WCF service fronted with SSL enabled NGINX load balancer shows HTTP based WSDL url instead of HTTPS

Hi,
I have WCF service hosted using IIS 8.5 on application server. And application servers are fronted with NGINX load balancer with SSL enabled. Backend communication protocol between NGINX to application server is http.
When customer visits public domain url (https://xxx.com/service.svc), they can see the WSDL url with http://xxx.com/service.svc?wsdl.
What change should I make so that WSDL url will have https instead of http ?
This is service side configuration.
<system.serviceModel>
<services>
<service name="Service.IService">
<endpoint address="" binding="basicHttpBinding" bindingNamespace="http://xyz.com/Service" name="Service_Endpoint" contract="Service.IService" />
</service>
</services>
<bindings>
<basicHttpBinding />
</bindings>
<client />
<behaviors>
<serviceBehaviors>
<behavior>
<serviceThrottling maxConcurrentCalls="5000" maxConcurrentInstances="2147483647" maxConcurrentSessions="5000" />
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
Thanks in advance !!

Hi,
For this scenario, you could just enable SSL in IIS to get HTTPS endpoints. If your service is exposed at https then you configure the same using “httpsGetEnabled”:
<behaviors>
<serviceBehaviors>
<behavior
name="MyServiceTypeBehaviors"
>
<serviceMetadata
httpGetEnabled="true"
/>
</behavior>
</serviceBehaviors>
</behaviors>
For more information, you could refer to:
http://www.codeproject.com/Articles/327260/What-s-new-in-WCF-Automatic-HTTPS-endpoint-for
http://blogs.msdn.com/b/brajens/archive/2007/04/26/accessing-description-metadata-wsdl-of-wcf-web-service.aspx
Regards

