Webservice with SSL Certificate givivg error

Similar Messages

• Getting error "Problem with SSL Certificate" but I'm connecting to my private server without SSL

  I wanted to create a PDF from a subtree at a website. The first problem was that Acrobat Pro (11.0.7) wouldn't spider it (probably because there was a robot.txt file there) so I had to use SiteSucker to pull the pages down to my Mac.
  Then I discovered that Acrobat Pro can't handle file:/// URLs so that was no good either
  So then I copied all the pages to a folder on my Linux server where I use a non-standard port (86) for http connection as a minor security precaution.
  When I tried to access that from Acrobat Pro, it bitched about a problem with SSL Certificate but gave me no option to do anything about it. More relevantly, all the files were accessible using http protocol, not https so there shouldn't have been any need to deal with SSL certificates at all
  I had to temporarily enable port 80 on my apache server at which point it's now pulling all the files in and hopefully converting them.
  A) We're at version 11 ---- these kinds of issues should have been fixed years ago
  B) While you're at it, fix the stupid UI issue where the download dialog disappears completely if Acrobat Pro doesn't have the focus. On a long download, I'd like to be able to see progress while working on other stuff. Acrobat Pro is not the center of the universe!

  Interesting point 2, I am working on a Mac plugin at the moment. It does not hide its dialogs when switching to a different app. I consider this a bug and will fix it so the dialog disappears. I hadn't considered the question of progress but there is a very strong reason to do this on the Mac.
  My tests seem to show that
  (a) to get a dialog to sit above PDF documents all the time, it must be on a higher "level".
  (b) if a dialog is at a higher level, this is a global setting.
  So, if the dialog is not hidden when switching all, it will typically sit on top of the other app's document windows. This would not be popular, as the end user, unless they have mountains of screen space and choose to use it that way, must either close or move the dialog when switching app, then bring the dialog back.  So, because Acrobat Pro is not the centre of the universe, it will hide dialogs (or rather, the Mac will, as it's a standard option when creating a window).

• Importing external web service with SSL certificate security

  Hello,
  I'm trying to import an external web service (that resides in another server, independent of ours). However, right after I enter the WSDL in the import window I get the following error in the NWDS:
  sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target      [Error: com.sap.ide.es.core.ui.internal.wizards.fragments  Thread[ModalContext,6,main]]
  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649)
            at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
            at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
            at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
            at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
            at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
            at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
            at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1172)
            at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
            at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.getURLAsStream(UrlValidationRunnable.java:137)
            at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.validate(UrlValidationRunnable.java:75)
            at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.run(UrlValidationRunnable.java:55)
            at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
  Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
            at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
            at sun.security.validator.Validator.validate(Validator.java:218)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
            ... 15 more
  Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
            at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
            at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
            ... 21 more
  Has anyone ever consumed an external web service with SSL certificate security? How do you import this in your Web Dynpro project?
  Cheers!

  Hi Alain,
  I just checked on a newer NW environment (NW 7.2) and was presented an empty list as well... It seems the mapping procedure I described is deprecated since NW 7.11, and the modeled CAF application service is already exposed as a web service.
  You may want to have a look at http://help.sap.com/saphelp_nwce711/helpdata/en/43/f173947bbb025be10000000a1553f7/content.htm or http://scn.sap.com/message/7852996 for more info

• Problem to configure Blink Pro (App). Error SSL certificate verification error (PJSIP_TLS_ECERTVERIF) (503)

  Problem to configure Blink Pro (App). Error SSL certificate verification error (PJSIP_TLS_ECERTVERIF) (503)

  Hi, William
  My question is if you can help me and support me to configure the Blink Pro App, I have a Mac Book Air, OS X 10.9.1.
  hope for your answer

• REDUNDANT ACE 20 WITH SSL CERTIFICATE

  Hi
  I have an ACE 20 redundant infrastructure (Active-Standby),and  it´s needed to implement a secure aplication with SSL certificate.
  The question I have is, for this solution is neccesary to generate a digital certificate and key  for each ACE module? and, It´s is possible to use the same certificate and key in both ACE modules?
  Thanks for your help.
  Regards

