Web cache and SSL certificates

We just installed Oracle9iAs 9.0.2.3 on 2 separate machines. All the components have been set up to use SSL and HTTPS protocol and are working fine.
On the mid-tier server we are having a problem where the web cache is throwing up the network error page every time the mid-tier apache home page is invoked or Portal home page is invoked. After a few refreshes the page is ultimately displayed.
I was told that we need a real valid certificate to avoid this issue between web-cache and apache server.
Has anyone created self-signed certificates for their test machines apache server?? What software or method was used to create self-signed valid certificates for test purpose?

Whenever I try to go to the portal home page The web cache is simply displaying the default network error apology page, which says, 'No response from the Application server' in big red. I have to refresh the page a few times to display the portal home page. And this happens a few times when I am browsing through the portal pages too.

Similar Messages

  • IE browser and Web Cache and SSL - Internet Explorer cannot display the web page

    When using IE8, IE9, or IE10 with Web Cache and SSL certain pages which display a lot of data returns the error - "Internet Explorer cannot display the web page."
    if we eliminate SSL but continue to use Web Cache, the error does *not* reproduce & If we eliminate Web Cache altogether the error again does *not* reproduce.  The error is only reproducible when we use SSL with Web Cache and if we use IE and we access *large* pages. The error is not reproducible with Firefox or Chrome. This is a Web Tier 11.1.1.7 installation with WebLogic 10.3.6 & Red Hat Enterprise 5 Linux x86-64
    Event_log shows below errors.
    [2013-06-13T16:34:35-04:00] [webcache] [NOTIFICATION:1] [WXE-09002] [logging] [ecid: ] Generated by Oracle Web Cache on Thu Jun 13 16:34:35 2013 - Build 11.1.1.7.0 130113.0721
    [2013-06-13T16:34:36-04:00] [webcache] [NOTIFICATION:1] [WXE-08513] [logging] [ecid: ] Cache server process ID 4469 is starting up.
    [2013-06-13T16:34:36-04:00] [webcache] [NOTIFICATION:1] [WXE-09612] [main] [ecid: ] Oracle Web Cache 11g (11.1.1.6), Build 11.1.1.7.0 130113.0721
    [2013-06-13T16:34:37-04:00] [webcache] [NOTIFICATION:1] [WXE-13002] [config] [ecid: ] Maximum allowed incoming connections are 1000
    [2013-06-13T16:35:00-04:00] [webcache] [NOTIFICATION:1] [WXE-09441] [stats] [ecid: ] DMS enabled
    [2013-06-13T16:35:28-04:00] [webcache] [NOTIFICATION:1] [WXE-12209] [cluster] [ecid: ] A 1 node cluster successfully initialized
    [2013-06-13T16:35:29-04:00] [webcache] [NOTIFICATION:1] [WXE-09614] [main] [ecid: ] The following Oracle Web Cache internal files are pre-populated to the cache: [[
            /nssb-p.adm.fit.edu:7785/_oracle_http_server_webcache_static_.html
            /nssb-p.adm.fit.edu:4448/_oracle_http_server_webcache_static_.html
    [2013-06-13T16:35:29-04:00] [webcache] [NOTIFICATION:1] [WXE-09614] [main] [ecid: ]  [[
    The following Oracle Web Cache internal files are pre-populated to the cache: [[
            /nssb-p.adm.fit.edu:7785/_oracle_http_server_webcache_checkserviceavailability_.html
            /nssb-p.adm.fit.edu:4448/_oracle_http_server_webcache_checkserviceavailability_.html
    [2013-06-13T16:35:29-04:00] [webcache] [NOTIFICATION:1] [WXE-09608] [main] [ecid: ] The cache server process started successfully.
    [2013-06-13T16:35:29-04:00] [webcache] [WARNING:1] [WXE-12104] [utl] [ecid: ] Oracle Web Cache process has page faulted
    [2013-06-13T16:44:22-04:00] [webcache] [ERROR:32] [WXE-11904] [security] [ecid: ] SSL handshake fails SSL-29049
    [2013-06-13T16:44:22-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: The record type is unknown.
    [2013-06-13T16:44:22-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: Remote IP [163.118.22.16]:55145
    [2013-06-13T16:44:22-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: Local IP 163.118.170.70:4448
    [2013-06-13T16:44:22-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: SSL error during handshake (details: internal=The record type is unknown. system=Success)
    [2013-06-13T16:44:27-04:00] [webcache] [ERROR:32] [WXE-11904] [security] [ecid: ] SSL handshake fails SSL-29049
    [2013-06-13T16:44:27-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: The record type is unknown.
    [2013-06-13T16:44:27-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: Remote IP [163.118.22.16]:55144
    [2013-06-13T16:44:27-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: Local IP 163.118.170.70:4448
    [2013-06-13T16:44:27-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: SSL error during handshake (details: internal=The record type is unknown. system=Success)
    [2013-06-13T16:44:27-04:00] [webcache] [ERROR:32] [WXE-11904] [security] [ecid: ] SSL handshake fails SSL-29049
    [2013-06-13T16:44:27-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: The record type is unknown.
    [2013-06-13T16:44:27-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: Remote IP [163.118.22.16]:55148
    [2013-06-13T16:44:27-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: Local IP 163.118.170.70:4448
    [2013-06-13T16:44:27-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: SSL error during handshake (details: internal=The record type is unknown. system=Success)
    [2013-06-13T16:44:35-04:00] [webcache] [ERROR:32] [WXE-11904] [security] [ecid: ] SSL handshake fails SSL-28864
    [2013-06-13T16:44:35-04:00] [webcache] [ERROR:32] [WXE-11904] [security] [ecid: ] SSL handshake fails SSL-28864
    [2013-06-13T16:44:47-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: This error occurred because the peer closed the connection.
    [2013-06-13T16:44:47-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: success during initialization (details: internal=success system=Success)
    [2013-06-13T16:44:47-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: This error occurred because the peer closed the connection.
    [2013-06-13T16:44:47-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: success during initialization (details: internal=success system=Success)
    [2013-06-13T16:44:47-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: This error occurred because the peer closed the connection.
    [2013-06-13T16:44:47-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: success during initialization (details: internal=success system=Success)
    [2013-06-13T16:44:47-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: This error occurred because the peer closed the connection.
    [2013-06-13T16:44:47-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: success during initialization (details: internal=success system=Success)
    [2013-06-13T16:44:47-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: This error occurred because the peer closed the connection.
    [2013-06-13T16:44:47-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: success during initialization (details: internal=success system=Success)
    [2013-06-13T16:44:47-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: This error occurred because the peer closed the connection.
    [2013-06-13T16:44:47-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: success during initialization (details: internal=success system=Success)
    [2013-06-13T16:45:18-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: This error occurred because the peer closed the connection.
    [2013-06-13T16:45:18-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: success during initialization (details: internal=success system=Success)
    [2013-06-13T16:45:22-04:00] [webcache] [ERROR:32] [WXE-11904] [security] [ecid: ] SSL handshake fails SSL-28864
    [2013-06-13T16:45:22-04:00] [webcache] [ERROR:32] [WXE-11904] [security] [ecid: ] SSL handshake fails SSL-28864
    [2013-06-13T16:45:38-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: This error occurred because the peer closed the connection.
    [2013-06-13T16:45:38-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: success during initialization (details: internal=success system=Success)
    [2013-06-13T16:45:38-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: This error occurred because the peer closed the connection.
    [2013-06-13T16:45:38-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: success during initialization (details: internal=success system=Success)
    [2013-06-13T16:45:38-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: This error occurred because the peer closed the connection.
    [2013-06-13T16:45:38-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: success during initialization (details: internal=success system=Success)
    [2013-06-13T16:45:38-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: This error occurred because the peer closed the connection.
    [2013-06-13T16:45:38-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: success during initialization (details: internal=success system=Success)
    [2013-06-13T16:45:41-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: This error occurred because the peer closed the connection.
    [2013-06-13T16:45:41-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: success during initialization (details: internal=success system=Success)
    Any help or suggestions are greatly appreciated
    Tnx a lot,
    Lokesh