Similar Messages

Weblogic app server wsdl web service call with SSL Validation error = 16

Weblogic app server wsdl web service call with SSL Validation error = 16
I need to make wsdl web service call in my weblogic app server. The web service is provided by a 3rd party vendor. I keep getting error
Cannot complete the certificate chain: No trusted cert found
Certificate chain received from ws-eq.demo.xxx.com - xx.xxx.xxx.156 was not trusted causing SSL handshake failure
Validation error = 16
From the SSL debug log, I can see 3 verisign hierarchy certs are correctly loaded (see 3 lines in the log message starting with “adding as trusted cert”). But somehow after first handshake, I got error “Cannot complete the certificate chain: No trusted cert found”.
Here is how I load trustStore and keyStore in my java program:
     System.setProperty("javax.net.ssl.trustStore",”cacerts”);
     System.setProperty("javax.net.ssl.trustStorePassword", trustKeyPasswd);
     System.setProperty("javax.net.ssl.trustStoreType","JKS");
System.setProperty("javax.net.ssl.keyStoreType","JKS");
System.setProperty("javax.net.ssl.keyStore", keyStoreName);
     System.setProperty("javax.net.ssl.keyStorePassword",clientCertPwd);      System.setProperty("com.sun.xml.ws.transport.http.client.HttpTransportPipe.dump","true");
Here is how I create cacerts using verisign hierarchy certs (in this order)
1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignClass3G5PCA3Root.txt -alias "Verisign Class3 G5P CA3 Root"
1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignC3G5IntermediatePrimary.txt -alias "Verisign C3 G5 Intermediate Primary"
1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignC3G5IntermediateSecondary.txt -alias "Verisign C3 G5 Intermediate Secondary"
Because my program is a weblogic app server, when I start the program, I have java command line options set as:
-Dweblogic.security.SSL.trustedCAKeyStore=SSLTrust.jks
-Dweblogic.security.SSL.ignoreHostnameVerification=true
-Dweblogic.security.SSL.enforceConstraints=strong
That SSLTrust.jks is the trust certificate from our web server which sits on a different box. In our config.xml file, we also refer to the SSLTrust.jks file when we bring up the weblogic app server.
In addition, we have working logic to use some other wsdl web services from the same vendor on the same SOAP server. In the working web service call flows, we use clientgen to create client stub, and use SSLContext and WLSSLAdapter to load trustStore and keyStore, and then bind the SSLContext and WLSSLAdapter objects to the webSerive client object and make the webservie call. For the new wsdl file, I am told to use wsimport to create client stub. In the client code created, I don’t see any way that I can bind SSLContext and WLSSLAdapter objects to the client object, so I have to load certs by settting system pramaters. Here I attached the the wsdl file.
I have read many articles. It seems as long as I can install the verisign certs correctly to web logic server, I should have fixed the problem. Now the questions are:
1.     Do I create “cacerts” the correct order with right keeltool options?
2.     Since command line option “-Dweblogic.security.SSL.trustedCAKeyStore” is used for web server jks certificate, will that cause any problem for me?
3.     Is it possible to use wsimport to generate client stub that I can bind SSLContext and WLSSLAdapter objects to it?
4.     Do I need to put the “cacerts” to some specific weblogic directory?
---------------------------------wsdl file
<wsdl:definitions name="TokenServices" targetNamespace="http://tempuri.org/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:tns="http://tempuri.org/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
     <wsp:Policy wsu:Id="TokenServices_policy">
          <wsp:ExactlyOne>
               <wsp:All>
                    <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                         <wsp:Policy>
                              <sp:TransportToken>
                                   <wsp:Policy>
                                        <sp:HttpsToken RequireClientCertificate="true"/>
                                   </wsp:Policy>
                              </sp:TransportToken>
                              <sp:AlgorithmSuite>
                                   <wsp:Policy>
                                        <sp:Basic256/>
                                   </wsp:Policy>
                              </sp:AlgorithmSuite>
                              <sp:Layout>
                                   <wsp:Policy>
                                        <sp:Strict/>
                                   </wsp:Policy>
                              </sp:Layout>
                         </wsp:Policy>
                    </sp:TransportBinding>
                    <wsaw:UsingAddressing/>
               </wsp:All>
          </wsp:ExactlyOne>
     </wsp:Policy>
     <wsdl:types>
          <xsd:schema targetNamespace="http://tempuri.org/Imports">
               <xsd:import schemaLocation="xsd0.xsd" namespace="http://tempuri.org/"/>
               <xsd:import schemaLocation="xsd1.xsd" namespace="http://schemas.microsoft.com/2003/10/Serialization/"/>
          </xsd:schema>
     </wsdl:types>
     <wsdl:message name="ITokenServices_GetUserToken_InputMessage">
          <wsdl:part name="parameters" element="tns:GetUserToken"/>
     </wsdl:message>
     <wsdl:message name="ITokenServices_GetUserToken_OutputMessage">
          <wsdl:part name="parameters" element="tns:GetUserTokenResponse"/>
     </wsdl:message>
     <wsdl:message name="ITokenServices_GetSSOUserToken_InputMessage">
          <wsdl:part name="parameters" element="tns:GetSSOUserToken"/>
     </wsdl:message>
     <wsdl:message name="ITokenServices_GetSSOUserToken_OutputMessage">
          <wsdl:part name="parameters" element="tns:GetSSOUserTokenResponse"/>
     </wsdl:message>
     <wsdl:portType name="ITokenServices">
          <wsdl:operation name="GetUserToken">
               <wsdl:input wsaw:Action="http://tempuri.org/ITokenServices/GetUserToken" message="tns:ITokenServices_GetUserToken_InputMessage"/>
               <wsdl:output wsaw:Action="http://tempuri.org/ITokenServices/GetUserTokenResponse" message="tns:ITokenServices_GetUserToken_OutputMessage"/>
          </wsdl:operation>
          <wsdl:operation name="GetSSOUserToken">
               <wsdl:input wsaw:Action="http://tempuri.org/ITokenServices/GetSSOUserToken" message="tns:ITokenServices_GetSSOUserToken_InputMessage"/>
               <wsdl:output wsaw:Action="http://tempuri.org/ITokenServices/GetSSOUserTokenResponse" message="tns:ITokenServices_GetSSOUserToken_OutputMessage"/>
          </wsdl:operation>
     </wsdl:portType>
     <wsdl:binding name="TokenServices" type="tns:ITokenServices">
          <wsp:PolicyReference URI="#TokenServices_policy"/>
          <soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>
          <wsdl:operation name="GetUserToken">
               <soap12:operation soapAction="http://tempuri.org/ITokenServices/GetUserToken" style="document"/>
               <wsdl:input>
                    <soap12:body use="literal"/>
               </wsdl:input>
               <wsdl:output>
                    <soap12:body use="literal"/>
               </wsdl:output>
          </wsdl:operation>
          <wsdl:operation name="GetSSOUserToken">
               <soap12:operation soapAction="http://tempuri.org/ITokenServices/GetSSOUserToken" style="document"/>
               <wsdl:input>
                    <soap12:body use="literal"/>
               </wsdl:input>
               <wsdl:output>
                    <soap12:body use="literal"/>
               </wsdl:output>
