reporting, but that was a rsreportserver.config
file for some sharepoint integration that I'm not using. The correct path on my system was E:\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\rsreportserver.config, but yours may vary. If you can't figure it out, look in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft
SQL Server\MSRS11.MSSQLSERVER\Setup in the key named SQLPath, and then go to the ReportServer subdirectory of that path.
Step 2:
In rsreportserver.config, ensure that SecureConnectionLevel is set to the value 3. Was set to 0 in my configuration. Corrected line in your rsreportserver.confiog file should look like:
<Add Key="SecureConnectionLevel" Value="3"/>
Step 3:
In rsreportserver.config, add the correct value to the <URLRoot> element (which already exists in the file.) In my configuration, this value was blank. The value should be the fully qualified path to your report server, with a hostname that
is valid for your certificate. For example, if my cert matches *.mydomain.local:
<UrlRoot>
https://myserver.mydomain.local/ReportServer
</UrlRoot>
Step 4:
Ensure that your certificate exists in Trusted Root Certification Authorities in certmgr for the local machine. I had the certificate installed as a Personal certificate for the local machine, which I still think was correct (the certificate wasn't actually
the problem and worked correctly for Report Server, and the failure was caused by SSRS incorrectly making a https request to a localhost URL), but she had me remove the certificate from Personal and add it to Trusted Root Certificate Authorities. That
broke things and the cert was no longer listed as a cert I could bind to, so we then copied it so it existed in both Personal and Trusted Root Certificate Authorities. This is how I left it, not sure if that was necessary.
Step 5:
This was the fix that finally got things to work. In rsreportserver.config, add the same value to the <ReportServerUrl> element (which also already exists in the file) that you added in step 3. In my configuration, this value was also blank.
The corrected value should be the same as in step 3, for example:
<ReportServerUrl>
https://myserver.mydomain.local/ReportServer
</ReportServerUrl>
Then restart your report server (stop & then start in Report Server Configuration Manager), and the problem should go away. At least it did for me.
Good luck!

Problem opening SSL url

When I am trying to open https://xxxx:50101/irj/portal, I received The page can not displayed
1) The default trace contains one error mesage and warning message.
The error message is
Category: /System/Security/SSL
Location: com.sap.engine.services.ssl
Peer certificate is not trusted or expired.
The warning message is
Category: /System/Network
Location:com.sap.engine.core.manipulator.TCPRunnableConnection.init()
Cannot get input and output streams from socket. Connection is not initialized.
[EXCEPTION]
java.io.EOFException: Connection closed by remote host.
            at iaik.security.ssl.Utils.a(Unknown Source)
            at iaik.security.ssl.o.b(Unknown Source)
            at iaik.security.ssl.o.c(Unknown Source)
            at iaik.security.ssl.r.f(Unknown Source)
            at iaik.security.ssl.f.c(Unknown Source)
            at iaik.security.ssl.f.a(Unknown Source)
            at iaik.security.ssl.r.d(Unknown Source)
            at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
            at iaik.security.ssl.SSLSocket.startHandshake(Unknown Source)
            at com.sap.engine.services.ssl.factory.SSLSocket.startHandshake(SSLSocket.java:169)
            at com.sap.engine.services.ssl.factory.SSLSocket.getInputStream(SSLSocket.java:287)
            at com.sap.engine.core.manipulator.TCPRunnableConnection.init(TCPRunnableConnection.java:351)
            at com.sap.engine.core.manipulator.TCPRunnableConnection.run(TCPRunnableConnection.java:564)
            at com.sap.engine.frame.core.thread.Task.run(Task.java:64)
            at com.sap.engine.core.thread.impl6.SingleThread.execute(SingleThread.java:82)
            at com.sap.engine.core.thread.impl6.SingleThread.run(SingleThread.java:154)
Argument Objects: java.io.EOFException: Connection closed by remote host.
at iaik.security.ssl.Utils.a(Unknown Source)
at iaik.security.ssl.o.b(Unknown Source)
at iaik.security.ssl.o.c(Unknown Source)
at iaik.security.ssl.r.f(Unknown Source)
at iaik.security.ssl.f.c(Unknown Source)
at iaik.security.ssl.f.a(Unknown Source)
at iaik.security.ssl.r.d(Unknown Source)
at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
at iaik.security.ssl.SSLSocket.startHandshake(Unknown Source)
at com.sap.engine.services.ssl.factory.SSLSocket.startHandshake(SSLSocket.java:169)
at com.ap.engine.services.ssl.factory.SSLSocket.getInputStream(SSLSocket.java:287)
at com.sap.engine.core.manipulator.TCPRunnableConnection.init(TCPRunnableConnection.java:351)
at com.sap.engine.core.manipulator.TCPRunnableConnection.run(TCPRunnableConnection.java:564)
at com.sap.engine.frame.core.thread.Task.run(Task.java:64)
at com.sap.engine.core.thread.impl6.SingleThread.execute(SingleThread.java:82)
at com.sap.engine.core.thread.impl6.SingleThread.run(SingleThread.java:154)
Arguments: java.io.EOFException: Connection closed by remote host.
at iaik.security.ssl.Utils.a(Unknown Source)
at iaik.security.ssl.o.b(Unknown Source)
at iaik.security.ssl.o.c(Unknown Source)
at iaik.security.ssl.r.f(Unknown Source)
at iaik.security.ssl.f.c(Unknown Source)
at iaik.security.ssl.f.a(Unknown Source)
at iaik.security.ssl.r.d(Unknown Source)
at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
at iaik.security.ssl.SSLSocket.startHandshake(Unknown Source)
at com.sap.engine.services.ssl.factory.SSLSocket.startHandshake(SSLSocket.java:169)
at com.sap.engine.services.ssl.factory.SSLSocket.getInputStream(SSLSocket.java:287)
at com.sap.engine.core.manipulator.TCPRunnableConnection.init(TCPRunnableConnection.java:351)
at com.sap.engine
Before I got this error message, I noticed that my SSO certificate is expired. I updated the certifcate through Visual Administrator -> Services->Key Storage->TicketKeystore
OS Netweaver 7.01 SP8
If any one had solution for this issue, please reply to my thread.
Thanks
Ramesh.

