What Services use SSL? -What have I missed?

All,
We have implemented QualysGuard Enterprise Suite here and two of my servers keep popping up with an SSL vulnerability.
The "Solution" section of the report says "Disable support for anonymous authentication."
The only service running on either machine is AFP. In the "Access" tab of the "Settings" for AFP on both servers, I have unchecked "Enable Guest access" and "Enable administrator to masquerade as any registered user" though I doubt either of those selections have anything to do with SSL...
Since SSL is often used in remote control schemas, I've also set "Remote Login" and "Remote Management" to allow access for only Administrators but again I see no settings specifically for SSL.
Finally, I have set the root certificates for these servers to "Always Trust." (Previously the certificates reported "This root certificate is not trusted")
Can you think of anything I've missed with regards to SSL authentication?
Thanks!
-Brian

Short answer: Contact the vendor.  Ask them what this means, and what the risk is.
There's one previous similar report.  
As the most likely path to resolution, contact the vendor for this QualysGuard product and ask for assistance in determining the trigger for and their opinion of the risk and suggestion(s) for resolving this.  (The diagnostic is similar to a common phrase over in Windows Server configurations, so I'm wondering if the system might have misidentified the OS X Server systems.)  QualysGuard support likely knows the tool the best, after all. 
Failing resolution of that support request to QualysGuard, I'd suppress this diagnostic, ignore it, or potentially remove the tool.
Background: SSL is a fundamental security protocol, and very commonly used on the Internet.  SSL is a very common approach used to secure TCP connections against monitoring, spoofing and various other attacks.  While there are various attacks against SSL and fundamental questions around the security of the certificate chain of trust, SSL is still the best available choice.
I am generally somewhat skeptical around products with "enterprise" or "suite" in the name, and of tools that "monitor", "tune", "optimize" or "secure" systems.   Some of these tools can be good and useful.  Many of these tools can generate spurious messages or odd misbehaviors or bugs; errors on one system or one configuration that might not be applicable to the current case being detected and reported; a "false positive".  Other tools spend substantial time and effort tossing blizzards of inconsequential messages into logs and dialog boxes, seemingly in an effort to prove their worth, sometimes causing stability problems, or just getting in the way. 
Put another way, I prefer to be skeptical around all of these sorts of tools.

Similar Messages

  • 2 apps I have purchased show loading on iphone but when I snc with itunes it shows them installed every time I turn phone on it says connect to itunes or wifi to install What have I missed

    2 Apps I have purchased just show on my iphone as loading yet when I sync phon with itunes it shows them as completely loaded every time I turn my phone on it tells me yo connect to itunes or WiFi to download these 2 What have I missed ?

    Hello errod2014,
    It sounds like you are unable to see your phone in iTunes after the computer turned off unexpectedly during an iOS update. I recommend resetting the phone first, and then attempting to restore with iTunes again.
    To reset, press and hold both the Sleep/Wake and Home buttons for at least 10 seconds, until you see the Apple logo.
    From: Turn your iOS device off and on (restart) and reset
              http://support.apple.com/kb/ht1430
    If you are still unable to see your phone in iTunes,  follow these steps for Mac or these for Windows.
    Thank you for using Apple Support Communities.
    Take care,
    Sterling

  • HT201407 I backed up my phone before it was replaced.  My apps have disappeared altogether, and my music is there but it indicates that I need to download (not pay for) each track again.  What have I missed?

    I backed up my phone before it was replaced.  My apps have disappeared altogether, and my music is there but it indicates that I need to download (not pay for) each track again. It's only small stuff, but my ringtones and photos and background etc have all gone, too.  What have I missed?

    How to BackUp  >  http://support.apple.com/kb/ht1766
    What gets Backed Up
    iTunes http://support.apple.com/kb/ht4946
    iCloud http://support.apple.com/kb/PH2584
    Restore from Backup  >  http://support.apple.com/kb/ht1766

  • Web Service using SSL

    Using Coldfusion 8, I am trying to connect to a .NET web
    service that is secure with SSL v3.
    I have added their cert to my CF keystore but still getting
    the same error.
    I am able to connect to the webservice, but not execute any
    methods.
    I can access the webservice and run the method when not using
    SSL.
    But with SSL I am getting this error:
    The fault returned when invoking the web service operation
    is:
    AxisFault
    faultCode: {
    http://schemas.xmlsoap.org/soap/envelope/}Server.userException
    faultSubcode:
    faultString: java.net.ConnectException: Connection timed
    out: connect
    Any help greatly appreciated!!