          </wsdl:operation>
     </wsdl:binding>
     <wsdl:service name="TokenServices">
          <wsdl:port name="TokenServices" binding="tns:TokenServices">
               <soap12:address location="https://ws-eq.demo.i-deal.com/PhxEquity/TokenServices.svc"/>
               <wsa10:EndpointReference>
                    <wsa10:Address>https://ws-eq.demo.xxx.com/PhxEquity/TokenServices.svc</wsa10:Address>
               </wsa10:EndpointReference>
          </wsdl:port>
     </wsdl:service>
</wsdl:definitions>
----------------------------------application log
adding as trusted cert:
Subject: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x641be820ce020813f32d4d2d95d67e67
Valid from Sun Feb 07 19:00:00 EST 2010 until Fri Feb 07 18:59:59 EST 2020
adding as trusted cert:
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be
Valid from Sun Jan 28 19:00:00 EST 1996 until Wed Aug 02 19:59:59 EDT 2028
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x250ce8e030612e9f2b89f7054d7cf8fd
Valid from Tue Nov 07 19:00:00 EST 2006 until Sun Nov 07 18:59:59 EST 2021
<Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm DESede/CBC/NoPadding>
<Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm DESede>
<Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 28395435>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 115>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <25779276 SSL3/TLS MAC>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <25779276 received HANDSHAKE>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
<Mar 7, 2013 6:59:22 PM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from ws-eq.demo.xxx.com - xx.xxx.xxx.156 was not trusted causing SSL handshake failure.>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
java.lang.Exception: New alert stack
     at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
     at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
     at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
     at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
     at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
     at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
     at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
     at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
     at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
     at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
     at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
     at com.certicom.tls.record.WriteHandler.write(Unknown Source)
     at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
     at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
     at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
     at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
     at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
     at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
     at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
     at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
     at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
     at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
     at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
     at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
     at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:296)
     at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
     at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
     at javax.xml.ws.Service.<init>(Service.java:56)
     at ideal.ws2j.eqtoken.TokenServices.<init>(TokenServices.java:64)
     at com.citi.ilrouter.util.IpreoEQSSOClient.invokeRpcPortalToken(IpreoEQSSOClient.java:165)
     at com.citi.ilrouter.servlets.T3LinkServlet.doPost(T3LinkServlet.java:168)
     at com.citi.ilrouter.servlets.T3LinkServlet.doGet(T3LinkServlet.java:206)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
     at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
     at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(Unknown Source)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(Unknown Source)
     at weblogic.servlet.internal.WebAppServletContext.securedExecute(Unknown Source)
     at weblogic.servlet.internal.WebAppServletContext.execute(Unknown Source)
     at weblogic.servlet.internal.ServletRequestImpl.run(Unknown Source)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 6457753>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 6457753>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 22803607>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 14640403>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 115>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <23376797 SSL3/TLS MAC>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <23376797 received HANDSHAKE>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
<Mar 7, 2013 6:59:22 PM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from ws-eq.demo.xxx.com - 12.29.210.156 was not trusted causing SSL handshake failure.>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
java.lang.Exception: New alert stack
     at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
     at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
     at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
     at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
     at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
     at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
     at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
     at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
     at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
     at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
     at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
     at com.certicom.tls.record.WriteHandler.write(Unknown Source)
     at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
     at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
     at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
     at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
     at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
     at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
     at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
     at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
     at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
     at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
     at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
     at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
     at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:296)
     at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
     at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
     at javax.xml.ws.Service.<init>(Service.java:56)
     at ideal.ws2j.eqtoken.TokenServices.<init>(TokenServices.java:64)
     at com.citi.ilrouter.util.IpreoEQSSOClient.invokeRpcPortalToken(IpreoEQSSOClient.java:165)
     at com.citi.ilrouter.servlets.T3LinkServlet.doPost(T3LinkServlet.java:168)
     at com.citi.ilrouter.servlets.T3LinkServlet.doGet(T3LinkServlet.java:206)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
     at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
     at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(Unknown Source)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(Unknown Source)
     at weblogic.servlet.internal.WebAppServletContext.securedExecute(Unknown Source)
     at weblogic.servlet.internal.WebAppServletContext.execute(Unknown Source)
     at weblogic.servlet.internal.ServletRequestImpl.run(Unknown Source)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 16189141>