Take a look at [SAP Note 1663313|https://service.sap.com/sap/support/notes/1663313]. There's a patch for your release.
Unfortunately I'm not on SP7 so I had to use the second solution:
- Open the Visual Administrator and login
- In Cluster, select Dispatcher -> Services -> SSL Provider
- select the line with port number in the Configuration tab corresponding to your web server (default 5xx01)
- remove all cipher suites except the following: SSL_RSA_WITH_RC4_128_SHA
- leave SSL Provider configuration
- Restart J2EE
Regards,
Sean

CSS SSL renewal problem

While renewing the ssl certification in CSS everything went fine while installation but after that when i checked with the following command
sh ssl associate rsakey | grep url(dont want to mention name)
i can see the previous as well as the new both key as associated and says yes
while the new should show yes and old should be no
same it is showing for cert
can anyone help me to sort out with this problem what it can be
Thanks in advance

Sagar,
Have you performed the "no ssl associate rsakey" and the "no ssl associate cert"?
After that, perform the "clear ssl file " and "clear ssl file rsakey "
HTH
Dave

SSL certificate problem on most https websites

Some https sites can not be reached in my system, and it is going to include more https sites as times goes by. I have noticed that the problem is the SSL certificate. I even check an arch iso and there I have the same problem. I tetsted two thing in case it rings any bell for you
omid@localhost›~⁑ curl -v https://github.com
* Rebuilt URL to: https://github.com/
* Adding handle: conn: 0x1757250
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x1757250) send_pipe: 1, recv_pipe: 0
* About to connect() to github.com port 443 (#0)
* Trying 192.30.252.128...
* Connected to github.com (192.30.252.128) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* Unknown SSL protocol error in connection to github.com:443
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to github.com:443
in which you can see the problem. But
omid@localhost›~35↵⁑ curl -v3 https://github.com
* Rebuilt URL to: https://github.com/
* Adding handle: conn: 0xf31250
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0xf31250) send_pipe: 1, recv_pipe: 0
* About to connect() to github.com port 443 (#0)
* Trying 192.30.252.129...
* Connected to github.com (192.30.252.129) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using RC4-SHA
* Server certificate:
* subject: businessCategory=Private Organization; 1.3.6.1.4.1.311.60.2.1.3=US; 1.3.6.1.4.1.311.60.2.1.2=Delaware; serialNumber=5157550; street=548 4th Street; postalCode=94107; C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=github.com
* start date: 2013-06-10 00:00:00 GMT
* expire date: 2015-09-02 12:00:00 GMT
* subjectAltName: github.com matched
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert High Assurance EV CA-1
* SSL certificate verify ok.
> GET / HTTP/1.1
> User-Agent: curl/7.33.0
> Host: github.com
> Accept: */*
>
< HTTP/1.1 200 OK
* Server GitHub.com is not blacklisted
< Server: GitHub.com
< Date: Fri, 06 Dec 2013 09:55:10 GMT
< Content-Type: text/html; charset=utf-8
< Status: 200 OK
< Cache-Control: private, max-age=0, must-revalidate
< Strict-Transport-Security: max-age=2592000
< X-Frame-Options: deny
< Set-Cookie: logged_in=no; domain=.github.com; path=/; expires=Tue, 06-Dec-2033 09:55:10 GMT; secure; HttpOnly
which seems OK. Is there even anyway to add certificate to avoid this strange behavior. I use an updated x86_64 KDE.
Last edited by nikta (2013-12-06 11:37:06)