    Hello ,
    Try Below Workarounds:
    Workaround 1:
    Open Central Admin
    àApplication Management  à
    Configure Alternate access mapping-->Edit your web application zone and add your server name in Intranet zone. So default can be serverIP and intranet could be servername.
    Workaround 2:
    Might be there is some issue with DNS and try to check that WebApplication is pointing to correct IP or not.  
    Also try to access your Sharepoint site using ip Address .. If you still gets error Kindly share the logs .. 
    Best
    Regards Kuldeep Verma
    Please remember to click "Mark As Answer"
    if a post solves your problem or "Vote As Helpful" if it was useful.

  • Importing external web service with SSL certificate security

    Hello,
    I'm trying to import an external web service (that resides in another server, independent of ours). However, right after I enter the WSDL in the import window I get the following error in the NWDS:
    sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target      [Error: com.sap.ide.es.core.ui.internal.wizards.fragments  Thread[ModalContext,6,main]]
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
              at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
              at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649)
              at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
              at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
              at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
              at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
              at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
              at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
              at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
              at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
              at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
              at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
              at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
              at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
              at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1172)
              at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
              at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.getURLAsStream(UrlValidationRunnable.java:137)
              at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.validate(UrlValidationRunnable.java:75)
              at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.run(UrlValidationRunnable.java:55)
              at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
              at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
              at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
              at sun.security.validator.Validator.validate(Validator.java:218)
              at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
              at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
              at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
              at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
              ... 15 more
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
              at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
              at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
              at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
              ... 21 more
    Has anyone ever consumed an external web service with SSL certificate security? How do you import this in your Web Dynpro project?
    Cheers!

    Hi Alain,
    I just checked on a newer NW environment (NW 7.2) and was presented an empty list as well... It seems the mapping procedure I described is deprecated since NW 7.11, and the modeled CAF application service is already exposed as a web service.
    You may want to have a look at http://help.sap.com/saphelp_nwce711/helpdata/en/43/f173947bbb025be10000000a1553f7/content.htm or http://scn.sap.com/message/7852996 for more info

  • Sample app: Web Cache and ESI

    Download a new sample application and learn how to deliver dynamic, personalized content faster with Oracle9iAS Web Cache and Edge Side Includes (ESI). Oracle9iAS Web Cache and ESI can also accelerate the performance of e-business applications and boost productivity of employee-facing applications across an intranet.
    Regards,
    -rh

    The source code and docs have been updated.