    I made some progress, perhaps! When the browse the webservice
    from our server using IE, I see this error come up...
    Revocation Information for the security certificate is not
    available. Do you want to proceed.
    This appears on the server and not my PC because the security
    settings of the browser on the server are less forgiving. But it
    leads me to suspect that my timeout error being caused by my
    webservice not being able to respond to this question with a Yes or
    No answer.
    Do you know a way to tell Coldfusion to ignore certificate
    errors?
    Thanks!!

  • WCF WSDL has no security info, but service uses SSL

    We need urgent help.
    Basically I am developing a Web Service client app. The service is written in .Net and uses SSL, but the WSDL does not contain any security info. We got one .pfx file and three .cer files. I followed [Importing PFX files into Java keystores|http://i-proving.ca/space/Technologies/JCE/Importing+PFX+files+into+Java+keystores] to convert the certificates to X509 format. Then I imported the PFX certificate into the keystore of my glassfish v3 (alias is s1as), the other three into the truststore. After passing the handshaking, our application gets "javax.xml.ws.soap.SOAPFaultException: No credentials found by which to authorize the user Missing authentication credentials [cert]". The serer side log shows that they received our HTTP requests and the HTTP header was good, however the SOAP envelope was not decrypted. How can I manually modify the WSDL file so that the NetBeans IDE will guide me to configure the security issue? I use NetBeans 6.8 and Glassfish v3.
    Thank you for your help in advance.
    Daniel

    have you try going into iTunes store on your computer and try download app there?
    it may say something.
    i got the same "Security Info Required" too but on iphone4S, so , now i cannot download any app too
    https://discussions.apple.com/thread/3922351

  • Just converted from MobileMe to iCloud. But now my iCal does not sync with either my iPhone or iCloud.  What have I missed?

    Just converted from MobileMe to iCloud.  But now my iCal does not sync to my iPhone or iCloud.  What did I do wrong?

    Welcome to the Apple Community.
    Is calendar syncing enabled on both the computer and the phone.
    Are your calendars in your iCloud group and not in a on my mac group.
    only calendars in the iCloud group will sync.

  • Web Service using SSL certificates

    Hi All,
    I built an Adaptive Web service model using a WSDL file. The web service is from a third party provider and it requests exchange certificates.
    When I tried to consume any of the methods of the web service I get an error: sometime is an invalid response code (500) and sometimes is Peer certificate rejected by ChainVerifier.
    We created a logical destination and in this is where I'm sepecifying what certificate to use also I tried creating a service group but in this case the error says Configuration not found for application, but I created in NWA maybe something is missing.
    Any idea what the issue is? also it is posible to indicate in java what certificate to use?
    Regards,
    Eduardo Campos

    HI Eduardo,
    Please refer SAP Note 838111 for Consuming SSL webervices.
    Please refer the below link for the process flow of consuming SSL webservices..
    https://cw.sdn.sap.com/cw/docs/DOC-32734?decorator=print
    Hope this helps you..
    Regards,
    Saleem Mohammad.

  • Web Service Using SSL issue

    I have a web service that has been working fine using http. Just switched over to SSL using the <WLHttpsTransport> tag on the jwsc ant command. Now I get the following error at runtime: Any ideas/suggestions? Thanks in advance - Craig
    16:22:27,953 INFO [STDOUT] Caused by: java.lang.NoClassDefFoundError: org/apache/tools/ant/BuildException
    16:22:27,953 INFO [STDOUT] at weblogic.wsee.bind.buildtime.internal.TylarJ2SBindingsBuilderImpl.<init>(TylarJ2SBindingsBuilderImpl.java:87)
    16:22:27,953 INFO [STDOUT] at weblogic.wsee.bind.buildtime.J2SBindingsBuilder$Factory.newInstance(J2SBindingsBuilder.java:30)
    16:22:27,953 INFO [STDOUT] at weblogic.wsee.util.ExceptionUtil.<clinit>(ExceptionUtil.java:48)
    16:22:27,953 INFO [STDOUT] at weblogic.wsee.util.FaultUtil.exception2Fault(FaultUtil.java:230)
    16:22:27,953 INFO [STDOUT] at weblogic.wsee.message.soap.SoapMessageContext.setFault(SoapMessageContext.java:102)