  Ricardo,
  You can just the same certificates for both devices.
  Jorge

• ICal server won't work with SSL certificate

  I'm running Leopard Server 10.5.7, and have a GoDaddy SSL certificate installed on the server, which is working fine in Apache, but not for iCal server.
  In the Security Certificates section of Server Admin, the certificate shows up properly with the correct hostname, with the correct authority (i.e. not self-signed). I can use the certificate for one of my SSL websites, and it works fine, no browser errors, all works great.
  However, if I use Server Admin to enable SSL for iCal server and then select my GoDaddy certificate from the "Certificate" dropdown, the dropdown immediately changes to "Custom Configuration." So I save changes and stop/start the iCal service.
  Then I took my iCal clients (which were all working fine without SSL), and in 'Server Settings,' I changed the server address to https (instead of http), and port 8443 (instead of port 8008). But then when I refresh the calendars, iCal throws an error saying:
  "Unexpected secure name resolution error (code -9844). The server name may be incorrect."
  When I set everything back to the way it was before I started, all works fine.
  Anyone have any suggestions?

  Your problem seems similar to this thread:
  http://discussions.apple.com/thread.jspa?threadID=1992033&tstart=0
  There is some contradictory anecdotal information there, however. Tis reply in another thread:
  http://discussions.apple.com/message.jspa?messageID=6288712#6288712
  may hold some answers to your problem. There are two very enlightening articles on AFP548.com regarding certificate issues:
  http://www.afp548.com/article.php?story=20080624005724638
  http://www.afp548.com/article.php?story=20071203011158936
  That might also be of assistance. Then there's this little tidbit:
  http://www.networkjack.info/blog/2007/11/30/ssl-cert-with-subject-alternate-name /
  These may-or-may-not solve theproblem but may provide insight as to why it's happening.

• BingMaps not showing with SSL certificate

  I have recently added SSL certificate to the server for the website I am developing.
  I changed my applications to use  https from http.
  <script type="text/javascript" src="https://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=7.0">
  After changing it from http to https, it is showing a blank page in place of map. The error it says is 
  This page is trying to load scripts from unauthenticated sources
  I had to click on the right top corner shield and allow the browser to run unsafe scripts to get the bingmaps to show up.
  Any ideas on how I can resolve it. I am using ASP.NEt, C#, Javascript and jQuery.
  Thanks in advance.
  Nate

  I had to add &s=1 to run the BingMaps in secure mode
  so, we should use following link to run the bing maps with SSL.
  https://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=7.0&s=1
  Thanks
  Nate

• Securing RDS with SSL certificate

  Hi, is it possible to lock down 2008 R2 RDS so that a user can only connect to the server via RDP if they have the appropriate SSL certificate installed on their PC?

  Hi,
  I´m looking for the same, there is no way to accomplish that even today with RDS from W2012 R2???

• SSL Certificates Update Error in ACE 4710

  Hi,
  I am facing a problem while updating the SSL certificates in ACE 4710. Our certificate is expired and we have purchased a new certificate from CA. Moreover the common name of the certificate is also changed.
  I tried importing the certificate to the repository and change the SSL proxy likewise to use the new certificate. but still the new certificate with new CN is not recognised by the clients. they can see the old certificate only. I even tried deleting and creating a new ssl proxy service with the new cert and attaching it to policy map.
  but still the new certificate is not used even after a reboot,
  Attaching screenshots and running config. Any help will be appreciated.
  BR//Rajiv

  Ravi,
        Here are the procedures for updating your certificate on the ACE. 
  1) Create New RSA Key
  2) Create CSR
  3) Send CSR to CA authority for a new certificate
  4) Import Certificate into the ACE
  5) Change the ssl-proxy to use the new Certificate and Key
  6) Remove the SSL-Proxy from the policy map and reapply
  Now if you created the CSR on a different box, you will need to import both the RSA key are the certificate.  Another thing you should be aware of is a possible change in the Root and intermediate certicates that are used by the CA.  In your configuration, you have
  crypto chaingroup iotms-chain-gr-1
    cert inter-root-new
  Is the the correct certificates for your cert?  If so, it seems odd that there is only on certificate in the Chaingroup.  Most CAs use an intermediate and and a root certificate. 
  Verify that you have the correct chaingroup (with the correct root and intermediate certificates). 

