Intermited SSL/HTTPS problems

Similar Questions

• Impossible to accelerate SSL/HTTPS traffic

  Hello

  I tried to speed up SSL/HTTPS traffic without success.
  I start with this technology, and maybe I have configuration errors. I followed the guides, but I'm not able to speed up that kind of traffic. Can someone help me?

  Both of my servers WASS footstool is attached. I'm their administration in the WAAS central Manager.

  Version of the software Cisco Wide Area Application Services (accelerator-k9) 5.3.5f (build b7 February 10, 2016)
  Version: sm-sre-710 - 5.3.5f.7

  Is it possible to WAAS accelerate traffic from SHA - 1? Do I need my server CA certificates in "certification authorities"?

  Kind regards

  Heriberto.

  This time no other.

  I got to see all my internal docs, because as said that it was so long I don't have WAAS.

  I would check that I'll be back if I found something

• Installation of SSL VPN problem

  Hi all

  I am setting up a SSL VPN on our ASA 5510 using the Secure Mobility client.  After working through several problems, I was able to get the test server to download and install the Linux client, and he says that it is connected.  When I try to ping any server in the LAN, however, the first ping is responded to and the rest of out time.  On the firewall, I see a stream of errors like this:

  3

  October 11, 2014

  16:12:58

  SRV1

  172.16.40.185

  Refuse icmp incoming outside CBC: SRV1 outside dst: 172.16.40.185 (type 0, code 0)

  split tunneling seems to work fine, I can access the Internet yet, but any attempt to reach a server in the LAN will expire.

  Now I have had this before working with a Windows and a Mac client, but removed this configuration and (I thought) completely recreated when I updated the anyconnect images to include an image of linux.  Now I get this same problem with all 3 platforms.

  Can anyone advise me on what I may be missing or that I can provide to diagnose the problem?

  ASA is running v8.2 (5)

  I followed this guide to set up: http://www.techrepublic.com/blog/data-center/eight-easy-steps-to-cisco-a...

  Thank you!

  Ok thank you.

  If your clients are assigned addresses of:

  mask 172.16.40.185 - 172.16.40.190 255.255.252.0 IP local pool VPNTestPool

  You have exempted from this pool of NAT with the last entry in your acl sheep:

  access-list sheep extended permits all ip 172.16.40.184 255.255.255.248

  A potential problem I see is that the pool is a subnet dug into your internal network:

  IP 172.16.40.2 255.255.252.0

  The ASA believe hosts on this subnet to be connected, and your heart can be confused on the way forward.

  In addition, I don't see where you set the

   sysopt connection permit-vpn

  .. .command recommended in the configuration guide you followed.

  Also. in the first packet - trace, the source for client VPN traffic must be outside, not inside.

• View ssl certificate problem

  Hello

  I config the view to connect the server of ssl certificate, I have config ssl with the kb certificate

  http://KB.VMware.com/selfservice/microsites/search.do?language=en_US & cmd = displayKC & externalId = 1008705

  but when I configed the ssl certificate, I opened IE, open connect with https server.

  certificate is issued is not disabled certificate.how do?

  When I use the customer display to connect the server to connect, he invites "the host name in the certificate is invalid or does not match to.

  My way

  1. Add keytool for the path of the system:
  a. in your host server view connection or security, right-click workstation, and then click Properties.
  b. click on the Advanced tab.
  c. click on Environment Variables.
  d. in the Group of system variables, select path and click on modify.
  e. type the path to the JRE directory in the Variable value text box. For example,.
  < install_directory > \VMware\VMware View\Server\jre\bin.
  

  2. open a command prompt and run this command using keytool to generate a key file:

  keytool - genkeypair - keyalg 'RSA' - keysize 2048 - keystore keys.jks - storepass secret