I received a workaround by an internal message.
The how to guide is :
-Download the wsdl file (with bindings, not the one from ESR)
-Correct it in order that the schema corresponds to the answer (remove minOccurs or other things like this)
-Deploy the wsdl file on you a server (java web project for exemple). you can deploy on your local
-Create a new logicial destination that point to the wsdl file modified
-Change the metadata destination in your web dynpro project for the corresponding model and keep the execution desitnation as before.
Then the received data is check by the metadata logical destination but the data is retrieved from the correct server.

Starting Server with SSL Enabled

I want to start iplanet directory server 5.1 with SSL Enabled, but It always ask me PIN Token.
I write slapd-test-pin.txt file as following :
slapd-test-pin.txt
-------begin-----------
Token:test123456
-------end ------------
I put the slapd-test-pin.txt into /usr/iplanet/server/alias
then, I restart directory server from command line.
/usr/iplanet/servers/slapd-test/stop-slapd
/usr/iplanet/servers/slapd-test/start-slapd
What's wrong ?
Thank you !!!!

I have a similar problem. I actually do set the correct format of certidcate db password file but the server stll does not start but reports the following:
[26/Sep/2003:17:21:11 -0400] - Sun-ONE-Directory/5.2 B2003.143.0014 (32-bit) starting up
[26/Sep/2003:17:21:11 -0400] - ERROR<12362> - Connection - conn=-1 op=-1 msgId=-1 - PR_Bind() on address <all interfaces> port <636> failed : error -5966 (Access Denied.).
I installed the certificate correctly. It was obtained from VeriSign with a ds 5.2 generated request.
Any ideas?
Thanks in advance!

Help needed creating Web Service Proxy with SSL

Hi All, I really need your help. I need to create a Web Service proxy for a web service which is SSL enabled and developed in Netbeans. I have been given keystore as well as certificates files and I have copied "keystore.jks" in my c:\Documents and Settings\<user> and the certifcates to <JAVA_HOME>\jre\lib\security\cacerts. Now when I run the Proxy creation wizard and give the location of the WSDL file, JDeveloper gives an error "Error importing schemas: Default SSL Context init failed: Invalid keystore format". Can anyone please guide me what I am doing wrong here. I will appreciate your help.
Thanks in advance.
John

I am using JDeveloper 10.1.3.3.0. Thanks Heaps

Epm Inplace upgradation with SSL enabled

Hello Experts,
We have plan to inplace upgradation of hyperion product 933 to EPM 122 with SSL enabled.
My questions regarding to this concerns are:-
1)Is it possible to make inplace upgradation 933 to 122 with SSL enabled?
2)What will be the risks for this plan
3)And suggest pros and cons for this
Please reply my questions soon.. and suggest me what will be better,Suggest ideas for this.
Thanks in advance,

980137 wrote:
Please reply my questions soon.. and suggest me what will be better,Suggest ideas for this.
I think you should discuss your upgrade options with a consultant instead of trying to get answers to those sort of questions on a forum.
Cheers
John
http://john-goodwin.blogspot.com/

How do i restart slapd with SSL enabled?

I am running 5.2 with patch 3 for solaris 8. I want to restart slapd using the restart-slapd command. However the problem is, with SSL enabled, I need to manually intervene and enter in the token password. Is there any way to get around this?
This wouldnt be an issue if i didnt have to automate the slapd restarts.
Thanks.
-Sowser

If you haven't already, create a file as <serverRoot>/alias/slapd-<instance>-pin.txt and add the following to it
Internal (Software) Token:yourcertdbpasswd
Once done you will be able to avoid any manual intervention. This procedure is documented in the Admin guide

Enable External Load Balancing error

Hello,
I'm trying to create a DirectAccess farm with 2 external Load balancers (Step 3.1.1 http://technet.microsoft.com/en-us/library/jj134166.aspx)
The first server is configured (Behind a Edge with 2 NICs) and working but when trying to enable External Load Balancing, I immediately receive this error when applying the settings:
Initializing operations before applying configuration
Backing up GPOs...
Updating cluster settings
Retrieving server GPO details...
Opening the server GPO...
Error: The configuration data for this product is corrupt. Contact your support personnel.
Finishing operations after applying configuration
Information: Attempting to roll back the configuration...
The DirectAccess dashboard shows that all services are fine, the DC is available and no errors are logged in the Event Viewer.
I can't find any explanation about a possible corrupted configuration.

Ok... Found the problem... You can't mix Internet IP and LAN IP to create the VIP...

How to enable Network load balancing for Enterprise portal

Hello,
We have installed EP 7.0 central instance(00) and dialog instance (01) and would like to enable network load balancing between these two EP servers.Have installed network balancer and the configuration has been done at network level.
The below URLs are being used for accessing the portal
Central instance :
http://CIhostname:50000/irj/portal
Dialog Instance:
http://DIhostname:50100/irj/portal
Both the port number has to be same for enabling load balancing.In order to acive this we have to map this port to http port by making some changes in Visual Administrator.
Can you please let me know step by step procedure or any link where i can find the same?
Appreciate your response
Thanks,
Vadi

Dear Jay,
Thnaks for your reply.
No...NLB will helpful in load balancing between different 2 different application (Ep)servers.
We are using microsoft network load balancer.Found the service http provider in VA for making those changes.
Any way thanks.
Regards,
Vadi

How can ftp service on non-standard port be load balanced using Cisco ACE.