• What's the difference with SSL Certificates?

  Hi,
  I need to get an SSL Certificate for my client's online
  store. There are so
  many choices out there ranging from stupidly expensive, down
  to suspiciously
  cheap.
  Can anyone help me sort through the mob and recommend
  something that is
  trustworthy, secure and cheap.
  I'm happy to buy globally, but I'd prefer either a true
  multi-national, or
  an Australian company.
  Thanks,
  B

  Which certificate you choose depends on your intended use for
  the cert. The cheap ones (US $20/year and up) simply assure that
  you control the domain in question. The certificate agency sends an
  email to the administrative contact specified in the domain's Whois
  listing. If they get the appropriate response, the certificate is
  issued. If all you are out to do is establish SSL connections to a
  web site to prevent eavesdropping, this type of certificate is
  fine. There is no difference in the level of security between these
  certificates and fancier offerings as long as both the cert and
  your web server support 256 bit encryption. You can also get a
  certificate that is valid for up to 10 years, so you won't have to
  worry about SSL for a long time. The cheap certificates are not
  recommended for online commerce, as there is no assurance you are
  an actual company. If you go this route, getting a certificate from
  an outfit that supports single root verification greatly eases
  installation on your server. (Translation from geek: A single root
  certificate is inherently trusted by all major browsers. Companies
  such as RapidSSL (cheap), Geotrust and Thawte (not so cheap), and
  Verisign (expensive) all own their root certificates. Many other
  certificate agencies require installing a chain of certificates on
  your server that point back to the trusted root certificate. Use
  Firefox to test your SSL site, as it has the most comprehensive
  certificate validation routines.)
  The next step up are the high assurance certificates. These
  require you to prove that you own or represent the company whose
  domain you are getting a certificate for. The price for these
  certificates ranges from US$100/year to ~$400. The certificate
  company will perform a search on your business or organization, and
  you may be required to submit supporting documentation to prove you
  are who you claim to be. The more expensive flavors of these certs
  usually offer larger guarantees against credit card fraud resulting
  from certificate misuse. These certificates are valid for up to 3
  years.
  Finally, there are the new extended validation certificates.
  These require an in-depth evaluation of your business, including an
  investigation into the overall legitimacy of your corporation.
  Government agencies also qualify. Sole proprietorships and and
  general partnerships are not eligible, although the CA/B says they
  may be in the future. Get one of these and IE users can see the
  navigation bar turn a trustworthy green color. There is also a
  large amount of green involved in purchasing one of these
  certificates, ranging from US$500/year from the cheapie outfits to
  $900/year from Thawte to $1500 per year from Verisign.
  No matter which option you pursue, there are a couple of
  points to be aware of. First, choose a vendor that offers free
  certificate replacement. This protects you in case a change in
  hosting provider or web server invalidates your existing
  certificate. Also, a normal certificate is very specific in terms
  of which domain it supports. For example, a certificate for
  www.domain.com does not work for mail.domain.com, ftp.domain.com,
  or even domain.com. If this is important to you, you can either
  purchase multiple certificates or a wildcard certificate that
  supports any number of subdomains. Wildcard cert prices are
  typically 4-5x higher than for a single cert. Finally, many cert
  companies offer verification seals that you can add to your SSL web
  pages. These allow your clients to click or hover over the seal to
  get a quick verification that your site certificate comes from a
  recognizable brand. Useful, perhaps, if you want to brag that "I
  care enough to purchase certs from Thawte, Network Solutions,
  Geotrust, et. al." or "I'm a penny-pincher and use GoDaddy!"

