Use of SSLs
I am considering getting SSL protection for one of my sites.
- Something new for me.
If I get a Certificate for a particular site does that mean
that all data transfer associated with that site becomes encrypted,
or does one select certain elements within the site, eg forms?
Can someone point me to a beginners guide?
Thanks
Steve
Hi
Your SSL should come with installation info, if you're on
shared hosting
you will likely have to get your host to complete the work
for you. You
would generally secure a folder and pass people to content
within that
folder for collecting sensitive data.
Cheers jojo
Adobe Community Expert for Dreamweaver 8
http://www.webade.co.uk
http://www.ukcsstraining.co.uk/
Extending Knowledge, Daily.
http://www.communityMX.com/
Free 10 day trial
http://www.communitymx.com/joincmx.cfm
Similar Messages
-
Can port 25 be used for SSL-enable SMTP server ?
Hi,
Our customer is using port 25 for a SSL-enabled SMTP server without certificate. When our email client tried to connect to it, the following exception thrown:
DEBUG SMTP: exception reading response: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
Since we don't want to ask our customer to change their port configuration unless absolutely necessary, we did some tests with our own SSL-enabled SMTP server that uses certificate. Here is what I got:
1) with port 25, got the same exception as above;
2) with port 465, worked fine;
3) with any other randomly pick up valid port, worked fine.
This made me wonder if 25 is for non SSL SMTP server ONLY. By the way, I'm using Javamail 1.3.4 and JSDK 1.4.2_02. My question is whether we can configure javamail so that port 25 can be used by SSL-enabled SMTP server?
Your help will be appreciated.Yes, port 25 is intended for non-SSL servers only, although that doesn't
prevent a client from making a plain text connection and then using the
STARTTLS command to switch the connection to SSL/TLS. JavaMail 1.4
supports that usage.
You can configure JavaMail to use port 25 for SSL connections if you
really want to. JavaMail 1.3.x requires you configure an appropriate
socket factory to get SSL connections; you can configure whatever port
you want for use with that socket factory. -
Using internal SSL Certs for Webview and Reskill (ICM 7.2.X)
Hi,
I would like to use corporate ssl certs for webview and reskill to avoid the user having to install the self signed certificate on the local machine. Has anyone any experience of this? Can it cause any unforseen problems?
My plan for webview is to create the certificate request in IIS for the default website, use this csr to generate the cert, then complete it by uploading the certificate.
For reskilling, I will assume I will have to do some command line stuff here ...
eg: keytool -genkey -keyalg RSA -keystore hostname.key
to create the key,
keytool -certreq -keyalg RSA -keystore hostname.key -file hostname.csr
to create the csr, and
keytool -import -trustcacerts -alias tomcat -file hostname.cer -keystore hostname.key
to import the new cert
Suggestions or comments for anyone who has tried this before would be appreciated.
Regards,
BrianI've never done it on a version so old, but at the end of the day it's just IIS and Tomcat and importing an SSL cert is very standard.
david -
Remote host supports the use of SSL ciphers that offer weak encryption
Dear All,
Our Internal security audit suggests to avoid the use of Week SSL ciphers for our SAP PI 7.0 servers.
We have followed the SAP note 510007 - Setting up SSL on Web Application Server ABAP
as mentioned in the point 6 we have added below parameter in the instance profile of application server and restarted our server but still the issue is not resoved.
ssl/ciphersuites=MEDIUM:HIGH:EXPORT:!LOW:!eNULL
Clients are accessing our PI server through SAP Web dispatcher.
Kindly suggest the action to be taken to resolve the issue.
Please find the below comment from Audit.
The remote host supports the use of SSL ciphers that offer weak encryption.
Note: This is considerably easier to exploit if the attacker is on the same physical network
Regards,
Lalitha.Hi Jim,
The remote host is the PI(7.0) server.