  • Office Web Apps Server SSL Certificate

    Hi
    I am deploying Office Web App Server for Integration with Lync 2013. I opted for secure communication with SSL Certificate. I want this server available to internal and external users.
    I am little confused over CA for Issuance of SSL Certificate. On most of the forums, I found SSL Certificate to be issued by Internal CA. If so, will this also work for external users?
    If not, then plz guide me for Generating Certificate Request on Office Web App Server to be submitted to External CA for Issuance of Certificate.
    Regards.

    Hi,
    Thanks for your posting in this forum.
    I have moved this thread in Lync Server 2013-Management, Planning, and Deployment forum for more dedicated support.
    Thanks for your understanding.
    Best Regards,
    Wendy
    Wendy Li
    TechNet Community Support

  • Securing file download with standard web security and ssl

    Hi,
    I want to put some files for download in my webapp. At the same time, I want to protect these files using standard servlet security and ssl. So I added <security-constraint> in my web.xml and configured tomcat to allow SSL connection. Now I got the files protected as I expected. When I try to access the file directly from browser, tomcat shows me the login page. However, after correct login, I.E. pops up an error saying something like "Internet Explorer cannot download XXX from XXX. The file could not be written to the cache.". The log file showed the following exception:
    javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Connection reset by peer: socket write error
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1154)
         at com.sun.net.ssl.internal.ssl.AppInputStream.available(AppInputStream.java:40)
         at org.apache.tomcat.util.net.TcpConnection.shutdownInput(TcpConnection.java:90)
         at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:752)
         at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:526)
         at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
         at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
         at java.lang.Thread.run(Thread.java:595)
    Caused by: javax.net.ssl.SSLException: java.net.SocketException: Connection reset by peer: socket write error
         at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1443)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1407)
         at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:64)
         at org.apache.coyote.http11.InternalOutputBuffer.realWriteBytes(InternalOutputBuffer.java:747)
         at org.apache.tomcat.util.buf.ByteChunk.flushBuffer(ByteChunk.java:403)
         at org.apache.coyote.http11.InternalOutputBuffer.endRequest(InternalOutputBuffer.java:400)
         at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:961)
         at org.apache.coyote.Response.action(Response.java:182)
         at org.apache.coyote.Response.finish(Response.java:304)
         at org.apache.catalina.connector.OutputBuffer.close(OutputBuffer.java:281)
         at org.apache.catalina.connector.Response.finishResponse(Response.java:473)
         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
         at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:825)
         at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:738)
         ... 4 more
    Caused by: java.net.SocketException: Connection reset by peer: socket write error
         at java.net.SocketOutputStream.socketWrite0(Native Method)
         at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92)
         at java.net.SocketOutputStream.write(SocketOutputStream.java:136)
         at com.sun.net.ssl.internal.ssl.OutputRecord.writeBuffer(OutputRecord.java:283)
         at com.sun.net.ssl.internal.ssl.OutputRecord.write(OutputRecord.java:272)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:663)
         at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
         ... 15 more
    I've tried separating concerns, for example protect files but not require SSL, and enable SSL but do not protect files. Both works respectively but not together. I also tried using a download4j's DownloadServlet. Still doesn't work.
    Have any of you encouter the same situation? If so, could you enlight me what I did wrong? It maybe just a simple SSL configuration or something. Thanks in advance!
    Jack

    My environment setup is:
    JDK 1.5.01
    Tomcat 5.5.7
    For downloading files, I just use plain old <a href> method. I simply right-click the link and choose "save target as...".
    Thanks,
    Jack

  • Java Web Start and SSL

    I have an AP designed as a Java Web Start program,
    and I want it to connect to a web service via SSL.
    I know how to do that in a normal AP. Just add a property like :
    System.setProperty("javax.net.ssl.trustStore","my.keystore");
    But since a JAWS program is downloaded from server, and don't have a my.keystore on local file system. I can't set a property that way. Is anyone know how to deal with this?
    Can a signed jar file help?
    Thanx in advance.

    We had the same problem. There's basically two ways around this. One is extremely easy and the other is a pain.
    easy: Use a CA certificate on the web server (Verisign, thawte etc.). All java applications already have a keystore (cacerts) that recognizes
    these CAs. This keystore will be used when the cert on the server is a CA. Only drawback - $250 or so for the cert.
    painful: Programmatically extract your personal certificate keystore from the deployed client jar. Also programmatically apply it to your SSL handler. Basically - you have to code what's done in a regular App simply by "javax.net.truststore=keyfile". I didn't explore this option
    too much as the easy option was viable.