[omid@localhost ~]$ ldd `which curl`
linux-vdso.so.1 (0x00007fff8bd7c000)
libcurl.so.4 => /usr/lib/libcurl.so.4 (0x00007f9f479c6000)
libz.so.1 => /usr/lib/libz.so.1 (0x00007f9f477b0000)
libpthread.so.0 => /usr/lib/libpthread.so.0 (0x00007f9f47592000)
libc.so.6 => /usr/lib/libc.so.6 (0x00007f9f471e7000)
libssh2.so.1 => /usr/lib/libssh2.so.1 (0x00007f9f46fbe000)
libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 (0x00007f9f46d51000)
libcrypto.so.1.0.0 => /usr/lib/libcrypto.so.1.0.0 (0x00007f9f46949000)
/lib64/ld-linux-x86-64.so.2 (0x00007f9f47c2b000)
libdl.so.2 => /usr/lib/libdl.so.2 (0x00007f9f46745000)
[omid@localhost ~]$ pacman -Q|egrep '(openssl|curl|ca-cert)'
ca-certificates 20130906-1
ca-certificates-java 20130815-1
curl 7.33.0-3
lib32-openssl 1.0.1.e-2
mingw-w64-openssl 1.0.1e-4
openssl 1.0.1.e-5
Last edited by nikta (2013-12-06 13:15:18)

Authorware IE7 and SSL processing problem

I have been using AW for about 14 years. Over the
last couple years, I have integrated my programs into a Learning
Management System. I noticed immediately that IE 7 caused my
Authorware courses to choke at the point I did an LMS Initialize
routine. Our LMS has SSL encryption. Some of the posts I've read on
the internet link the IE 7 problems to SSL processing. If I were to
have SSL processing removed from our LMS, would I still run into
errors with AW and IE 7? Any thoughts or comments are appreciated!
For any Adobe folks reading this - I have developed hundreds
of projects using AW - it is by far THE best tool for e-Learning,
application simulation, and assessments! It is in the best interest
of thousands of folks to upgrade it and keep it around!

More likely, or at least the first thing to check, is the
'iFrame'
workaround. Something in IE7 prevents the
ReadURL("javascript...")
function from working correctly. The workaround is to embed
the A'ware
file's HTML file into an iFrame in another HTML file that the
LMS calls.
Search the forum for quite a few posts detailing this.
If that doesn't work, then it could be an https issue; I've
had variable
luck with such URLs....but they do seem to work overall.
If https worked in previous versions of IE and your courses,
that's
likely not the issue with IE7 (but who knows for sure!).
Erik
cjgrange wrote:
>
I have been using AW for about 14 years. Over the
last couple
> years, I have integrated my programs into a Learning
Management System. I
> noticed immediately that IE 7 caused my Authorware
courses to choke at the
> point I did an LMS Initialize routine. Our LMS has SSL
encryption. Some of the
> posts I've read on the internet link the IE 7 problems
to SSL processing. If I
> were to have SSL processing removed from our LMS, would
I still run into errors
> with AW and IE 7? Any thoughts or comments are
appreciated!
>
> For any Adobe folks reading this - I have developed
hundreds of projects using
> AW - it is by far THE best tool for e-Learning,
application simulation, and
> assessments! It is in the best interest of thousands of
folks to upgrade it and
> keep it around!
>
Erik Lord
http://www.capemedia.net
Adobe Community Expert - Authorware
http://www.adobe.com/communities/experts/
http://www.awaretips.net -
samples, tips, products, faqs, and links!
*Search the A'ware newsgroup archives*
http://groups.google.com/group/macromedia.authorware