PI server profile
FN_JSTART = jcontrol$(FT_EXE)
ssl/ciphersuites = HIGH:MEDIUM:!mMD5
jstartup/recorder = java -classpath ../j2ee/cluster/bootstrap/launcher.jar com.sap.engine.offline.OfflineToolStart com.sap.engine.flightrecorder.core.Collector ../j2ee/
cluster/bootstrap -node %nodeID% %startTime% -bz $(DIR_GLOBAL) âexitcode %exitcode%
login/accept_sso2_ticket = 1
SAPSYSTEMNAME = APQ
SAPSYSTEM = 00
INSTANCE_NAME = DVEBMGS00
DIR_CT_RUN = $(DIR_EXE_ROOT)/run
DIR_EXECUTABLE = $(DIR_INSTANCE)/exe
jstartup/trimming_properties = off
jstartup/protocol = on
jstartup/vm/home = /opt/IBMJava2-amd64-142
jstartup/max_caches = 500
jstartup/release = 700
jstartup/instance_properties = $(jstartup/j2ee_properties):$(jstartup/sdm_properties)
j2ee/dbdriver = /oracle/client/10x_64/instantclient/ojdbc14.jar
PHYS_MEMSIZE = 512
exe/saposcol = $(DIR_CT_RUN)/saposcol
rdisp/wp_no_dia = 10
rdisp/wp_no_btc = 3
exe/icmbnd = $(DIR_CT_RUN)/icmbnd
rdisp/j2ee_start_control = 1
rdisp/j2ee_start = 1
rdisp/j2ee_libpath = $(DIR_EXECUTABLE)
exe/j2ee = $(DIR_EXECUTABLE)/jcontrol$(FT_EXE)
rdisp/j2ee_timeout = 1800
rdisp/frfc_fallback = on
icm/HTTP/j2ee_0 = PREFIX=/,HOST=localhost,CONN=0-500,PORT=5$$00
icm/server_port_0 = PROT=HTTP,PORT=80$$
# SAP Messaging Service parameters are set in the DEFAULT.PFL
ms/server_port_0 = PROT=HTTP,PORT=81$$
rdisp/wp_no_enq = 1
rdisp/wp_no_vb = 1
rdisp/wp_no_vb2 = 1
rdisp/wp_no_spo = 1
# Jcontrol: Migrated Profile Parameter
# create at Wed Mar 25 20:20:02 2009
j2ee/instance_id = ID0079698
Web dispatcher profile
SAPSYSTEMNAME = WD0
SAPSYSTEM = 00
INSTANCE_NAME = W00
DIR_CT_RUN = $(DIR_EXE_ROOT)/run
DIR_EXECUTABLE = $(DIR_CT_RUN)
wdisp/shm_attach_mode = 6
# Accesssability of Message Server
#rdisp/mshost = asapq00.b.com
#ms/http_port = 8100
#ms/https_port = 8101
wdisp/system_0 = MSHOST=asapq00.b.com, MSPORT=8100, SID=APQ
# Configuration for medium scenario
icm/max_conn = 16350
icm/max_sockets = 32768
wdisp/HTTPS/max_pooled_con = 16350
icm/req_queue_len = 8000
icm/min_threads = 100
icm/max_threads = 500
mpi/total_size_MB = 700
mpi/buffer_size = 32768
mpi/max_pipes = 21000
wdisp/HTTP/max_pooled_con = 8192
wdisp/HTTPS/max_pooled_con = 8192
# SAP Web Dispatcher Ports
icm/server_port_0 = PROT=HTTP,PORT=80,EXTBIND=1
icm/server_port_1 = PROT=ROUTER,PORT=443,EXTBIND=1
#icm/host_name_full= asapq00.b.com
icm/host_name_full= qtyh2h.k.co.in
icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=./admin,AUTHFILE=/sapmnt/WD0/global/security/data/icmauth.txt
ssl/ssl_lib=/usr/sap/WD0/W00/sec/libsapcrypto.so
wdisp/HTTPS/dest_logon_group = PUBLIC
wdisp/HTTPS/max_client_ip_entries = 100000
wdisp/HTTPS/sticky_mask = 255.255.255.0
#Additional Parameters
wdisp/add_client_protocol_header = true
wdisp/auto_refresh = 120
wdisp/max_servers = 100
wdisp/handle_webdisp_ap_header = 1
#Registering SAP Web Dispatcher in the SLD
#wdisp/system_0 = HOST=asapq00.b.com, PORT=8100, SID=APQ, NR=00
#Parameter to avoid week SSL ciphers
ssl/ciphersuites=HIGH:MEDIUM:!mMD5
Regards,
Lalitha -
Memory leak when "Use JSSE SSL" is enabled
I'm investigating a memory leak that occurs in WebLogic 11g (10.3.3 and 10.3.5) when "Use JSSE SSL" is checked using the Sun/Oracle JVM and JCE/JSSE providers. The leak is reproducible just by hitting the WebLogic Admin Console login page repeatedly using SSL. Running the app server under JProfiler shows byte arrays (among other objects) leaking from the socket handling code. I thought it might be a general problem with the default JSSE provider, but Tomcat does not exhibit the problem.