  • SAP Web Dispatcher Configuration (SSL, certificates)

    Hi all,
    We're trying to configure the SAP Web Dispatcher for the use of SSL (terminated) and client authentication using x.509 certificates. All works (almost)fine. However, there's some strange behavior that I can not explain.
    The following access point have been specified in the profile:
    Description of the Access Points
    icm/server_port_0 = PROT=HTTPS, PORT=443, TIMEOUT=15
    icm/server_port_2 = PROT=HTTP, PORT=83, TIMEOUT=15
    icm/HTTPS/verify_client = 2
    Basicly we only need users to access the web dispatcher using SSL. However, when I remove the line: icm/server_port_2 = PROT=HTTP, PORT=83, TIMEOUT=15
    The Web Dispatcher returns an error upon accessing it using HTTPS:
    Dispatching Error
    Error: -26
    Version: 6040
    Component: HTTP_ROUTE
    Date/Time: Tue Mar 14 07:19:38 2006 
    Module: http_route.c
    Line: 2383
    Server: sapvm1_DVS_26
    Detail: no valid destination server available for '!ALL' rc=13
    Any help would be highly appreciated. Thanks!
    Frodo

    Hi KS,
    Maybe you were right afterall I found a nice How to on the servce.sap.com (https://websmp203.sap-ag.de/~form/sapnet?_SHORTKEY=00200797470000073632&_SCENARIO=01100035870000000202) and it seems you do have to add the HTTP server_port parameter in case SSL is being terminated (no re-encryption).
    icm/server_port_0 = PROT=HTTPS, PORT=443, TIMEOUT=15
    icm/server_port_1 = PROT=HTTP, PORT=0, TIMEOUT=15
    However, the trick is to set the port to zero (0), that way you can still only access the Web Dispatcher via HTTPS.
    All is working now.
    Frodo

  • Mail for Exchange and SSL certificate

    I have a little problem with Mail For Exchange and my Nokia N80. I have self-signed certificate for Exchange mailserver and when I am synchronizing e-mails I got always message: "The site has sent an untrusted certificate. Continue anyway ?". I underestand that my certificate isn't verified by any root authority, but if I have synchronization schedule set at 15 minutes it means I have to confirm this message four times when I am not with my mobile one hour. So question is:
    Is possible to import self-signed SSL certificate into Nokia N80 and set it as trusted ? If yes, please describe me how, because I have tried import the certificate as CER (it was opened just as NOTE on Nokia), I tried to convert it via openssl to PEM (the file was not recognized) etc... Thanks for any help in advance.
    Reply With Quote

    Go to your outlook web access website and click on the lock and then view certificate. The details and then you can save it in DER format to your desktop.
    Then go to this site:
    http://www.redelijkheid.com/symcaimport/ and insert through the browse button and then copy the link to your phone.
    Then you should be able to download it
    You can also go to your IIS default site on the exchange server and directory security and export your certificate under edit certificate.
    I have tried everything now. I can download my certificate and the valicert from GoDaddy, but the Nokia phone is still saying "do you trust this certificate" every time the phone syncs.
    Our firm have taken the E-phones away now and went over to windows mobile and all of them worked within 10 minutes without any errors.
    The funny thing is that when you try to call nokia, they wont help you with Mail for Exchange, and it is there program
    I know my GoDaddy certificate works on windows mobile phones, so It must be something with Mail for Exchange.
    Every guy I talked to about symbian phones have told me they always gives problems with SSL. I am a bit **bleep**, but can conclude that Nokia is for the private consumer.
    Best Regards
    Morten @ Denmark
    Message Edited by asp3200 on 02-May-2008 08:37 AM

  • RPC Style Web Service and SSL

    Hi,
    Has anyone tried (and maybe succeeded) in accessing an
    RPC-style Web Service deployed on WebLogic Server 6.1 using
    SSL? I have a Web Service deployed and am able to access it using JNDI and the
    weblogic.soap.http.SoapInitialContextFactory
    INITIAL_CONTEXT_FACTORY. However, when I try to set the
    Context.SECURITY_PROTOCOL to "ssl" and access the secure port,
    I get a "java.net.SocketException: Unexpected end of file from
    the server" error message.
    Does the weblogic.soap.http.SoapInitialContextFactory not
    support SSL? Do I need to do the SOAP/XML messaging myself,
    without being able to make use of the WebLogic convenience
    classes? Thanks! Rob