How can ftp service on non-standard port be load balanced using Cisco ACE.For example ftp service required on tcp 2000 port

Hi Samarjit,
you can do this by specifying the port number in the class map that you create . Please find the below mentioend config guide where you can specify the tcp/udp port , range or ports or even the wild card to match the port.
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/administration/guide/mapolcy.html#wp1318826
Regards
Abijith

Terminate SSL on Cisco Load Balancer

Hi,
We have a rights Management server that will be behind a load balancer. I would like to terminate the SSL on the Load balancer instead of terminating it on the LC server. is there any settings need to be set on the LC server. I will appreciate any help on this topic.

Check the following basic ssl config
http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_%28ACE%29_Configuration_Examples_--_SSL_Configuration_Examples
I think you do get a little of ssl resource without a license.
Gilles.

What SSL accelerator and load-balancer does anyone recommend?

Hi:
I wanted to find out:
Does anyone recommend SSL accelerator cards/boards or SSL accelerator appliances?
What SSL accelerator and load balancer does aynone recommend to help 9iAS?

Ana_Alm wrote:
Hi there!
I just downloaded and installed OS X Lion, and I'm loving it so far.
However, I've seen that Mountain Lion will have some new features when it comes to social apps (what I call the ones that combine twitter, facebook, rss readers and so on).
So, does anyone knows any cools apps for that? I'm currently using Socialite, that combines all those three, but it has a few issues I don't particularly like. Plus, I'm using Adium for a msn client. I'm also thinking about downloading that beta version of "Messages" that will be realeased on Mountain Lion.
So, what do you think? Give me your ideas
Thanks a lot in advance!
As Mountain Lion has not been released to the public yet, then most of us have no idea which companies have updated the development of their Apps for ML. It is in Development phase so any App you try is at your own risk.
Good Luck
Pete

Adding Silverlight-enabled WCF Service failed with error code 50

Hello everyone,
I am very new to Silverlight ,and I am working on silverlight with WCF.
When I tried to add a silverlight-enabled WCF service. I kept getting the error
Method failed with unexpected error code 50.
I am working with Silverlight 5 and VS 2013 ,I have no idea about it. I appreciate that if anyone can help?
Thank you

Hi,
Please make sure your wcf is valid.
Here are some resources which could help you:
https://msdn.microsoft.com/library/cc838234(VS.95).aspx
http://www.codeproject.com/Articles/262164/Using-WCF-Service-with-Silverlight#_articleTop
Best Regards,
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.

WCF service setup with certificate authentication error

I have a WCF service setup and I need to use a certificate with it and are getting numerous errors when I attempt to browse it. The 1st error I get is "Security settings for this service require 'Anonymous' Authentication but it is not enabled for
the IIS application that hosts this service."
This sounds like a straightforward error message and setting the authentication method in IIS to anonymous resolves being able to browse the service. But I need to use a certificate and setting authentication to anonymous is obviously not right since we
only want those with the proper certificate to access the service. I have all authentication methods in IIS set to disabled when I get the above error message. I have the SSL settings in IIS for the service set to require a certificate as well. I am using
IIS 8.5 as well.
Here is my config file in hoping someone could point me in the correct direction. The service should only work over HTTPS since we are using a certificate and I need the meta data exposed as well hence the mexHttpBinding. I have searched the web but no solution
is working. Any help is appreciated.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<configSections>
<sectionGroup name="applicationSettings" type="System.Configuration.ApplicationSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<section name="HEALookupProxy.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
</sectionGroup>
</configSections>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation targetFramework="4.5.1" />
<httpRuntime targetFramework="4.5.1" />
<authentication mode="None"></authentication>
</system.web>
<system.serviceModel>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true">
<baseAddressPrefixFilters >
<add prefix="https"/>
</baseAddressPrefixFilters>
</serviceHostingEnvironment>
<services>
<service name="HEALookupProxy.HEALookupService" behaviorConfiguration="HEALookupServiceBehavior">
<endpoint address="" binding="wsHttpBinding" contract="HEALookupProxy.IHEALookupService" bindingConfiguration="HEALookupConfig" />
<endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="HEALookupConfig">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Certificate"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="HEALookupServiceBehavior">
<serviceMetadata httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials>
<serviceCertificate x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My" findValue="certnameremoved" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />

<directoryBrowse enabled="false" />
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" users="user1, user2" />
</authorization>
</security>
</system.webServer>
</configuration>