Anyone else seeing this?Yes, we are seeing it as well on Oracle 11g while running a GWT 2.1.1 application using GWT RPC. Our current fix is to remove the JSSE SSL configuration check, however this might not be an option if you really need it for your application. Have you found anything else about it?
-
Using the SSL-M (6500 blade) with a CSS
Hi all,
I think it is possible to use the SSL module for the 6500 chassis as a stand alone device, does that mean we can use our CSSs (11503) and send the SSL traffic to the blade (based on IP address I assume).
cheers,
MikeYes you can do it.
Check CSS sample configs with SCA - just replace the SCA with your SSLM.
Gilles. -
Netscape cert type does not permit use for SSL server on Weblogic
We have WLS 11g (11.1.1.5 SOA) on UNIX and we are trying to connect secured service (Using client certificate along with UserName and Password for Authentication ). I was able to test it using SOAP UI.
But when I am testing the webservice I am facing listed error
java.lang.Exception: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: oracle.fabric.common.FabricInvocationException: Unable to access the following endpoint(s): https://abcd:1111/JWSs/V1/TermsWS at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:575) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:381) at
and domain log shows that
Caused By: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: Netscape cert type does not permit use for SSL server
Please help me to resolve listed issue.
Can I use Netscape client certificate on WLS?
Do I need to take any extra care while working with client cert?
I appreciate your help.Netscape cert type does not permit use for SSL clientTry using another certificate. Your certificate can't be used as a web browser client certificate.
-
Browsing Oracle application using CISCO SSL VPN forms not opening
Hi all,
Any idea why am not able to access my application using CISCO SSL VPN.Normal clients are able to use our application there is no problem.i have modifyed the "certdb.txt",still i am having the same problem.here am attaching the Java console output.