    Alright!
    Glad you got it working ;-)
    Actually, the problem with the protocol being hardcoded to http in the wsdl.jsp,
    is a bit strange. It's unusual that the BEA engineers that coded the wsgen component
    and support classes, didn't use something like the following:
    <soap:address location="<%= request.getScheme() + "://" + request.getServerName()
    + ":" + request.getServerPort() %>/security/examples/webservices/security/PhoneBookService"/>
    I don't use wsgen too much, because I need to have more control over the J2EE
    packaging. It (wsgen) is great for spitting out stuff, but not really setup for
    doing Web service packaging that use classes (i.e. helper files, frameworks, etc.)
    that it doesn't generate. I think they (BEA) might be looking into integrating
    the Web Services assembly process with other tools like WebGain, Forte, etc. to
    alleviate these types of issues.
    Anyway, glad you got it working, so now you can help somebody else (time permitting,
    of course) with this topic in the future!
    Regards,
    Mike Wooten
    "Rob Nelson" <[email protected]> wrote:
    >
    Mike,
    Thank you very much for your response! The next to
    last sentence did it for me (when you mentioned checking
    that the location attribute of the soap:address element
    was set properly)! I noticed that when I viewed the WSDL
    file via the browser (by clicking on the link in the
    index.html page), I saw http://host:<unsecure_port> when
    I requested it over the unsecure port, but I saw
    http://host:<secure_port> when I requested the WSDL over
    the secure port. Notice it did not say https!
    So, I unjarred the EAR file that was generated by my
    wsgen task, and then unjarred the generated WAR file
    contained therein. When I looked at wsdl.jsp, I noticed
    that "http" was hard-coded in the location attribute, but
    that the host name and port number were dynamically
    generated. So I added a scriplet to dynamically place an
    "s" after "http" (if request.isSecure()) and rejarred up
    the WAR and EAR files.
    Now when I deployed the EAR file, I see "https" when
    I request the WSDL over the secure port, and my client
    (actually your client;) works! Awesome! I really appreciate
    your help! Now my only issue is why did the wsdl.jsp have
    "http" hard-coded, not accounting for secure requests.
    These files were generated by the WSGEN task in ANT.
    I figure it's either: I have a configuration problem,
    I have a problem with my ANT build script, my version of
    WebLogic Server (6.1 w/SP1 built 9/18/2001) has a bug, or
    maybe you just have to manually go in and modify the wsdl.jsp
    file if you want to use https :(. Please let me know if
    you have any insight on this, and I will also follow up
    with WebLogic support. Thanks again! Rob
    "Michael Wooten" <[email protected]> wrote:
    Hi Rob,
    I am absolutely sure the code I posted works, so we need to approach
    this from
    a different angle ;-)
    First, I know why the Context.SECURITY_PROTOCOL approach doesn't works.
    It's because
    the namespace in the Web Services code examples is not the same oneas
    the one
    used for RMI objects, EJBs, JDBC Data Sources, etc. For those objects,
    the Context.PROVIDER_URL
    is something like "t3://localhost:7001", and the INITIAL_CONTEXT_FACTORY
    is "weblogic.jndi.WLInitialContextFactory".
    The one being used with WebLogic Web Services, is mainly just functioning
    as a
    mechanism for manufacturing WebServiceProxy objects, because it is a
    non-instanciable!
    It does this by using a subclass of javax.naming.Context called SOAPContext,
    which
    is completely hidden from you, but also doesn't do much except implement
    the lookup()
    method. The implementation of this method ignores the Context.SECURITY_URL
    property,
    but it does pay attention to the "java.naming.security.principal" and
    "java.naming.security.credentials"
    properties. You don't need these properties for SSL, just Basic Authentication.
    Enough about that, though. The service end-point is a servlet right?
    So this means
    it has a URL that begins with http or https, which in turn means the
    WebLogic
    servlet engine gets the SOAP request and sends it to the StatelessSessionAdapter
    servlet. To WLS, this is just like any other HTTP/HTTPS request sent
    to it ;-)
    There is no special "SOAP-related" HTTP/HTTPS handler in WLS, but the
    SSL challenge
    dance still happens. So my first question is, are you sure you havethe
    HTTPS
    attributes set properly in the WebLogic console. SSL/HTTPS should be
    enabled and
    the "Hostname Verification Ignored" checkbox should be checked. Next,
    are you
    sure the URL assigned to the location attribute of the <service> element
    in the
    WSDL is correct (i.e. https://localhost:7002)? Are you using the "dynamic
    client"
    approach?
    Regards,
    Mike Wooten
    "Rob Nelson" <[email protected]> wrote:
    Mike,
    Thanks for your response. I downloaded the code example that
    you
    posted
    last week, as well as the code example that you posted in October for
    a similar
    request (BEA Support pointed me towards that). Unfortunately, I still
    can't get
    the Web Service to respond to the client request when the client uses
    the HTTPS
    port for the WebLogic Server.
    I tried two different client approaches. The first uses the client
    code
    that you posted in October, the WebServiceProxy approach. The second
    approach
    is based on the example in the WebLogic documentation, which uses the
    weblogic.soap.SoapInitialContextFactory
    class with the javax.naming.Context object to perform a lookup on the
    service
    (which closely resembles rmi without the narrowing).
    Both client classes fail to invoke the the service itself viaHTTPS
    (although
    they both work when making HTTP requests to the unsecure port). However,
    when
    I run the client based on the client class that you posted in October
    and make
    an HTTPS request, I can see in the output where it is able to download
    the WSDL
    file and use it (via the WebServiceProxy) to describe the availablemethods
    for
    the associated Web Service. It is only when the actual invoke() method
    is called
    on the SoapMethod object (which in turn sends the XML request to the
    Web Service
    Servlet), that the server doesn't respond, and the client fails with
    an UnexpectedEndOfFileException
    (i.e. no response).
    So, do you know why the servlet that the RPC-style Web Serviceuses
    to handle
    requests would not respond to HTTPS requests, when it processes HTTP
    requests
    without a problem (using the same client code that fails with the HTTPS
    request)?
    I am using WebLogic Server 6.1 w/SP1 on a Solaris 8 platform. Thanks
    for any
    advice you can give me! Rob
    "Michael Wooten" <[email protected]> wrote:
    Hi Rob,
    Check out the attached zip for "insights" into how to do this. It
    contains
    the
    code for two Web service "consumers" (that the new fangled word fora
    "client")
    and the web.xml and weblogic.xml for the RPC-style Web Service, that
    they consume.
    Hope this helps,
    Mike Wooten
    "Rob Nelson" <[email protected]> wrote:
    Hi,
    Has anyone tried (and maybe succeeded) in accessing an
    RPC-style Web Service deployed on WebLogic Server 6.1 using
    SSL? I have a Web Service deployed and am able to access it using
    JNDI
    and the
    weblogic.soap.http.SoapInitialContextFactory
    INITIAL_CONTEXT_FACTORY. However, when I try to set the
    Context.SECURITY_PROTOCOL to "ssl" and access the secure port,
    I get a "java.net.SocketException: Unexpected end of file from
    the server" error message.
    Does the weblogic.soap.http.SoapInitialContextFactory not
    support SSL? Do I need to do the SOAP/XML messaging myself,
    without being able to make use of the WebLogic convenience
    classes? Thanks! Rob