    I thought I would post an update since I found a solution. The problem was a ClassCast exception in a part of the SSL stack, that wanted to use the ant BuildException class. This has the effect of hiding the real issue which was that the SSL connection was not successfully occuring. The real problem was that the SSL connection started with a WSDL retrieved via SSL, but the connection for the port was through a username/password. When a username/password is used to create a port, the WL stack falls back to http and causes a ClassCast exception on weblogic.wsee.connection.transport.http.HttpTransportInfo. The solution is to create an https transport object when the service impl is created:
    HttpsTransportInfo transport = new HttpsTransportInfo ();
    transport.setUsername (user.getBytes ());
    transport.setPassword (pass.getBytes ());
    gServiceImpl = new PersistenceManagerService_Impl (url, transport);
    and to create the port without parameters:
    port = getServiceImpl ().getPersistenceManagerServicePort ();
    This allows one-way SSL with username/password for the connection.

  • Trying to login over a form using ssl with ldap

    i am trying to loging over a form using ssl. i have kept the cacert at the specified /usr/java/jdk1.5.0_03/jre/lib/security/cacerts.
    i am getting this error.
    javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    kindly help it is urgent.
    Regards,

    A possible reason for this is the requirement for something in the 'Path' field such as public_html - some ISPs don't use this, some do, or something different. This is a folder in your server space, and its contents represent the published webspace, so if you don't have the path when it's required you are publishing to a level on the server one above what outsiders can read. This is something you'd have to check with Easyspace.

  • Reconfigure Active Directory External Authentication plug in to use ssl

    Assuming this is the proper place to post this question:
    I've quickly gone through the IM integration documentation trying to find out how to reconfigure the ad external auth plugin to use ssl and have come up empty handed. Does anyone know how to do this? Should I just rerun oidspadi.sh?
    Also, where can i view the configuration information that was entered the last time this was configured?
    thanks for any help!
    chris

    Rerun oidspadi.sh and select SSL option. You can get adwhencompare and adwhenbind plug-ins detail under plug-in management in Oracle directory manager.

  • What to specfify in CA Reporting services integration (Report server web service URL) when using SSL for both SharePoint and SSRS?

    Hello,
    We are using Sharepoint 2010 and SQL Server reporting services 2008 R2.    We have the sharepoint site bound to port 443 using a certificate.   We also have the same certificate bound in the reporting services configuration manager's
    web service URL tab.    In CA should we put the SSL URL or the non SSL URL?    Right now in CA it has the then non SSL URL,
    http://fakehostname/ReportServer_REPORTSERVICE.     We have some sporadic issues and I am wondering if setting this to our SSL URL will help.    Please let me know
    if you have any questions.
    Thanks,
    Sean

    Hi,
    Regarding this issue, it should be no issue for setting (https) according :
    https://msdn.microsoft.com/en-us/library/bb630447.aspx
    https://msdn.microsoft.com/en-us/library/bb677369.aspx
    https://social.msdn.microsoft.com/Forums/sqlserver/en-US/0ada85b1-e2d2-44a8-8443-74eca74f5745/ssrs-cannot-connect-to-https-sharepoint-2010-401-unauthorized
    I notice you mentioned that you have some sporadic issues, what are these issue? If there are errors, please post the detailed information about the errors.
    What is the mode type of SQL Server Reporting Service, native mode or SharePoint mode?
    The screenshot of the web service URL:
    Best Regards,
    Wendy
    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
    [email protected]

  • HT1498 We have created account, and password, but when we try to rent a movie is says password is invalid. It is not, because we can access the websute using it. Anyone help me. We have checked over and over. What are we missing?

    We have created account, and password, but when we try to rent a movie is says password is invalid. It is not, because we can access the websute using it. Anyone help me. We have checked over and over. What are we missing?

    On your mac/Win PC can you log into the iTunes Store with your Apple ID and password??
    Can you download one of the free songs/books/ videos (look under Free on iTunes)?

  • I have a slide with 4 smart shapes that I am using as buttons. If I select include in quiz, the On Success branch does not execute. If I deselect include in quiz, the On Success branch executes. What am I missing?