java.net.ConnectException: Operation timed out: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(Unknown Source)
at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.Socket.<init>(Unknown Source)
at java.net.Socket.<init>(Unknown Source)
at oracle.jinitiator.protocol.https.HttpsClient.doConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.<init>(Unknown Source)
at sun.net.www.http.HttpClient.<init>(Unknown Source)
at sun.plugin.protocol.jdk12.http.HttpClient.<init>(Unknown Source)
at oracle.jinitiator.protocol.https.HttpsClient.<init>(Unknown Source)
at oracle.jinitiator.protocol.https.HttpsClient.New(Unknown Source)
at oracle.jinitiator.protocol.https.HttpsURLConnection$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.jinitiator.protocol.https.HttpsURLConnection.connect(Unknown Source)
at sun.plugin.protocol.jdk12.http.HttpURLConnection.getInputStream(Unknown Source)
at oracle.jre.protocol.jar.HttpUtils.followRedirects(Unknown Source)
at oracle.jre.protocol.jar.JarCache$CachedJarLoader.download(Unknown Source)
at oracle.jre.protocol.jar.JarCache$CachedJarLoader.load(Unknown Source)
at oracle.jre.protocol.jar.JarCache.get(Unknown Source)
at oracle.jre.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
at oracle.jre.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source)
at sun.misc.URLClassPath$JarLoader.getJarFile(Unknown Source)
at sun.misc.URLClassPath$JarLoader.<init>(Unknown Source)
at sun.misc.URLClassPath$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.misc.URLClassPath.getLoader(Unknown Source)
at sun.misc.URLClassPath.getLoader(Unknown Source)
at sun.misc.URLClassPath.getResource(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at sun.applet.AppletClassLoader.findClass(Unknown Source)
at sun.plugin.security.PluginClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadCode(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
WARNING: Unable to cache https://212.72.22.86/+CSCO+1a756767633A2F2F62656E6A726F322E7A75712E70622E627A++/forms/java/frmwebutil.jar
java.net.ConnectException: Operation timed out: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(Unknown Source)
at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.Socket.<init>(Unknown Source)
at java.net.Socket.<init>(Unknown Source)
at oracle.jinitiator.protocol.https.HttpsClient.doConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.<init>(Unknown Source)
at sun.net.www.http.HttpClient.<init>(Unknown Source)
at sun.plugin.protocol.jdk12.http.HttpClient.<init>(Unknown Source)
at oracle.jinitiator.protocol.https.HttpsClient.<init>(Unknown Source)
at oracle.jinitiator.protocol.https.HttpsClient.New(Unknown Source)
at oracle.jinitiator.protocol.https.HttpsURLConnection$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.jinitiator.protocol.https.HttpsURLConnection.connect(Unknown Source)
at sun.plugin.protocol.jdk12.http.HttpURLConnection.getInputStream(Unknown Source)
at oracle.jre.protocol.jar.HttpUtils.followRedirects(Unknown Source)
at oracle.jre.protocol.jar.JarCache$CachedJarLoader.download(Unknown Source)
at oracle.jre.protocol.jar.JarCache$CachedJarLoader.load(Unknown Source)
at oracle.jre.protocol.jar.JarCache.get(Unknown Source)
at oracle.jre.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
at oracle.jre.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source)
at sun.misc.URLClassPath$JarLoader.getJarFile(Unknown Source)
at sun.misc.URLClassPath$JarLoader.<init>(Unknown Source)
at sun.misc.URLClassPath$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.misc.URLClassPath.getLoader(Unknown Source)
at sun.misc.URLClassPath.getLoader(Unknown Source)
at sun.misc.URLClassPath.getResource(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at sun.applet.AppletClassLoader.findClass(Unknown Source)
at sun.plugin.security.PluginClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadCode(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
WARNING: Unable to cache https://212.72.22.86/+CSCO+1a756767633A2F2F62656E6A726F322E7A75712E70622E627A++/forms/java/frmall_jinit.jar
java.net.ConnectException: Operation timed out: connectHi,
From your description, my understanding is that you get invalid workflowinstanceid error when you click on workflow link like "inprogress” in the current list.
Please check the URL of workflow “inprogress” (also URL for workflow approval instance to open task form) to see if it’s correct.
Please use your company network directly instead of CISCO SSL VPN, then access SharePoint portal url “https://vpnssl.companyname.com/”, see if the issue still occur.
Also, check the ULS log on the SharePoint server based on the Correlation ID value, get more detailed information about this error message.
And you could refer to this similar issue:
https://social.technet.microsoft.com/Forums/en-US/08aa6b33-cef6-4b01-8af7-6c25ed7d9953/invalid-workflowinstanceid-parameter-in-url?forum=sharepointgeneralprevious.
Best Regards
Vincent Han
TechNet Community Support -
Cannot connect using webserviceclient+ssl.jar
Hello!
I installed Verisign test certificate on my server and I am able to connect
to the server using Web Service client with JSSE adapter class. Funnily
enough, I cannot connect using WebLogic SSL library, I get an exception.
Could someone help me understand, why I cannot connect using WebLogic SSL
implementation?