  • Web Dispatcher and SSL

    Dear All,
    I've configured Web Dispatcher with SSL. When I run command "sapwebdisp pf=sapwebdisp.pfl", my HTTPS service could not be started. It gives me error "WARNING: Could not start service 60000 for protocol HTTPS on host "myserver" (on all adapters)".
    Any idea?
    BTW, my SAP Web Dispatcher is up and running.
    Rgds,
    Hapizorr

    HI Koti Reddy,
    Below is the log from dev_webdisp. Any iddea?
    trc file: "dev_webdisp", trc level: 1, release: "700"
    sysno      00
    sid       
    systemid   562 (PC with Windows NT)
    relno      7000
    patchlevel 0
    patchno    110
    intno      20050900
    make:      multithreaded, ASCII, 64 bit, optimized
    pid        2892
    [Thr 2800] started security log to file dev_icm_sec
    [Thr 2800] SAP Web Dispatcher running on: psahrmswd
    [Thr 2800] MtxInit: 30001 0 2
    [Thr 2800] IcmInit: listening to admin port: 65000
    [Thr 2188] *** WARNING => HttpPlugInInit: Parameter icm/HTTPS/trust_client_with_issuer or icm/HTTPS/trust_client_with_subject not set => do not trust any intermediary
    X.509 cert data will be removed from header [http_plgrt.c 670]
    [Thr 2188] *** WARNING => HttpAdmHandlerInit: archive ./wdispadmin.SAR does not exist [http_adm.cpp 286]
    [Thr 2188] *** WARNING => HttpAdmHandlerInit: archive ./wdispadmin.SAR does not exist - nothing extracted [http_adm.cpp 301]
    [Thr 2188] HttpSubHandlerAdd: Added handler HttpAdminHandler(slot=0, flags=4101) for /sap/wdisp/admin:0
    [Thr 2188] CsiInit(): Initializing the Content Scan Interface
    [Thr 2188]            PC with Windows NT (mt,ascii,SAP_CHAR/size_t/void* = 8/64/64)
    [Thr 2188] CsiInit(): CSA_LIB = ".\sapcsa.dll"
    [Thr 2188] *** ERROR => DlLoadLib: LoadLibrary(.\sapcsa.dll) Error 126 [dlnt.c       237]
    [Thr 2188]         Error 126 = "The specified module could not be found."
    [Thr 2188] *** ERROR => HttpAuthHandlerInit: url: / -> failed -> content filter deactivated [http_auth.c  300]
    [Thr 2188] HttpSubHandlerAdd: Added handler HttpAuthHandler(slot=1, flags=12293) for /:0
    [Thr 2188] HttpSubHandlerAdd: Added handler HttpWebDispHandler(slot=2, flags=28677) for /:0
    [Thr 2188] =================================================
    [Thr 2188] = SSL Initialization  on  PC with Windows NT
    [Thr 2188] =   (700_REL,May 21 2007,mt,ascii,SAP_UC/size_t/void* = 8/64/64)
    [Thr 2188]   SapISSLComposeFilename(): profile param "ssl/ssl_lib" = "U:\secudir\sec\sapcrypto.dll"
               resulting Filename = "U:\secudir\sec\sapcrypto.dll"
    [Thr 2188]   SapISSLComposeFilename(): profile param "ssl/server_pse" = "U:\secudir\sec\SAPSSL.pse"
               resulting Filename = "U:\secudir\sec\SAPSSL.pse"
    [Thr 2188] =   found SAPCRYPTOLIB  5.5.5C pl24  (Jun 11 2008) MT-safe
    [Thr 2188] =   current UserID: PSAHRMSWD\Administrator
    [Thr 2188] =   found SECUDIR environment variable
    [Thr 2188] =   using SECUDIR=U:\secudir\sec
    [Thr 2188] *** ERROR =>   secudessl_Create_SSL_CTX():  PSE "U:\secudir\sec\SAPSSL.pse" not found! [ssslsecu.c   1296]
    [Thr 2188] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
      secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
    [Thr 2188] >> -
    Begin of Secude-SSL Errorstack -
    >>
    [Thr 2188] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "U:\secudir\sec\SAPSSL.pse"
    ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "U:\secudir\sec\SAPSSL.pse"
    ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "U:\secudir\sec\SAPSSL.pse"
    ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "U:\secudir\sec\SAPSSL.pse"
    ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "U:\secudir\sec\SAPSSL.pse"
    [Thr 2188] << -
    End of Secude-SSL Errorstack -
    [Thr 2188] *** ERROR => Initialization of SSL library failed -- NO SSL available!
    [Thr 2188] =================================================
    [Thr 2188] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
    [Thr 2188] *** ERROR => IcmAddService: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv.c   319]
    [Thr 2800] IcmCreateWorkerThreads: created worker thread 0
    [Thr 2800] IcmCreateWorkerThreads: created worker thread 1
    [Thr 2800] IcmCreateWorkerThreads: created worker thread 2
    [Thr 2800] IcmCreateWorkerThreads: created worker thread 3
    [Thr 2800] IcmCreateWorkerThreads: created worker thread 4
    [Thr 2800] IcmCreateWorkerThreads: created worker thread 5
    [Thr 2800] IcmCreateWorkerThreads: created worker thread 6
    [Thr 2800] IcmCreateWorkerThreads: created worker thread 7
    [Thr 2800] IcmCreateWorkerThreads: created worker thread 8
    [Thr 2800] IcmCreateWorkerThreads: created worker thread 9
    [Thr 2832] IcmWatchDogThread: watchdog started