IOS SSL VPN problem

I am implementing a SSL VPN with IOS version 12.4(13r)T5 on a 2801 but when I try to connect to the tunnel mode with the latest svc (anyconnect-win-2.2.0133-web-deploy-k9.exe) with https://1.2.3.4/tunnel the ssl vpn client can't connect.
The error on the router is:
Jun 5 16:07:55.755: WV: Appl. processing Failed : 2
Jun 5 16:07:55.755: WV: server side not ready to send.
The following is the configuration:
ip local pool WEBVPN 10.0.0.140 10.0.0.150 group vpn2
webvpn gateway ISR2801-RM
hostname ISR2801-RM
ip address 1.2.3.4 port 443
ssl trustpoint TP-self-signed-50153718
inservice
webvpn install svc flash:/webvpn/svc.pkg
webvpn install csd flash:/webvpn/sdesktop.pkg
webvpn context vpn1
ssl authenticate verify all
url-list "eng"
url-text "wwwin-eng" url-value "http://wwwin-eng.cisco.com"
policy group vpn1
url-list "eng"
default-group-policy vpn1
gateway ISR2801-RM domain clientless
inservice
webvpn context vpn2
ssl authenticate verify all
policy group vpn2tunnel
functions svc-enabled
svc address-pool "WEBVPN"
svc split include 10.0.0.2 255.255.255.255
default-group-policy vpn2tunnel
gateway ISR2801-RM domain tunnel
inservice

Thanks for the reply !!!!
the configation is the following:
interface Ethernet 0
ip address 10.0.0.128 255.255.255.0
ip http secure-server
ip local pool WEBVPN 10.0.0.140 10.0.0.150 group policy-sslvpn2
webvpn gateway ISR2801-RM
hostname ISR2801-RM
ip address 1.2.3.4 port 443
ssl trustpoint TP-self-signed-50153718
ssl encryption aes-sha1
inservice
webvpn install svc flash:/webvpn/svc.pkg
webvpn install csd flash:/webvpn/sdesktop.pkg
webvpn context context-sslvpn1
ssl authenticate verify all
user-profile location flash:webvpn/sslvpn/context-sslvpn1/
url-list "eng"
url-text "wwwin-eng" url-value "http://wwwin-eng.cisco.com"
nbns-list cifs-servers
nbns-server 172.16.1.1 master
nbns-server 172.16.2.2 timeout 10 retries 5
nbns-server 172.16.3.3 timeout 10 retries 5
login-message "UNAUTHORIZED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED. You must have explicit permission to access this device. All activities performed on
this device are logged and violations of this policy may result in disciplinary action."
port-forward "portlist"
local-port 30019 remote-server ssh-server remote-port 22 description SSH
local-port 30020 remote-server mailserver remote-port 143 description IMAP
local-port 30021 remote-server mailserver remote-port 110 description POP3
local-port 30022 remote-server mailserver remote-port 25 description SMTP
policy group policy-sslvpn1
url-list "eng"
port-forward "portlist"
nbns-list "cifs-servers"
functions file-access
functions file-browse
functions file-entry
citrix enabled
default-group-policy policy-sslvpn1
gateway ISR2801-RM domain clientless
inservice
webvpn context context-sslvpn2
ssl authenticate verify all
user-profile location flash:webvpn/sslvpn/context-sslvpn2/
policy group policy-sslvpn2
functions svc-enabled
svc address-pool "WEBVPN"
svc keep-client-installed
svc dpd-interval gateway 30
svc dpd-interval client 300
svc rekey method new-tunnel
svc rekey time 3600
svc split include 10.0.0.0 255.255.255.0
svc default-domain cisco.com
svc dns-server primary 192.168.3.1
svc dns-server secondary 192.168.4.1
default-group-policy policy-sslvpn2
gateway ISR2801-RM domain tunnel
inservice
ISR2801-RM#show webvpn install status svc
SSLVPN Package SSL-VPN-Client version installed:
CISCO STC win2k+
2,2,0133
Mon 05/19/2008 12:58:52.34 v
ISR2801-RM#
WHEN I TRY TO CONNECT TO THE SSL CONTEXT 2 with a client
https://1.2.3.4/tunnel
* the ssl client installed on the pc tell me can't connect.
* on the router the log:
Jun 6 10:28:08.283:
Jun 6 10:28:08.283:
Jun 6 10:28:08.283: WV: Entering APPL with Context: 0x6AA85130,
Data buffer(buffer: 0x6C4B4280, data: 0xF5C043D8, len: 560,
offset: 0, domain: 0)
Jun 6 10:28:08.283: CONNECT /CSCOSSLC/tunnel HTTP/1.1
Jun 6 10:28:08.283: Host: host4-234-static.105-80-b.business.telecomitalia.it
Jun 6 10:28:08.283: User-Agent: Cisco AnyConnect VPN Agent for Windows 2.2.0133
Jun 6 10:28:08.283: Cookie: webvpn=00@1566900393@00025@3421729574@3982902438@context-sslvpn2
Jun 6 10:28:08.287: X-CSTP-Version: 1
Jun 6 10:28:08.287: X-CSTP-Hostname: telefonicadata
Jun 6 10:28:08.287: X-CSTP-Accept-Encoding: deflate;q=1.0
Jun 6 10:28:08.287: X-CSTP-MTU: 1406
Jun 6 10:28:08.287: X-CSTP-Address-Type: IPv6,IPv4
Jun 6 10:28:08.287: X-DTLS-Master-Secret: 27EA2210E377A9E039E458FA604F523C69BEB2BF8D9B40334F72C9F424B83EE26C6D5D57D0F84419DC7A1139D3F08EE9
Jun 6 10:28:08.287: X-DTLS-CipherSuite: AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA
Jun 6 10:28:08.287:
Jun 6 10:28:08.291:
Jun 6 10:28:08.291:
Jun 6 10:28:08.291: WV: Appl. processing Failed : 2
Jun 6 10:28:08.291: WV: server side not ready to send.
SSLVPN sock pid 182 sid 161: closing