To connect using JSSE I use following system properties:
java^
-classpath
.;abcconnect-client.jar;webserviceclient.jar;..\lib\jcert.jar;..\lib\jnet.ja
r;..\lib\jsse.jar;^
-Dweblogic.webservice.client.ssl.adapterclass=com.xxx.yyy.webservice.ssl.AB
CJSSEAdapter^
-Djavax.net.ssl.trustStore=abc.keystore^
-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol^
Client https://MyServer:7002/webservice/ABCConnectService?WSDL
where abcconnect-client.jar is the client jar file, and abc.keystore
contains getcacert.cer root CA, which I downloaded from Verisign from this
page: https://digitalid.verisign.com/server/trial/trialStep4.htm,
ABCJSSEAdapter is the adapter class, implementing SSLAdapter. JSSE test
works fine.
To connect using WebLogic SSL implementation I use following system
properties:
java^
-classpath .;abcconnect-client.jar;webserviceclient+ssl.jar;^
-Dweblogic.webservice.client.ssl.trustedcertfile=getcacert.cer^
-Dweblogic.webservice.client.ssl.strictcertchecking=false^
-Dweblogic.webservice.security.verbose=true^
-Dweblogic.webservice.client.verbose=true^
-Dbea.home=.^
-Djava.protocol.handler.pkgs=com.certicom.net.ssl^
Client https://MyServer:7002/webservice/ABCConnectService?WSDL
I converted binary format of the certificate to PEM, but it did not help.
I am getting this exception:
[BaseWLSSLAdapter] : SSLAdapter verbose output enabled
[BaseWLSSLAdapter] : Strict cert checking disabled by default
[BaseWLSSLAdapter] : Trusted certificates will be loaded from getcacert.cer
[BaseWLSSLAdapter] : Loaded local trusted certificates from
java.io.FileInputStream@73a7ab
[BaseWLSSLAdapter] : Disabling strict checking on adapter
weblogic.webservice.client.WLSSLAdapter@4faf8
[BaseWLSSLAdapter] : Set TrustManager to
weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@78c6df
[WLSSLAdapter] : Set HostnameVerifier to
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[BaseWLSSLAdapter] : Loaded local trusted certificates from
java.io.FileInputStream@57c2bd
[BaseWLSSLAdapter] : Disabling strict checking on adapter
weblogic.webservice.client.WLSSLAdapter@323210
[BaseWLSSLAdapter] : Set TrustManager to
weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@74f44a
[WLSSLAdapter] : Set HostnameVerifier to
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[BaseWLSSLAdapter] : Got new socketfactory
javax.net.ssl.impl.SSLSocketFactoryImpl@18c56d
[WLSSLAdapter] :
openConnection(https://MyServer:7002/webservice/ABCConnectService?WSDL)
returning
weblogic.webservice.client.https.HttpsURLConnection:https://MyServer:7002/we
bservice/ABCConnectService?WSDL
[WLSSLAdapter] : -- using HostnameVerifier
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[WLSSLAdapter] : -- loaded certs from getcacert.cer
java.io.IOException: Write Channel Closed, possible SSL handshaking or trust
failure
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Un
known Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(U
nknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at
com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
at
com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknown
Source)
at
weblogic.webservice.client.https.HttpsURLConnection.getInputStream(HttpsURLC
onnection.java:216)
at
weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(Definitio
nFactory.java:71)
at
weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:62)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
106)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
82)
at
weblogic.webservice.core.rpc.ServiceImpl.<init>(ServiceImpl.java:67)
at Client.main(Client.java:136)Michael,
I guess the getcacert.cer, which is on the client side, should have the
server's certificate followed by the root CA certificate in .pem format.
I have it working with this format.
Could you please try this out and let us know.
Regards,
Anurag
"Michael Jouravlev" <[email protected]> wrote in message
news:[email protected]...
Hello!