  • Web Server and SSL not Working

    I am having a lot of difficulty with Lion Server.
    I finally managed to get OD and DNS to work.
    My hostname ends with .private.
    When I try to access the web page from within my network I get the following message:
    "Index of /
    Apache/2.2.20 (Unix) mod_ssl/2.2.20 OpenSSL/0.9.8r DAV/2 Server at xxxxxxxxx.private Port 443"
    I have not activated SSL in OD and it is not configured in server.
    When I try to activate SSL for Web Server and try to access the web page, I get the message that it cannot connect to the server.
    Any ideas?

    .Mac email can be set up two different ways on the iPhone. For "Send to Web Gallery" button to appear when clicking on the action button while viewing a photo, you must have your .Mac email set up as IMAP. This is the default setup for a .Mac email account.
    If you take the time to manually set up your .Mac email as POP, then you will not have the "Send to Web Gallery" option and you will be unable to successfully email into your web gallery even if all else is set up correctly.
    To check to see how you have .Mac email set up on your iPhone, go to the Home Screen, tap Settings, tap Mail, tap your .Mac account name, tap Advanced, move down on the page, and make sure you see "IMAP Path Prefix" setting (it can be blank and does not need to be changed). If the "IMAP Path Prefix" is there, then you do indeed have your .Mac email set up as IMAP on your iPhone.
    If you do have it set up as a POP account, you can delete that mail account by selecting the red Delete Account button when viewing your email account as listed in Settings.
    To add your .Mac email account as an IMAP account, from the Home Screen, tap Settings, tap Mail, tap Add Account..., tap .Mac, and fill out the fields with your information, tap Save and it will verify access to your .Mac email account.

  • Web Cache and cookies - need to understand a bit more!

    FROM THE ORACLES DOCS
    If a document contains a cookie, then Oracle Web Cache evaluates the cookie value of the browser request and application Web server response. If the values match and there is a corresponding cacheability rule, then Oracle Web Cache caches the response. Because a session value change does not necessarily indicate a change of state on the application Web servers, session cookie values are not evaluated. For documents that use these cookies, the response is cached, regardless of whether or not the cookie values match.
    OK so does this mean that if I have a site that has a single persistent cookie that say contains the username and the cookie is global over the site i.e. its set for the root "/" then inheritently WebCache cannot cache any page on this site even if the cacheability rule make no mention of cookies as the request and response cookie will be different ie user "bill" goes for first page and WC caches it then user "larry" asks for a page and becuase the request cookie is "larry" and the response is "bill" then it wont cache it even though this particular pages content may make no use of the cookie value.
    Also does it mean that if I have a session cookie say for "authenticated" even if I have expressed that the cookie be used to cache different version of the page its no use WebCache will ignore it and simply cache one version for all even though this particular page maybe be different for authenticated and non authenticated users.
    Sorry but its not clear just how WC works with cookies.
    Thanks for any assistance
    Rob