Hi spark29er,
>>The service should only work over HTTPS since we are using a certificate and I need the meta data exposed as well hence the mexHttpBinding.
For creating the HTTPS WCF service, first please change the mexHttpBinding to
mexHttpsBinding as following:
<endpoint contract="IMetadataExchange" binding="mexHttpsBinding" address="mex" />
For more information, please try to refer to:
#Seven simple steps to enable HTTPS on WCF WsHttp bindings:
http://www.codeproject.com/Articles/36705/simple-steps-to-enable-HTTPS-on-WCF-WsHttp-bindi .
Then please try to check the following article about how to do the certificate authentication on HTTPS WCF Service:
http://blogs.msdn.com/b/imayak/archive/2008/09/12/wcf-2-way-ssl-security-using-certificates.aspx .
Besides, setting the
includeExceptionDetailInFaults as false can give us more detailed error information.
Best Regards,
Amy Peng
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.

Oc4j standalone 10.1.3.3 and service registry with ssl install help needed

Hello,
I'm trying to install service registry with oc4j standalone for testing and demoing but am having some difficulty with the ssl side of things.
I have setup a oc4j standalone 10.1.3.3 and configured the following ports:
default http port: 9991
ormi port: 9992
ormi ssl port: 9993
https port: 9994
I have configured oc4j standalone for SSl as per instructions by copying default-web-site.xml to secure-web-site.xml and added secure="true" to <web-site> tag and added <ssl-config keystore..../> as well. I've also modified server .xml and added <web-site path="./secure-web-site.xml" /> into the file.
I have then installed service registry as a publication (discovery) with http port pointing to 9991 and ssl enabled pointing to 9994 with oracle database.
I can load http://localhost:9991/ and also https://localhost:9994 and both secure and non-secure page loads fine for the oc4j webpage. I can load http://localhost:9991/registry/uddi/web/ page but when I click on any of the link on it tries to load https://localhost:9994/registry/uddi/web i get a http 404 not found error.
Tried googling and searching the forum for info, but I'm in need of a little help on where I went wrong.
Thanks

Hy frank, thanks for your reply:
We use a jdk shipped with jdeveloper for running OC4J;
"<JDev install dir>\jdk\bin\java.exe"
java -version says:
java version "1.5.0_06"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode)
Regards.
Davide