I installed Verisign test certificate on my server and I am able toconnect
to the server using Web Service client with JSSE adapter class. Funnily
enough, I cannot connect using WebLogic SSL library, I get an exception.
Could someone help me understand, why I cannot connect using WebLogic SSL
implementation?
To connect using JSSE I use following system properties:
java^
-classpath
.;abcconnect-client.jar;webserviceclient.jar;..\lib\jcert.jar;..\lib\jnet.ja
r;..\lib\jsse.jar;^
-Dweblogic.webservice.client.ssl.adapterclass=com.xxx.yyy.webservice.ssl.AB
CJSSEAdapter^
-Djavax.net.ssl.trustStore=abc.keystore^
-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol^
Client https://MyServer:7002/webservice/ABCConnectService?WSDL
where abcconnect-client.jar is the client jar file, and abc.keystore
contains getcacert.cer root CA, which I downloaded from Verisign from this
page: https://digitalid.verisign.com/server/trial/trialStep4.htm,
ABCJSSEAdapter is the adapter class, implementing SSLAdapter. JSSE test
works fine.
To connect using WebLogic SSL implementation I use following system
properties:
java^
-classpath .;abcconnect-client.jar;webserviceclient+ssl.jar;^
-Dweblogic.webservice.client.ssl.trustedcertfile=getcacert.cer^
-Dweblogic.webservice.client.ssl.strictcertchecking=false^
-Dweblogic.webservice.security.verbose=true^
-Dweblogic.webservice.client.verbose=true^
-Dbea.home=.^
-Djava.protocol.handler.pkgs=com.certicom.net.ssl^
Client https://MyServer:7002/webservice/ABCConnectService?WSDL
I converted binary format of the certificate to PEM, but it did not help.
I am getting this exception:
[BaseWLSSLAdapter] : SSLAdapter verbose output enabled
[BaseWLSSLAdapter] : Strict cert checking disabled by default
[BaseWLSSLAdapter] : Trusted certificates will be loaded fromgetcacert.cer
[BaseWLSSLAdapter] : Loaded local trusted certificates from
java.io.FileInputStream@73a7ab
[BaseWLSSLAdapter] : Disabling strict checking on adapter
weblogic.webservice.client.WLSSLAdapter@4faf8
[BaseWLSSLAdapter] : Set TrustManager to
weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@78c6df
[WLSSLAdapter] : Set HostnameVerifier to
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[BaseWLSSLAdapter] : Loaded local trusted certificates from
java.io.FileInputStream@57c2bd
[BaseWLSSLAdapter] : Disabling strict checking on adapter
weblogic.webservice.client.WLSSLAdapter@323210
[BaseWLSSLAdapter] : Set TrustManager to
weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@74f44a
[WLSSLAdapter] : Set HostnameVerifier to
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[BaseWLSSLAdapter] : Got new socketfactory
javax.net.ssl.impl.SSLSocketFactoryImpl@18c56d
[WLSSLAdapter] :
openConnection(https://MyServer:7002/webservice/ABCConnectService?WSDL)
returning
weblogic.webservice.client.https.HttpsURLConnection:https://MyServer:7002/we
bservice/ABCConnectService?WSDL
[WLSSLAdapter] : -- using HostnameVerifier
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[WLSSLAdapter] : -- loaded certs from getcacert.cer
java.io.IOException: Write Channel Closed, possible SSL handshaking ortrust
failure
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(UnknownSource)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Un
known Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(U
nknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at
com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
at
com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknown
Source)
at
weblogic.webservice.client.https.HttpsURLConnection.getInputStream(HttpsURLC
onnection.java:216)
at
weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(Definitio
nFactory.java:71)
at
weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:62)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
106)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
82)
at
weblogic.webservice.core.rpc.ServiceImpl.<init>(ServiceImpl.java:67)
at Client.main(Client.java:136) -
Error: The chosen certificate was not exported and cannot be used for SSL
Hello there,
when I try to configure the profilemanager in OS X Server and it comes to choose a certificate i get the following message:
The chosen certificate cannot be used.