  keytool - certreq-file certificate.csr - keystore keys.jks - storepass secret

  3. I asked the certificate with my CA certsrv in the field. I asked for the advanced certificate and copy the text file

  for example

  -----BEGIN NEW CERTIFICATE REQUEST-
  MIICrDCCAZQCAQAwZzELMAkGA1UEBhMCY24xCzAJBgNVBAgTAnNoMQswCQYDVQQHEwJzaDEQMA4G
  A1UEChMHdm1jbG91ZDEQMA4GA1UECxMHdm1jbG91ZDEaMBgGA1UEAxMRVk1DT04udm1jbG91ZC5j
  b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCNEbwcZeW + 5PNsRgk65lB4NQ1AMMTb
  HbtGRwQIbaBLgvUxZlfNucu7nckC6bdg3brXDRIbZp3vjQCpZLsHjNPmRGkoVRhwikEaOoou9UWA
  b + 0HScCMFZShkULCrAJV2nKuPuUl5JO3lRBecRBKiRm37yf53c9HYmh + nexQaz0dX + jfOm4M3fcg
  Ujfl + UAky9KOjMrHQ5MJjoTqZCV2uMpiGOaG8h/8kruEyISiSn89KOAgmA90Iq32SItA09pJG/V5
  GWbIUXSE5JUF70ZemdXN31dajmwXH0ML + SLEQfUjQeH1vGZ/v0nG51wIf5QOJTJ7pJ2aKEsaNcBz
  6PvjWcdpAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEABnjFSmKYINAvBJ4S1Hy5rnPdunaVcsQA
  y5WkVf7ouRIm7Zew2tjzr4KN2Xt41alJlLUtfpGfw5xqGSvZBxuxVltW5dEYRitf84trysdeQAuB
  t103qAchdBpziPAOumu2mk/PjW + kt/t0o5CuZ81vCD8/KB9KX94YW9vB83Q9B7Mkg3g3G7Clzyim
  Ogwq/VVErAu0udbW30Bp0RuSkj9CBwofpYsC + sdcVeduXV1vjpl4 + Fo + BWt1JkrT2aLkAJ4uhvzw
  V7vPmYlqpuauS79iZowU + uXir3F75GBxKYsWRXia5D/AiDRd/xLS9K62o2QnVjV7qpshIlv6IIzN
  MOLDzA is
  -NEW APPLICATION FOR CERTIFICATE OF END-

  I copyed the text in my ca server asked for the catificate

  4. when the certificate was requested, I download the certificate chain and export the certificate and the ssl certificate

  5 keytool - keystore viewcs1.jks - storepass password - importcert-alias rootca-folder rootca.der.cer

  6 keytool - importcert - keystore viewcs1.jks - storepass password - keyalg 'RSA' - trustcacerts-alias viewcs1-file viewcs1.der.cer

  7 copy the jks and the certificate of "\VMware\VMware View\Server\sslgateway\conf".

  8. create locked.properties and set the keyfile property

  keyfile = Keys.P12
  KeyPass = MY_PASS

  shops = jks

  9 restart connect services

  What is the problem? I'm doing this. I don't know the step that I did wrong.

  pls help me solve the problem.

  thansks much

  This problem is puzzle me long.

  I hope someone can provide the video

  My email: [email protected]

  When you created the certificate did you use namesake who would use people accessing VDI?  For example, if people acecss VDI with https://vdi.blank.com , then you would have to create your certificate using the same.

• First time with SSL - teething problems

  Hello

  I have a new site and I decided to use the SSL - just very basic flavor.

  I use flickr images and giving me the problem of popup in Internet Explorer by telling the user that there are secure and nonsecure items.

  So now I think that maybe I should use the https:// on some of my pages to get the cycle which is but this flying object?  Or I guess, not to use Flickr.  Yet, on a bloggy kind of site, which wants to say that the content won't get pulled in from other sources not secure?

  (The reason why I chose to go with SSL is because one) it is a site Wordpress, b) is a directory of companies set up where I'll be storing details of the company (but not charge for registration at this point and c) I wanted to learn more about SSL.

  If anyone knows a decent tutorial SSL fo that has not been written for programmers, I'd love to have a look at this.  Most of the things I've come across is either sales preamble location or you need to be a scientist to understand.

  Thank you

  Martin

  [edit] And just to be clear, I think I want to say that most of my teething problems arose because I don't know what I'm doing - nothing new here.

  Your absolute links to external sites should all use https protocol.  Try it and see if that helps.

• SSL (https) &amp; amp; sendAndLoad

  Hello!
  
  I'm trying to connect a flash via the ssl protocol application and I can't get it to work, it works very well without ssl, but with ssl, using https, it does not work.
  
  any idea?
  