Mp3 and url problem

Hi everyone!
I have searched here on this forum, but I haven´t found
a solutions for my two problems or
I haven˝t searched properly.
My first problem is with mp3 files. I have created a mysql
database for my mp3 files
like this: id (int), date (date), content (varchar), file
(varchar) and now my problem is
how to set up the page so the file loads on the page and the
user
can be listend to it.
My second problem is with url. I have created a image gallery
for my banners on the site.
My SQL table is setup like this: id (int), client (varchar),
banner (varchar), link (varchar), startingdate (date) and
endingdate (date). I would like to setup is like this: if an
user clicks on the banner it will take him to the
clients site.
I thank everyone in advance for any tips I can get to solve
my two problems.

quote:
Originally posted by:
DWFAQ.info
Heya,
You wrote:
"How should it look like in the Recordset window.
Filter : _________(I wrote ID) = (or should I choose
something else)
Url Parameter - _________________(I wrote File)"
It should look like this:
Filter:__________ id
(id lowercase is the primary key auto increment integer for
your item you create a DB table field for as described in your
original post.)
=
URL Parameter:_________ id (or whatever name you want)
Then place dynamic info into page by dragging table field
from Binding Window onto page as described in earlier post. Then
when you visit your_page.php?id=3 you will see table info placed
from binding tab where id = 3. 4 for 4, 5 for 5, etc. If you put
something else like File in URL parameter filter then visiting
your_page.php?File=3 will show info from table placed in page from
binding tab where primary key id = 3 etc.
That should be more than enough information to get you on
your way!
Thank you DWFAQ.info for the HELP! it´s working
now.