• Can't get mail to work with SSL certificates

  I'm setting up a 10.5.3 mail server and wanted to enable SSL for SMTP and IMAP.
  It all works fine if I use the Default certificate that the server generates automatically. But if I want to generate a new certificate with a pass phrase it stops working.
  You start seeing errors like the in the system log:
  May 30 18:29:19 megalon postfix/smtpd[1143]: warning: cannot get private key from file /etc/certificates/myserver.mydomain.com.key
  May 30 18:29:19 megalon postfix/smtpd[1143]: warning: TLS library problem: 1143:error:0906406D:PEM routines:DEF_CALLBACK:problems getting password:pem_lib.c:105:
  May 30 18:29:19 megalon postfix/smtpd[1143]: warning: TLS library problem: 1143:error:0906A068:PEM routines:PEMdoheader:bad password read:pem_lib.c:401:
  May 30 18:29:19 megalon postfix/smtpd[1143]: warning: TLS library problem: 1143:error:140B0009:SSL routines:SSLCTX_use_PrivateKeyfile:PEM lib:ssl_rsa.c:709:
  May 30 18:29:19 megalon postfix/smtpd[1147]: warning: cannot get private key from file /etc/certificates/myserver.mydomain.com.key
  May 30 18:29:19 megalon postfix/smtpd[1147]: warning: TLS library problem: 1147:error:0906406D:PEM routines:DEF_CALLBACK:problems getting password:pem_lib.c:105:
  May 30 18:29:19 megalon postfix/smtpd[1147]: warning: TLS library problem: 1147:error:0906A068:PEM routines:PEMdoheader:bad password read:pem_lib.c:401:
  May 30 18:29:19 megalon postfix/smtpd[1147]: warning: TLS library problem: 1147:error:140B0009:SSL routines:SSLCTX_use_PrivateKeyfile:PEM lib:ssl_rsa.c:709:
  Anyone know how to fix this?

  I still think there's something wrong with Server Admin in 10.5 that's stopping this from working.
  I've checked the certificate I'm using on my 10.4.11 mail server and it's key file is encrypted but SMTP mail works fine over SSL. I imported the certificate using Server Admin, I didn't edit the config file manually.
  How would the system be decrypting the key before postfix uses it in 10.4? Any why doesn't this work in 10.5?