  Thanks in advance

  I solved this problem, if anyone needs help on, message me.

  Ave!

• SSL &amp; amp; Problem FLASH, IE &amp; amp; IIS, caching

  my site offers content Dynamics & must have "caching disabled people" (ie. http Cache-Control headers: No.-cache, Pragma:no - cache, expires immediately, etc..)
  
  I have a SSL certificate installed on an IIS box. Without invoking the SSL, Flash *.swf files work 100% without HTTPS (for example, with or without SSL) but when you use SSL, the *.swf files completely fail to load/rendering (Note: remaining portions of page loads / makes it very well with the IE browser 'lock' - icon that appears.)
  
  I have diddled with the common issues cited in various forums, for example. change references of HTTP-> HTTPS in the < embed object > tag, codebase, etc - so did not not this problem.
  
  HINT... it seems RELATED to caching:(voir ci-dessous)
  
  UNACCEPTABLE SOLUTION: I am able to get the * .swf-s to load in activating all caches... (ie. remove all related "content - expires" technology) but it becomes a DISASTER for a site providing dynamic content!
  
  If anyone found a decent solution?

  Oh, boy! I'm in heaven... The workaround is to set the http headers "Content-control: no - store"! Then delete all the other headers cached and keep the setting of "expires immediately!

  :)

  Dave

• How to make SOAP client ssl (https) request call with c# in Visual Studio 2010?

  Hello

  I have https wsdl as https://128.107.155.166:8443/nbapi/event /? WSDL path and I would use as tool for vs2010 with proxy class add 'a service reference. At the present time, the proxy class already created by "a service reference" of vs2010 as the "Reference.cs" call So the question is "with the ssl Protocol, how can I write the client ssl request soap call of this class (Reference.cs) proxy that is generated by a service of vs2010. reference.
  Please let me know, and if you have examples of code that will be great. I need ASAP for my project.
  Thank you.
  Anderson Lin

  You will need to create a new post on MSDN for assistance: http://social.msdn.microsoft.com/forums/en-US/categories/

• https problems

  The other day I activated the option to only use HTTPS between my computer at home, but now I am unable to connect from my ipod touch. Whenever I type my username and password on my ipod, I'm brought back to the login screen. I can connect to my computer fine at home, but I want to be able to connect using my ipod touch. I've never had this problem before and was able to connect both my computer at home and the ipod touch at the same time. I want to turn this option off and restore my original settings but not sure how.

  Hello

  To get assistance on the issue with the iPod Touch:

  http://www.Apple.com/support/

  Hope helps.

• SSL connection problem

  Hi, I tried to connect to a server (Openfire) XMPP set up on my machine of. I'm an EOFException at the opening of the connection:

  SecureConnection secureConnection = (SecureConnection) Connector.open("ssl://10.14.1.94:5222;deviceside=true", Connector.READ_WRITE);
  

  I tried pointing to another server XMPP (talk.google.com) and instead, I had a TLSIOException.

  What is a certificate problem? The Openfire Server uses a self-signed certificate.

  Thank you!

  OK I found the solution and it's a little embarrassing, I was using port 5222, but the server was listening on port 5223 ssl...

• Download of documents via SSL VPN problems

  Hello

  We have customers from downloading documents (usually less than 3 MB in size from PDF files) to a web (using http only) interface on an internal web server.  They customers are using the latest version of AnyConnect for windows and connecting to an ASA5510 running the latest firmware of 8.3.  They connect from their home network on a cable or DSL connection.

  I disabled the detection of threats and you don't see anything blocked by the firewall.  What are our user seems to work perfectly.

  I ran a packet capture with wireshark and noticed a lot of packet loss. I have attached a screenshot.

  Any advice would be greatly appreciated.

  Is it possible that there is another cause of network problem?

  Check the settings for duplex/top speed of Web server, check the errors of interface on the ports, etc. Duplicate acknowledgments are caused by lost packets, out-of-order packets, etc.

• Failure of the conversion due to SSL certificate problems - can work around this problem?