FTP/SSL Connection Problem for FTP Receiver Adapter

Hello All,
We are trying to establish an FTPS/SSL connection with one of our customers from our XI(Unix) system, and are receive following error:
iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier
Communication Channel Parameters:
Connection Security: FTP (FTP Using SSL/TLS) for Control Connection or FTP (FTP Using SSL/TLS) for Control Connection and Data Connection
Command Order: AUTH TLS, USER, PASS, PBSZ, PROT
Checkbox - Use X.509 Certificate.... checked (Certificate was provided by third party (customer issued) and uploaded to service_ssl certificate store on J2EE server)
Data Connection: Passive
Port: 10021
Keystore: service_ssl
X.509 Certificate & Private Key: ssl-credentials
Note: Initial handshaking occurs but connection is being dropped by the third party FTP Server when SSL certificate credentials are being validated. We also tried connecting to the third party FTPS server using standard FTPS client(FileZilla software), this connection gets established successfully with no certificate issues which means certificate and third party FTP Server is functioning correctly.
We therefore are thinking that the problem lies with our XI system being unable to load the certificate information correctly at the point when FTPS session is being established.
Your help and suggestions will be greatly appreciated.
Thanks and Best Regards
Prashant Rajani

Hello All,
Further in order to test connection set up and communication channel configuration we tried simulating the FTP connection locally by configuring FTP Server using FileZilla at a local machine and accessed it from Client's XI Server.
This set up simulates the problem we encounter with our customer's FTP Server.
If connection security parameter in communication channel for Sender FTP Adapter is set to "FTPs( FTP Using SSL/TLS) with Control Connection" only, file gets successfully created with data at the FTP server but as soon as we switch the connection security parameter to "FTPs( FTP Using SSL/TLS) with Control and Data Connection", we receive error "Certificate rejected by Chain Verifier". The initial handshaking happens successfully and file gets created at the FTP Server but its empty, connection fails when attempt is made to write data into file and we end up with said error thereby closing the connection.
This is what the FTP (FileZilla) sees when the XI system attempts to set-up a fully encrypted data (FTPS) connection i.e., connection security parameter value as"FTPs( FTP Using SSL/TLS) with Control and Data Connection" :-
- (not logged in) (10.18.106.34)> Connected, sending welcome message...
- (not logged in) (10.18.106.34)> 220-FileZilla Server version 0.9.18 beta
- (not logged in) (10.18.106.34)> 220-written by Tim Kosse ([email protected])
- (not logged in) (10.18.106.34)> 220 Please visit http://sourceforge.net/projects/filezilla/
- (not logged in) (10.18.106.34)> AUTH TLS
- (not logged in) (10.18.106.34)> 234 Using authentication type TLS
- (not logged in) (10.18.106.34)> SSL connection established
- (not logged in) (10.18.106.34)> USER test
- (not logged in) (10.18.106.34)> 331 Password required for test
- (not logged in) (10.18.106.34)> PASS ***********
- test (10.18.106.34)> 230 Logged on
- test (10.18.106.34)> PBSZ 0
- test (10.18.106.34)> 200 PBSZ=0
- test (10.18.106.34)> PROT P
- test (10.18.106.34)> 200 Protection level set to P
- test (10.18.106.34)> SYST
- test (10.18.106.34)> 215 UNIX emulated by FileZilla
- test (10.18.106.34)> PWD
- test (10.18.106.34)> 257 "/" is current directory.
- test (10.18.106.34)> CWD /payment/
- test (10.18.106.34)> 250 CWD successful. "/payment" is current directory.- test (10.18.106.34)> TYPE I
- test (10.18.106.34)> 200 Type set to I
- test (10.18.106.34)> PASV
- test (10.18.106.34)> 227 Entering Passive Mode (10,27,7,103,15,63)- test (10.18.106.34)> STOR BHPDSB20060911-153840-834.txt
- test (10.18.106.34)> 150 Connection accepted
- test (10.18.106.34)> Data connection SSL warning: SSL3 alert read: fatal: bad certificate
- test (10.18.106.34)> Data connection SSL warning: SSL_accept: failed in SSLv3 read client certificate A- test (10.18.106.34)> Data connection SSL warning: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate- test (10.18.106.34)> Data connection SSL warning: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure- test (10.18.106.34)> 426 Connection closed; transfer aborted.- test (10.18.106.34)> QUIT
- test (10.18.106.34)> 221 Goodbye
- test (10.18.106.34)> SSL connection established
Please suggest your valuable inputs if we are missing out something. Any helpful inputs in this regard is highly appreciated.
Thanks and Best Regards
Prashant

SSL & URL Problem

Similar Messages

Maybe you are looking for