• WebServices over SSL - 403 Forbidden error

  Hello all,
  I am able to successfully communicate with a SSL enabled .NET webservice using apache-axis in my java code. however, when i
  try the same with weblogic based libs [%bea_home%\server\lib\webserviceclient+ssl.jar] - assume the other jars are ok, i get
  the following exception stack trace:
  Disabling strict checking on adapter weblogic.webservice.client.WLSSLAdapter@55a338
  Set TrustManager to weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@fdb00d
  Set HostnameVerifier to weblogic.webservice.client.WLSSLAdapter$NullVerifier@131303f
  Disabling strict checking on adapter weblogic.webservice.client.WLSSLAdapter@6b9c84
  Set TrustManager to weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@e1eea8
  Set HostnameVerifier to weblogic.webservice.client.WLSSLAdapter$NullVerifier@131303f
  Got new socketfactory javax.net.ssl.impl.SSLSocketFactoryImpl@18f51f
  Connecting to:www.abc.com port:443
  socket:Socket[addr=www.abc.com/12.345.67.89,port=443,localport=4802]com.certicom.tls.interfaceimpl.TLSConnectionImpl@e35bb7
  Warning: cert chain incomplete
  Warning: cert chain untrusted
  Warning: subject (www.abc.com, OU=Terms of use at www.verisign.com/rpa (c)00, OU=ABC 1, O=ABC inc, L=abc, ST=abc, C=abc) does
  not match server name (null)
  <Jul 27, 2004 10:52:49 AM GMT+05:30> <Info> <WebService> <BEA-220025> <Handler weblogic.webservice.core.handler.ClientHandler
  threw an exception from its handleResponse method. The exception was:
  javax.xml.rpc.JAXRPCException: weblogic.webservice.util.AccessException: The server at
  https://www.abc.com/abcdef/ABCWebService.asmx?WSDL returned a 403 error code (Forbidden). Please ensure that your URL is
  correct and that the correct protocol is in use..>
  A RemoteException has been thrown
  java.rmi.RemoteException: SOAP Fault:javax.xml.rpc.soap.SOAPFaultException: The server at
  https://www.abc.com/abcdef/ABCWebService.asmx?WSDL returned a 403 error code (Forbidden). Please ensure that your URL is
  correct and that the correct protocol is in use.
  Detail:
  <detail>
  <bea_fault:stacktrace xmlns:bea_fault="http://www.bea.com/servers/wls70/webservice/fault/1.0.0">
  </bea_fault:stacktrace>weblogic.webservice.util.AccessException: The server at
  https://www.abc.com/abcdef/ABCWebService.asmx?WSDL returned a 403 error code (Forbidden). Please ensure that your URL is
  correct and that the correct protocol is in use.
       at weblogic.webservice.binding.soap.HttpClientBinding.handleErrorResponse(HttpClientBinding.java:371)
       at weblogic.webservice.binding.soap.HttpClientBinding.receive(HttpClientBinding.java:233)
       at weblogic.webservice.core.handler.ClientHandler.handleResponse(ClientHandler.java:63)
       at weblogic.webservice.core.HandlerChainImpl.handleResponse(HandlerChainImpl.java:230)
       at weblogic.webservice.core.ClientDispatcher.receive(ClientDispatcher.java:229)
       at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:144)
       at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:444)
       at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:430)
       at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:270)
       at com.webservice.abc.client.proxy.ABCWebserviceSoap_Stub.getABC(ABCWebserviceSoap_Stub.java:113)
       at com.webservice.abc.client.ABC_WS_Client.main(ABC_WS_Client.java:158)
  </detail>; nested exception is:
       javax.xml.rpc.soap.SOAPFaultException: The server at https://www.abc.com/abcdef/ABCWebService.asmx?WSDL returned a
  403 error code (Forbidden). Please ensure that your URL is correct and that the correct protocol is in use.
       at com.webservice.abc.client.proxy.ABCWebserviceSoap_Stub.getABC(ABCWebserviceSoap_Stub.java:118)
       at com.webservice.abc.client.ABC_WS_Client.main(ABC_WS_Client.java:158)
  Caused by: javax.xml.rpc.soap.SOAPFaultException: The server at https://www.abc.com/abcdef/ABCWebService.asmx?WSDL returned a
  403 error code (Forbidden). Please ensure that your URL is correct and that the correct protocol is in use.
       at weblogic.webservice.core.ClientDispatcher.receive(ClientDispatcher.java:285)
       at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:144)
       at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:444)
       at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:430)END
       at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:270)
       at com.webservice.abc.client.proxy.ABCWebserviceSoap_Stub.getABC(ABCWebserviceSoap_Stub.java:113)
       ... 1 more