Using Adobe Document Services (ADS) with SSL

Hi,
Hope any of you encountered a question like me while implementing ADS on NW04 SP16.
We've installed ADS and patched it to SP16_1. After wrote a dynpro application to run on portal. Everything is ok with HTTP. But if we access same application via HTTPS it reaises exceptions.
So tried to enable SSL for ADS. But question is, during "Creating the SSL User Credentials" section, I gave exactly same values for "Key and Certificate Generation" popup as SSL Certificate.
Country Name: US
State/Province: Some State
Locality Name: Some City
Organization Name: Some Customer
Organization Unit Name: Some Purchasing Unit
Common Name: *.<domain>
Also tried to add PFX Certificate used J2EE SSL Enabling via "Select CA Key".
All the other steps are followed as guide.
But when i tried to access application exception is raised and within security log following messages appear;
<b>#1.5#0011258C36F90053000000740000017C00041489D14E57F1#1148482061593#/System/Security/SecureConnectionFactory#sap.com/com.sap.engine.services.webservices.tool#com.sap.security.core.server.https.SecureConnectionFactory#Guest#0####409ba5a0eb3411dab5050011258c36f9#SAPEngine_Application_Thread[impl:3]_14##0#0#Warning#1#com.sap.security.core.server.https.SecureConnectionFactory#Plain###Attempting to create outgoing ssl connection without trusted certificates#
#1.5#0011258C36F90053000000750000017C00041489D14EDC64#1148482061625#/System/Security/SecureConnectionFactory#sap.com/com.sap.engine.services.webservices.tool#com.sap.security.core.server.https.SecureConnectionFactory#Guest#0####409ba5a0eb3411dab5050011258c36f9#SAPEngine_Application_Thread[impl:3]_14##0#0#Warning#1#com.sap.security.core.server.https.SecureConnectionFactory#Plain###Attempting to create outgoing ssl connection without trusted certificates#
#1.5#0011258C36F9005D000000640000017C00041489D1F1D4A1#1148482072296#/System/Security/SecureConnectionFactory#sap.com/com.sap.engine.services.webservices.tool#com.sap.security.core.server.https.SecureConnectionFactory#Guest#0####47018680eb3411daa68e0011258c36f9#SAPEngine_Application_Thread[impl:3]_28##0#0#Warning#1#com.sap.security.core.server.https.SecureConnectionFactory#Plain###Attempting to create outgoing ssl connection without trusted certificates#
#1.5#0011258C36F9005E000000690000017C00041489D1F20CDF#1148482072312#/System/Security##com.sap.engine.services.security#Guest#0####4703f780eb3411dabce30011258c36f9#SAPEngine_Application_Thread[impl:3]_1##0#0#Warning#1#com.sap.engine.services.security#Plain#Obsolete options passed to ClientCertLoginModule. Please fix policy configurations!###
#1.5#0011258C36F9005E0000006A0000017C00041489D1F20DDC#1148482072312#/System/Security##com.sap.engine.services.security#Guest#0####4703f780eb3411dabce30011258c36f9#SAPEngine_Application_Thread[impl:3]_1##0#0#Info#1#com.sap.engine.services.security#Plain#No certificate provided.###
</b>
default.trace contains following error regarded to this action;
<b>#1.5#0011258C36F90051000000570000017C00041489C95BFEE4#1148481928265#com.sap.engine.services.servlets_jsp.client.RequestInfoServer#sap.com/tcwddispwda#com.sap.engine.services.servlets_jsp.client.RequestInfoServer#abilgen#156##temepdev_EPD_2848050#abilgen#e76f2010eb3311daabea0011258c36f9#SAPEngine_Application_Thread[impl:3]_11##0#0#Error##Plain###Processing HTTP request to servlet [dispatcher] finished with error. The error is: com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: Error during call to AdobeDocumentServer: Processing exception during a "Render" operation.
Request start time: Wed May 24 17:45:28 EEST 2006
com.adobe.ProcessingError: Unspecified error writing stream: <Render><Template><Name> "https://temepdev:50001/webdynpro/dispatcher/local/PDF_Yaratma/PDF_YaratmaApp/wd_keyh4Zpt9jZYSMW3rbDpbrYOw==/sapwebdynpro.xft;jsessionid=(J2EE2848000)ID1536692150DB10742250613064796742End;saplb_*=(J2EE2848000)2848050?sap.session.download=4&sap-wd-cltwndid=e76f2011eb3311daccf20011258c36f9&sap-wd-appwndid=Ide76f2011eb3311daccf20011258c36f912&sap-wd-norefresh=true :
java.lang.RuntimeException: Error while silently connecting: org.w3c.www.protocol.http.HttpException: iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier
Exception Stack Trace:
com.adobe.ProcessingError: Unspecified error writing stream: <Render><Template><Name> "https://temepdev:50001/webdynpro/dispatcher/local/PDF_Yaratma/PDF_YaratmaApp/wd_keyh4Zpt9jZYSMW3rbDpbrYOw==/sapwebdynpro.xft;jsessionid=(J2EE2848000)ID1536692150DB10742250613064796742End;saplb_*=(J2EE2848000)2848050?sap.session.download=4&sap-wd-cltwndid=e76f2011eb3311daccf20011258c36f9&sap-wd-appwndid=Ide76f2011eb3311daccf20011258c36f912&sap-wd-norefresh=true :
java.lang.RuntimeException: Error while silently connecting: org.w3c.www.protocol.http.HttpException: iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier
     at com.adobe.Render.execute(Unknown Source)
     at com.adobe.BaseADSRequest.doWork(Unknown Source)
     at com.adobe.AdobeDocumentServicesWorker.execute(Unknown Source)
     at com.adobe.AdobeDocumentServicesEJB.processRequest(Unknown Source)
     at com.adobe.AdobeDocumentServicesEJB.rpData(Unknown Source)
     at com.adobe.AdobeDocumentServicesLocalLocalObjectImpl0.rpData(AdobeDocumentServicesLocalLocalObjectImpl0.java:120)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:324)
     at com.sap.engine.services.webservices.runtime.EJBImplementationContainer.invokeMethod(EJBImplementationContainer.java:126)
     at com.sap.engine.services.webservices.runtime.RuntimeProcessor.process(RuntimeProcessor.java:157)
     at com.sap.engine.services.webservices.runtime.RuntimeProcessor.process(RuntimeProcessor.java:79)
     at com.sap.engine.services.webservices.runtime.servlet.ServletDispatcherImpl.doPost(ServletDispatcherImpl.java:92)
     at SoapServlet.doPost(SoapServlet.java:51)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)
     at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