    I asked one of the developers about this and here is the
    response:
    "I think he was not clear on 2 points:
    1) we do not store any "Set-Cookie" header from the response.
    all such headers are stripped when the document is inserted;
    2) cookie comparison is only performed when we receive a response
    from the os. On cache hits, no such comparison happens -- we
    don't have anything to compare against as the cached documents
    never contain any Set-Cookie headers
    So in his example, after the response to Bill's request gets
    cached (it's cached only when the non-session cookies in his
    request and response match), Larry's request for the same URL
    will get the cached document WITHOUT the "Set-Cookie" header. So
    Larry gets a cache hit and his cookie will not get overwritten by
    Bill's.
    Now in 9.0 (the upcoming release), the cookie value comparison
    only happens for multiversion cookies. So we are relaxing a bit
    in that sense and will cache more documents than before.
    As for his second part of the question (the authentication cookie
    part), I'm not sure what exactly is the application behavior. Do
    only authenticated users have the session cookie? If that's the
    case, then, he can define a session caching rule to say "cache
    with session, and cache without session, and the 2 versions are
    different" (3 YES' on the 3 session definition questions). Then
    we'll cache a version for the authenticated users (with session)
    regardless of the session value, and another version for the
    non-authenticated users(without session).
    If, however, both authenticated and non-authenticated users have
    the same session cookies with different values, and all
    authenticated users map to one version of the doc and all
    non-authenticated users map to another, then Web Cache can't
    currently handle this. This is basically a multiversion cookie
    rule, with some grouping of cookie values, which we don't support
    yet."

  • SA540 and SSL certificate from DigiCert

    Has anyone succeeded in installing a SSL certificate from DigiCert on a SA540 router?
    The SSL certifcate is a wildcard variant (*.example.com).

    Hello Mr. ivar,
    In order to get a new SSL certificate please follow the next instructions:
    STEP 1 : Click Administration > Authentication.
    The Authentication (Certificates) window opens.
    STEP 2 For each type of certificate, perform the following actions, as needed:
    • To add a certificate, click Upload. You can upload the certificate from the PC or the USB device. Click Browse, find and select the certificate, and then
    click Upload.
    • To delete a certificate, check the box to select the certificate, and then click
    Delete.
    • To download the router’s certificate (.pem file), click the Download button under the Download Settings area.
    STEP 3 To request a certificate from the CA, click Generate CSR.
    The Generate Certification Signing Request window opens.
    a. Enter the distinguished name information in the Generate Self Certificate
    Request fields.
    • Name: Unique name used to identify a certificate.
    • Subject: Name of the certificate holder (owner). The subject field populates the CN (Common Name) entry of the generated certificate and can contain these fields:
    - CN=Common Name
    - O=Organization
    - OU=Organizational unit
    - L= Locality
    - ST= State
    - C=Country
    For example: CN=router1, OU=my_dept, O=my_company, L=SFO, C=US
    Whatever  name you choose will appear in the subject line of the generated CSR.  To include more than one subject field, enter each subject separated by a  comma. For example: CN=hostname.domain.com, ST=CA, C=USA
    • Hash Algorithm: Algorithm used by the certificate. Choose between MD5 and SHA-1
    •Signature Algorithm: Algorithm (RSA) used to sign the certificate.
    • Signature Key Length: Length of the signature, either 512 or 1024.
    • (Optional) IP Address, Domain Name, and Email Address
    b. Click Generate.
    A  new certificate request is created and added to the Certification  Signing Request (CSR) table. To view the request, click the View button  next to the certificate you just created.
    Or you could check it on the next link. please check page 191
    http://www.cisco.com/en/US/docs/security/multi_function_security/multi_function_security_appliance/sa_500/administration/guide/SA500_AG_OL1911404.pdf
    If this answer was satisfactory for you, please mark the question as Answered.
    Diego Rodriguez
    Cisco network engineer
    Thank you

  • Oracle Web Cache and OBIEE 11g

    Anyone using Oracle Web Cache with OBIEE 11g?
    Can I get an insight into whether this solution is beneficial? Or I shouldn't even bother.

    No iam not using oracle web cache
    Can I get an insight into whether this solution is beneficial? Or I shouldn't even bother.I dont have idea about it,but i think its not beneficial ,anyways there is OBIEE cache that is more than sufficient.
    hope answered your question.
    Cheers,
    KK

Maybe you are looking for

  • How to export data from MS Project 2010 to MS Excel 2010 with formatting

    I have created a Project 2010 export map to Excel 2010.  It works fine.  I have two questions that I cannot determine an answer.  I'm not sure if its a project or excel setting.  I have spend hours trying to make it work with little success. 1.  When

  • Account detrmination BSX

    Hi I'm getting this error in MIGo "Account determination for entry COA BSX ____ ___ 7900not possible. For BSX - val mod , val class(7900) and Gl account has been maintained. Thank you

  • Help needed regarding iMac G3 model..

    I need scripts of following modem: V90 V92 Can anyone please help me on this..??

  • HP 8530w - SSD not detected

    Hello, Recently I managed to get an SSD from work, namely the A-Data S596 (500 SERIES). When putting it into my HP Elitebook 8530w, the disk was not detected. I have already upgraded the BIOS to the newest version. The SSD's firmware has also recentl

  • Moving Large Safari Bookmarks Folder

    Anyone else with this problem. Using Safari on Mavericks. Trying to use Safari > Bookmarks > Edit Bookmarks to move a large folder to new location in my Bookmarks Menu folder. I don't have a problem moving smallish folders. But, when I try to move th