  Hi All,
  I am new to webservice programming. I am trying to consume webservice over https. I am using weblogic 8.1 sp2. I am getting http 403 forbidden error. from the log it seems that ssl handshaking is completing.
  Algorithm: [MD2withRSA]
  Signature:
  0000: BB 4C 12 2B CF 2C 26 00 4F 14 13 DD A6 FB FC 0A .L.+.,&.O.......
  0010: 11 84 8C F3 28 1C 67 92 2F 7C B6 C5 FA DF F0 E8 ....(.g./.......
  0020: 95 BC 1D 8F 6C 2C A8 51 CC 73 D8 A4 C0 53 F0 4E ....l,.Q.s...S.N
  0030: D6 26 C0 76 01 57 81 92 5E 21 F1 D1 B1 FF E7 D0 .&.v.W..^!......
  0040: 21 58 CD 69 17 E3 44 1C 9C 19 44 39 89 5C DC 9C !X.i..D...D9.\..
  0050: 00 0F 56 8D 02 99 ED A2 90 45 4C E4 BB 10 A4 3D ..V......EL....=
  0060: F0 32 03 0E F1 CE F8 E8 C9 51 8C E6 62 9F E6 9F .2.......Q..b...
  0070: C0 7D B7 72 9C C9 36 3A 6B 9F 4E A8 FF 64 0D 64 ...r..6:k.N..d.d
  ]>
  <Jan 30, 2006 11:39:29 AM GMT+05:30> <Debug> <TLS> <000000> <SSLTrustValidator r
  eturns: 0>
  <Jan 30, 2006 11:39:29 AM GMT+05:30> <Debug> <TLS> <000000> <Trust status (0): N
  ONE>
  <Jan 30, 2006 11:39:29 AM GMT+05:30> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: S
  erverHelloDone>
  <Jan 30, 2006 11:39:29 AM GMT+05:30> <Debug> <TLS> <000000> <write HANDSHAKE off
  set = 0 length = 134>
  <Jan 30, 2006 11:39:29 AM GMT+05:30> <Debug> <TLS> <000000> <write CHANGE_CIPHER
  _SPEC offset = 0 length = 1>
  <Jan 30, 2006 11:39:29 AM GMT+05:30> <Debug> <TLS> <000000> <write HANDSHAKE off
  set = 0 length = 16>
  <Jan 30, 2006 11:39:29 AM GMT+05:30> <Debug> <TLS> <000000> <SSLFilter.isActivat
  ed: false>
  <Jan 30, 2006 11:39:29 AM GMT+05:30> <Debug> <TLS> <000000> <isMuxerActivated: f
  alse>
  <Jan 30, 2006 11:39:29 AM GMT+05:30> <Debug> <TLS> <000000> <SSLFilter.isActivat
  ed: false>
  <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 readRecord(
  )>
  <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 SSL3/TLS MA
  C>
  <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 received CH
  ANGE_CIPHER_SPEC>
  <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <SSLFilter.isActivat
  ed: false>
  <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <isMuxerActivated: f
  alse>
  <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <SSLFilter.isActivat
  ed: false>
  <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 readRecord(
  )>
  <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 SSL3/TLS MA
  C>
  <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 received HA
  NDSHAKE>
  <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: F
  inished>
  <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <write APPLICATION_D
  ATA offset = 0 length = 304>
  <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <write APPLICATION_D
  ATA offset = 0 length = 558>
  <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 read( offse
  t: 0 length: 2048 )>
  <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <SSLFilter.isActivat
  ed: false>
  <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <isMuxerActivated: f
  alse>
  <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <SSLFilter.isActivat
  ed: false>
  <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 readRecord(
  )>
  <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 SSL3/TLS MA
  C>
  <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 received AP
  PLICATION_DATA>
  <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 APPDATA dat
  abufferLen 0>
  <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 APPDATA con
  tentLength 1907>
  <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 read databu
  fferLen 1907>
  <Jan 30, 2006 11:39:30 AM GMT+05:30> <Debug> <TLS> <000000> <5564590 read A retu
  rns 1907>
  javax.xml.soap.SOAPException: Failed to send message: weblogic.webservice.util.A
  ccessException: The server at https://www.3pv.net/3PVWebServices/3PVWebServices.
  asmx?wsdl returned a 403 error code (Forbidden). Please ensure that your URL is
  correct and that the correct protocol is in use.
  at weblogic.webservice.core.soap.SOAPConnectionImpl.call(SOAPConnectionI
  mpl.java:61)
  at com.ceon.pencor.threepv.ThreePVUtils.sendOrderRequest(ThreePVUtils.ja
  va:350)
  at com.ceon.pencor.threepv.ThreePVAdapterImpl.sendThreePVRequest(ThreePV
  AdapterImpl.java:119)
  at com.ceon.pencor.threepv.ThreePVAdapterImpl_ydsnbq_EOImpl.sendThreePVR
  equest(ThreePVAdapterImpl_ydsnbq_EOImpl.java:46)
  at com.ceon.pencor.threepv.ThreePVAdapterImpl_ydsnbq_EOImpl_WLSkel.invok
  e(Unknown Source)
  at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:477)
  at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
  ef.java:108)
  at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:420)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
  dSubject.java:353)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
  144)
  at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
  a:415)
  at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
  .java:30)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
  Caused by: weblogic.webservice.util.AccessException: The server at https://www.3
  pv.net/3PVWebServices/3PVWebServices.asmx?wsdl returned a 403 error code (Forbid
  den). Please ensure that your URL is correct and that the correct protocol is i
  n use.
  at weblogic.webservice.binding.http11.Http11ClientBinding.handleErrorRes
  ponse(Http11ClientBinding.java:136)
  at weblogic.webservice.binding.http11.Http11ClientBinding.receive(Http11
  ClientBinding.java:220)
  at weblogic.webservice.core.soap.SOAPConnectionImpl.call(SOAPConnectionI
  mpl.java:57)
  ... 13 more
  javax.xml.soap.SOAPException: Failed to send message: weblogic.webservice.util.A
  ccessException: The server at https://www.3pv.net/3PVWebServices/3PVWebServices.
  asmx?wsdl returned a 403 error code (Forbidden). Please ensure that your URL is
  correct and that the correct protocol is in use.
  at weblogic.webservice.core.soap.SOAPConnectionImpl.call(SOAPConnectionI
  mpl.java:61)
  at com.ceon.pencor.threepv.ThreePVUtils.sendOrderRequest(ThreePVUtils.ja
  va:350)
  at com.ceon.pencor.threepv.ThreePVAdapterImpl.sendThreePVRequest(ThreePV
  AdapterImpl.java:119)
  at com.ceon.pencor.threepv.ThreePVAdapterImpl_ydsnbq_EOImpl.sendThreePVR
  equest(ThreePVAdapterImpl_ydsnbq_EOImpl.java:46)
  at com.ceon.pencor.threepv.ThreePVAdapterImpl_ydsnbq_EOImpl_WLSkel.invok
  e(Unknown Source)
  at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:477)
  at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
  ef.java:108)
  at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:420)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
  dSubject.java:353)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
  144)
  at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
  a:415)
  at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
  .java:30)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
  Caused by: weblogic.webservice.util.AccessException: The server at https://www.3
  pv.net/3PVWebServices/3PVWebServices.asmx?wsdl returned a 403 error code (Forbid
  den). Please ensure that your URL is correct and that the correct protocol is i
  n use.
  at weblogic.webservice.binding.http11.Http11ClientBinding.handleErrorRes
  ponse(Http11ClientBinding.java:136)
  at weblogic.webservice.binding.http11.Http11ClientBinding.receive(Http11
  ClientBinding.java:220)
  at weblogic.webservice.core.soap.SOAPConnectionImpl.call(SOAPConnectionI
  mpl.java:57)
  ... 13 more
  ERROR : Exception is occurred during connecting url:https://www.3pv.net/3PVWebS
  ervices/3PVWebServices.asmx?wsdl
  Please help...
  Cordially
  Sandip