The chosen certificate was not exported and cannot be used for SSL.
I chose our Wildcard certificate we received from Thawte.
It is completely imported in the Keychain from the Mac.
(Sorry if any sentence is wrong, I translated it from german to english)
Best regards,
ChristophIs this a regular web ssl cert or a code signing cert?
-
How to sign a java applet using iPlanet SSL certificate?
Dear all,
I have a IPlanet web server with SSL installed,
can I use the SSL certificate to sign my java applet which will run on the server? how to sign a java applet in this scenario? somebody please help me! thanks!
yours sincerely
dashelWhy can't you create jar files?
-
Use public SSL certificate for WebAccess 8 on SLES10 Linux S
Currently my WebAccess 8 server is running on NetWare. I want to move my WebAccess to SLES10 SP3 server and use public SSL certificate from third-party on SLES 10. I think this is just to get apache to use the public cert on SLES 10 Linux server and nothing to change on WebAccess, right?
Thanks in advance.
Wilsonwilsonhandy wrote:
> Currently my WebAccess 8 server is running on NetWare. I want to move
> my WebAccess to SLES10 SP3 server and use public SSL certificate from
> third-party on SLES 10. I think this is just to get apache to use the
> public cert on SLES 10 Linux server and nothing to change on
> WebAccess, right?
Yeah, it's purely an Apache config. No need to do anything to
WebAccess just to get SSL working.
Novell Knowledge Partner
Enhancement Requests: http://www.novell.com/rms -
How used single ssl for tow exchange server without clustering
how used single ssl for tow exchange server without clustering
exchange 2003 std fron-end server
used for add new server for owa failover or standbyOlivia, hopefully by now you have solved your issue but just for the sake of answering that question here so that people having the same issue can later find it I'll go through the motions:
there are a couple of ways you can achieve this.
A. get a certificate for free out there
B. generate your own self signed "fake" certificate.
certutil will certainly let you do this, here's how:
1. First, create a file/directory layout to store your certificates
mkdir -p /path/to/certificates/selfsignedCA2. Initialize a database for the certificate you want to create
certutil -N -d /path/to/certificates/selfsignedCA -P "ca-"3. Create a self-signed CA certificate
certutil -S -x -n "ca-cert" -s "cn=SelfSigned CA Certificate,dc=yourSuffix" -t CTPu -v 120 -d /path/to/certificates/selfsignedCA -P "ca-" -5Note: when prompted, select choice (5) SSL CA and 'y' for critical extensions
4. Export the your newly created self-signed CA certificate in PEM format
certutil -L -d /path/to/certificates/selfsignedCA -P "ca-" -n "ca-cert" -a > /path/to/certificates/selfsignedCA.pemthat should get you going
-=arnaud=- -
How do I use an SSL Accelerator with iWS 6?
I have an application that uses iWS 6 sp2 and iAS 6 sp4. The web server exposes a https port. I can get this port to work fine with a certificate requested against the internal module. When I use the module supplied by the SSL accelerator (Sun Crypto Accelerator 1) I can install and view a certificate, but I cannot start the web server. I get the following error in my logs:
[18/Mar/2002:15:57:17] failure ( 2820): Invalid configuration: File /usr/local/iplanet/servers/https-www.exsel.org.uk/config/server.xml, line 22, column 390: SEC_ERROR_BAD_DER - Certificate is improperly DER encoded : unable to find certificate Server-Cert
I can see a certificate by this name in the cerfticate database for the additional module. I can view it and it looks good (I'm generating my own certificates at the moment - so I know that the internal and external certificates were generated in the same way).
Has anyone any experience of using this combination of things?I think you are getting your certificates crossed up some how. "Server-Cert" is normally the name of the internal certificate. See what the name of the one installed on your accelerator is and change the name in server.xml to match that. Be sure to backup up all your files first!
-
Is it possible to use single ssl certificate for multiple server farm with different FQDN?