    I have a slide with 6 smart shapes that I am using as buttons. If I select include in quiz, the On Success branch does not execute. If I deselect include in quiz, the On Success branch executes. What am I missing?

    What setting do you have in Quiz > Settings > Required?  If it's not set to Optional, do that.

  • What have you been using with you palm devices?

    I have a new macbook and was using my palm tungsten with a PC. What do most of you use, the palm desktop or the mac address book and ical? I know palmdesktop and am considering just keeping that. but with a new mac I feel like taking advantage of its software. I also use 3rd party software for my palm, like epocrates, avantgo, documents to go, etc.
    Please, let me know what you find easy to use, what you prefer, and any limitaions.
    I like the idea of using the mac address book to use in applications on the mac, like wordprocessing etc..but i don't want things to get complicated with my palm...curently m palm is set up the way I like it......
    Any thoughts?

    Synchronization is a centralized service under Mac OS X 10.4 unlike what it was in previous releases, but you don't see the 'core' of the Sync Services framework. It appears 'de-coupled' but is actually more highly integrated than ever. What you see is components like iSync and .Mac Sync.
    This Apple Developer document explains how the Sync Services framework operates:
    http://developer.apple.com/macosx/syncservices.html
    Sync Services is the future of synchronization. Many—if not most—applications which synchronize, now do so using this framework. The Palm Desktop is a notable exception: it is not now (and never will be) Sync Services aware. So moving away from it to the Address Book/iCal/iSync approach, or using the Missing Sync with the Address Book and iCal instead, both make much more sense.
    Additionally, the Address Book is integrated into Mail, and if you intend to use mail rather than Entourage, you should synchronize the Address Book using either iSync or the Missing Sync, as there are no explicit links between the Palm Desktop and Mail. You can export Palm Desktop contacts as a vCard file for import into the Address Book, and calendars as a vCal file for import into iCal, but doing so on a regular basis will probably make you slightly crazy.
    Mark/Space supplies their Mark/Space Contact, Event and Tasks conduits to work with the Address Book and iCal. They are far more sophisticated and flexible than the iSync Palm Conduit, and support the features of advanced Palm device databases, including contact icons and calendar colors and categories. They also provide conduits for Avant/Go and a conduit and OS X application to synchronize memos, and provide for the synchronization of ePocrates content via internet sharing.
    More information about the Missing Sync for Palm OS is available here:
    http://www.markspace.com/missingsync_palmos.php

  • I want to use wifi for Apple TV, but it doesn't prompt for a password, so never connects.  What am I missing?  Can I only use it via a non-password-protected wifi connection?

    I want to use wifi for Apple TV, but it doesn't prompt for a password, so never connects.  What am I missing?  Can I only use it via a non-password-protected wifi connection?

    Hi - you might want to post this question on the Apple TV area - you would probably get a quicker response - if you have a specific question relating to Apple routers then post back here

Maybe you are looking for

  • Problems with express xy graph

    Hi, I am new to Labview. I am using Labview 8.5. I wish to create a program which reads in an excel spreadsheet and displays the data on an express xy graph. I have been able to read my excel spreadsheet into labview but cannot display a graph in my

  • Why can't I download itunes 10.5 and why has it been like this for days and apple hasn't fixed it yet?

    I have tried multiple times to download itunes on my pc with windows 7. At this point I am incredibly frustrated and have come to the conclusion that a) apple so doesn't care about the pc users that purchase their products b) itunes is apparently not

  • Agent 2.2, Apache 2.0.59 and Solaris 10 - problem- Urgent

    Hi, We are using Solaris 10 (T2000), apache 2.0.59 and Policy Agent 2.2.. Apache Server 2.0.59 works just fine. When I installed Policy Agent 2.2. The Apache start gives following error: /usr/local/apache2/bin/apachectl start Syntax error on line 1 o

  • How to synchronize with internet time server automatically?

    Our 2008 R2's clock gets 1 or 2 minutes ahead every week.  We have to go to the Internet Time Settings dialog box to click "Update now" to do the sync and it always works.  Is there any trick to get the automatic synchronization work?  What is the sy

  • Is there a point in buying HD movies on iTunes?

    I have a 13.3" MacBook Pro, Basic model.  I was browsing movies on iTunes and was thinking of buying one.  It's $9.99 for the regular version and $12.99 for the HD version.  My husband said there's no point in buying the HD version as my computer wil