• Problem with ssl certificate

  Hello everyone!
  I have a scenario wherein I am trying to connect SRM to a marketsite through XI.
  SRM (Purchase Order) --->  XI (marketplace adapter) ---> Marketsite
  The URL of the marketsite is of the type HTTPS so I am using certificate logon as the method for authentication.
  Please tell me whether this is the right thing to do:
  1. Create a self-signed certificate in the "Key Storage" of the visual administrator.
  2. Export the certificate and have it installed in the marketsite.
  3. Configure the marketplace com. channel in the integration directory to use the private key I used to generate the certificate I sent to the marketsite.
  Having done that, I am get a "server rejected by chain verifier" error in the message monitoring tool.
  Here are some other questions:
  1. Should I create a new View for the certificate and private key, or should I create the certificate in the existing "service_ssl" and rename the new certificate "ssl-credentials-cert" and the private key "ssl_credentials"
  2. Will a self-signed certificate work or do I need to get it signed by a CA before importing the response.
  3. If a self-signed certificate will work, do I need to add another certificate in the "TrustedCAs" view?
  4. If I should import a certificate response from a CA, where can I get the certificate of the CA?
  I know these are a lot of questions, but I'd really appreciate all the help I can get from you guys. Please avoid posting links to other threads as I have pretty much read all of them..
  Warm regards,
  Glenn