Hi
We generated the CSR request for versign secure site pro certificate
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
SSL Certificate for cn=abc.com considering abc.com as our major domain. now we have servers in this domain like www.abc.com, a.abc.com , b.abc.com etc. we installed the verisign certificate and configured ACE-20 accordingly for ssl-proxy and we will use same certificate gerated for abc.com for all servers like www.abc.com , a.abc.com , b.abc.com etc. Now when we are trying to access https//www..abc.com or https://a.abc.com through mozilla , we are able to access the service but we are getting this message in certfucate status " you are connected to abc.com which is run by unknown "
And the same message when trying to access https://www.abc.com from Google Chrome.
"This is probably not the site you are looking for! You attempted to reach www.abc.com, but instead you actually reached a server identifying itself as abc.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of adgate.kfu.edu.sa. You should not proceed"
so i know as this certficate is for cn=abc.com that is why we are getting such errors/status in ssl certficate.
Now my question is
1. Is is possible to remove above errors doing some ssl configuration on ACE?
2. OR we have to go for VerisgnWildcard Secure Site Pro Certificate for CSR generated uisng cn =abc.com to be installed on ACE and will be used for all servers like www.abc.com , a.abc.com etc..
Thanks
WaliullahIf you want to use the same VIP and port number for multiple FQDNs, then you will need to get a wildcard certificate. Currently, if you enter www.abc.com in your browser, that is what the browser expects to see in the certificate. And right now it won't beause your certificate is for abc.com. You need a wildcard cert that will be for something like *.abc.com.
Hope this helps,
Sean -
How to use a key file in the FTP Task using and SSL connection
In the past I have used this code to set the FTP pass word in an FTP component task in SSIS.
Does anyone know how to use a Key file in an SSL connection to download a file from an FTP site? If not can you tell me where I can get the C# code examples to learn how to create a script task or if there is another way in SSIS to download large files
from an SSL FTP site? Thank you for any help offered.
public void Main()
ConnectionManager FTPConn;
FTPConn = Dts.Connections["FTPServer"];
FTPConn.Properties["ServerPassword"].SetValue(FTPConn, Dts.Variables["FTPPassword"].Value);
Dts.TaskResult = (int)ScriptResults.Success;
AntonioYou can use SFTP for this.
This is a way of implementing SFTP in SSIS using standard tasks
http://visakhm.blogspot.in/2012/12/implementing-dynamic-secure-ftp-process.html
also see
http://blog.goanywheremft.com/2011/10/20/sftp-ftps-secure-ftp-transfers/
Please Mark This As Answer if it helps to solve the issue Visakh ---------------------------- http://visakhm.blogspot.com/ https://www.facebook.com/VmBlogs
Maybe you are looking for
-
Photoshop CC shut down after 3-4 secund
Photoshop CC turns of after 3-4 sekund.Have tried crt-shift-all- without help.Bridge and camera raw works normally. I add pictures from camera raw, PH CC starting normally,then ask about the image to be saved,if i ansver yes or no,program shut down.
-
Watching dvds in front row = displays sleeps
hi all - i gots the following problem watching dvds in front row = displays sleeps - or at least dulls back until i use the trackpad to wake it i assumed that this would not be issue with front row as it would be obvious that i wanted the dvd shown f
-
Slow conversion from Word 2003
I have a 125-page Word 2003 document with lots of tables and hundreds of bookmarks. Converting this to PDF takes about a half hour, with one of my processors pegged at 100%, and that's if I turn off tagging. Is this performance normal?
-
Business Process Flows for Oracle Cloud
Hi, Where can I find the Business Process/ Model (BPM) flows for Oracle Cloud (Financials, HCM, Sales, Service, Taleo)? Anything similar to Retail Reference Model from Oracle BPA Suite (Business Process Architect) would be fine, as long as it is rele
-
Cannot use Photoshop. Won't run.
I cannot use Photoshop. When I go to log in, I get a message 400. Says it's unavailable right now. Try later. Check internet connections. My connections are fine and this problem is persisting over weeks.