     at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)
     at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
     at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
     at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
     at java.security.AccessController.doPrivileged(Native Method)
     at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
     at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
     at com.sap.tc.webdynpro.clientserver.adobe.AdobeFormHelper.createPDFDocumentForUIElement(AdobeFormHelper.java:486)
     at com.sap.tc.webdynpro.clientserver.uielib.adobe.impl.InteractiveForm.afterHandleActionEvent(InteractiveForm.java:185)
     at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.afterHandleActionEvent(ClientApplication.java:1174)
     at com.sap.tc.webdynpro.clientserver.task.WebDynproMainTask.handleActionEvent(WebDynproMainTask.java:407)
     at com.sap.tc.webdynpro.clientserver.task.WebDynproMainTask.execute(WebDynproMainTask.java:659)
     at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:59)
     at com.sap.tc.webdynpro.clientserver.cal.ClientManager.doProcessing(ClientManager.java:251)
     at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doWebDynproProcessing(DispatcherServlet.java:154)
     at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:116)
     at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:55)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)
     at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
     at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)
     at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
     at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
     at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
     at java.security.AccessController.doPrivileged(Native Method)
     at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
     at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
#1.5#0011258C36F90051000000590000017C00041489C95C063B#1148481928265#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#sap.com/tcwddispwda#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#abilgen#156##temepdev_EPD_2848050#abilgen#e76f2010eb3311daabea0011258c36f9#SAPEngine_Application_Thread[impl:3]_11##0#0#Error#1#/System/Server/WebRequests#Plain###Processing HTTP request to servlet [dispatcher] finished with error.
The error is: com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: Error during call to AdobeDocumentServer: Processing exception during a "Render" operation.
Request start time: Wed May 24 17:45:28 EEST 2006
com.adobe.ProcessingError: Unspecified error writing stream: <Render><Template><Name> "https://temepdev:50001/webdynpro/dispatcher/local/PDF_Yaratma/PDF_YaratmaApp/wd_keyh4Zpt9jZYSMW3rbDpbrYOw==/sapwebdynpro.xft;jsessionid=(J2EE2848000)ID1536692150DB10742250613064796742End;saplb_*=(J2EE2848000)2848050?sap.session.download=4&sap-wd-cltwndid=e76f2011eb3311daccf20011258c36f9&sap-wd-appwndid=Ide76f2011eb3311daccf20011258c36f912&sap-wd-norefresh=true :
java.lang.RuntimeException: Error while silently connecting: org.w3c.www.protocol.http.HttpException: iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier
Exception Stack Trace:
com.adobe.ProcessingError: Unspecified error writing stream: <Render><Template><Name> "https://temepdev:50001/webdynpro/dispatcher/local/PDF_Yaratma/PDF_YaratmaApp/wd_keyh4Zpt9jZYSMW3rbDpbrYOw==/sapwebdynpro.xft;jsessionid=(J2EE2848000)ID1536692150DB10742250613064796742End;saplb_*=(J2EE2848000)2848050?sap.session.download=4&sap-wd-cltwndid=e76f2011eb3311daccf20011258c36f9&sap-wd-appwndid=Ide76f2011eb3311daccf20011258c36f912&sap-wd-norefresh=true :
java.lang.RuntimeException: Error while silently connecting: org.w3c.www.protocol.http.HttpException: iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier
     at com.adobe.Render.execute(Unknown Source)
     at com.adobe.BaseADSRequest.doWork(Unknown Source)
     at com.adobe.AdobeDocumentServicesWorker.execute(Unknown Source)
     at com.adobe.AdobeDocumentServicesEJB.processRequest(Unknown Source)
     at com.adobe.AdobeDocumentServicesEJB.rpData(Unknown Source)
     at com.adobe.AdobeDocumentServicesLocalLocalObjectImpl0.rpData(AdobeDocumentServicesLocalLocalObjectImpl0.java:120)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:324)
     at com.sap.engine.services.webservices.runtime.EJBImplementationContainer.invokeMethod(EJBImplementationContainer.java:126)
     at com.sap.engine.services.webservices.runtime.RuntimeProcessor.process(RuntimeProcessor.java:157)
     at com.sap.engine.services.webservices.runtime.RuntimeProcessor.process(RuntimeProcessor.java:79)
     at com.sap.engine.services.webservices.runtime.servlet.ServletDispatcherImpl.doPost(ServletDispatcherImpl.java:92)
     at SoapServlet.doPost(SoapServlet.java:51)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)
     at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
     at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)
     at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
     at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
     at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
     at java.security.AccessController.doPrivileged(Native Method)
     at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
     at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
</b>

It was simple. I did some debug and realised the fact.
"Processing exception during a "Render" operation.#Request start time: Fri Jun 30 16:53:04 PDT 2006#com.adobe.ProcessingError: Failed to create a <Render> XML Form Module. Please ensure#that the XML Form Module service is running:#com.adobe.FailedCreationE"
Just go to the Visual administrator and start the XML Form Module Service.

WCF service fronted with SSL enabled NGINX load balancer shows HTTP based WSDL url instead of HTTPS

Similar Messages

Maybe you are looking for