  Hi Glenn,
  Let me explain the scenario without client certificate Logon (User and password) first .
  When you want to communicate with marketsite in secure manner, get the certificate of the CA (Certifying Authority) who has signed market site Cert. and add it to Trusted CAs view in Visual Admin of XI. Sometimes it may be a CA certificate chain.
  If that certificate is self-signed, add the market site certificate itself in to Trusted CAS of Vis.Admin of XI.
  Certificate Logon:
  This is for ur (XI servers) Identity to Marketsite.
  In Visual Admin KeyStorage create a view or in any of existing views create a Private Key and Public key (Certificate) pair representing XI Server (CN should be hostname of XI server). Get the public Key signed by CA and import the Certificate in Visual Admin.
  Now in Configuration select view and the Private Key just created for XI's Identity.
  PS: There may be some steps in Marketsite too in case of Certificate logon like Adding XI certificate to something like Trusted CAS of Marketsite.You can get better picture from guys administrating the Marketsite..
  Try these options and post the results in forum.
  Good Luck.
  Regards,
  Sudharshan N A

• [solved] dovecot errors after renewing SSL certificate

  System:
  OS X Server (Mountain Lion) 2.2
  Using a single SSL Certificate for all services.
  Symptom:
  Users can't log into their IMAP accounts hosted on OS X Server (Mountain Lion) after renewing SSL Certificate
  Diagnostics:
  Give you an indication whether it's this problem. Some or all may apply:
  Log shows all kinds of dovecot errors. e.g.
  dovecotd[nnn]: master: Error: service(config): command startup failed, throttling
  config: Fatal: Error in configuration file /Library/Server/Mail/Config/dovecot/dovecot.conf: ssl enabled, but ssl_cert not set
  dovecotd[nnn]: master: Error: service(config): command startup failed, throttling
  /Library/Server/Mail/Config/dovecot/conf.d/10-ssl.conf shows commented out lines:
  ssl_cert
  ssl_key
  ssl_ca
  Solution:
  Go to the Certificates pane of the Server App  and choose Secure Services Using: Custom
  Set IMAP and POP server certificates to to None
  Keep an eye on what the server App is doing to /Library/Server/Mail/Config/dovecot/conf.d/10-ssl.conf
  Now set Secure Services Using: <My single SSL Certificate for all services>
  Keep an eye on what the server App is doing to /Library/Server/Mail/Config/dovecot/conf.d/10-ssl.conf and you should now see all the ssl* settings as you would expect, and pointing to the correct SSL certificate  in /etc/certificates
  Hope this works for you too!

  I had something similar happen. When I do anything with SSL certificates it deletes any regular websites. Only the sites that are setup for https are listed.
  Couldn't understand why my website wasn't working and it turned out that the system had deleted it. The web server had multiple host set and I had to rebuild all the ones that had used port 80. All the ones that use 443 were fine.
  Hope this helps.

• NAC SSL certificate Issue

  I recently applied a signed certificate to both the CAM and CAS. ever since then I have been having problems with the system. In the perfigo logs on the CAM I receive a lot of messages with "Certificate chaining error" in them. My question is what is the best way to roll back the signed certificates to the self signed ones? Any other suggestions would be greatly appreciated.
  Thanks in advance.

  Hi Giles,
  Thanks for te update. The problem I am facing is:-I have 2 SSL certificates on my ACE and I have also configured 2 server farms (farm1 and farm2)each associated with ssl certificate, now the problem i am facing is when we access the farm2 serverfarm we are issued the certificate of farm1 wereas i need to be getting the certificate from the farm2.
  Thanks in advance.
  Regards
  Sum