  I began the process of migration of a collection of virtual machines in an environment of KVM to an existing cluster of vSphere and try to use the converter (5.5) do a dynamic conversion/migration of a Ubuntu box, but it does not reason create the virtual disk on one of the hosts because of the SSL certificate, and I found no other messages or articles specifically on this (looks like most associated with SSL include improving speed)

  In the worker newspaper, I can see that:

  • The converter is able to successfully create the target VM
  • The attempt to create the virtual disk is defective for the certificate SSL is not invalid (all systems in the cluster appear to be using default certificates from VMware).  In the log file of the worker:

  2014-08 - 07T 09: 35:13.947 - 07:00 [warning 06620 'Default'] [, 0] SSL_IsVerifyEnabled: failed to read the registry value. Falling back to the default behavior: verification on. LastError = 0

  2014-08 - 07T 09: 35:13.947 - 07:00 [warning 06620 'Default'] [, 0] SSL: SSL unknown error

  2014-08 - 07T 09: 35:13.947 - 07:00 [warning 06620 'Default'] [, 0] SSL: connection failed

  2014-08 - 07T 09: 35:13.947 - 07:00 [warning 06620 'Default'] [, 0] NfcNewAuthdConnectionEx [NFC ERROR]: unable to connect to peer. Error: The certificate of the remote host has these problems:

  ->

  -> * The host certificate chain is incomplete.

  ->

  -> * unable to get local issuer certificate

  2014-08 - 07T 09: 35:13.947 - 07:00 [info 06620 'Default'] Sysimgbase_DiskLib_OpenWithPassPhrase failed with 'NBD_ERR_NETWORK_CONNECT' (error code: 2338)

  • The goal of the virtual machine is removed.

  Is it possible to simply disable the validation of certificate for this process?  In the newspaper, it looks like a registry key that it would control, but I have not found any information on this subject (or guessed correctly).  Or can I import this certificate on the local Windows system running converter to get around it (I could not with this approach, but either)

  It's really not clear to me which system validation.  While the worker log shows it connect to the vSphere host, there is no such line indicating it connects to the host where the target VM is located, and it looks like this is the host with the certificate which is considered not valid.   Validation occurs not on my local system running the converter? (the parameters of the vCenter server shows that the box 'vCenter requires a verification of certificates SSL host' is unchecked already)

  Thank you

  Scott

  You might want to take a look at Re: an error occurred when opening a virtual disk. Make sure that the converter server and source running machines have network access to the ESX/ESXi hosts source and destination and let me know if it works for you.

• Certificate SSL ERROR - problem

  I created a new website for a client www.paradoxoil.com the website designer previous position an SSL certificate on the domain name and now in google search, the field appears with https://

  I saw in some forum posts on this topic but not a real answer that I can understand. Someone said about editing some links for guarantee? Some have said about adding a 301 redirect. I have contact the guys from domain associated with this account and they removed the certificate but it still appears in google the error message still appears. I tried to add the domain name in google as http://www.paradoxoil.com God knows how long it will take to change.

  Any help would be appreciated 100%.

  

  Hello

  You can see the Google link removal tool,

  https://www.Google.com/webmasters/tools/removals

  Also, check out this link to learn more about the procedure,

  Remove old or information deleted from Google - search Console Help

  Unfortunately there is no guarantee by Google when these links will be removed and here's why, but should be useful.

• Http problem

  < police = "Times New Roman" color = "35349F" size = "3" >
  Hello
  If we use the tool console like Teamviewer for remote access to the server for the establishment/R12 using, this would lead to any problem, such as HTTP error in R12?
  
  Thank you and best regards,
  Human
  < / make >

  TeamViewer or what?

  TeamViewer.

  Thank you
  Hussein

• Transport http - problem with timeout

  Hello
  
  I have a Bussines services that uses the Http transport and its configured with the ending "http://90.56.154.45:989 / offline1".
  It's the rest of the config:
  /************/
  General configuration
  Type of service no matter what XML Service
  
  Transport configuration
  Http protocol
  Load balancing algorithm no
  Endpoint URI
  http://90.56.154.45:989 / offline1
  Retry Count 0
  Retry interval iteration 0
  Start Application Yes errors
  
  Configuration of HTTP Transport
  Timeout 5
  Query HTTP POST method
  Authentication no
  Proxy server
  Follow redirects HTTP DISABLED
  Use segmented Mode streaming
  
  Content of message, Configuration management
  MTOM/XOP support disabled
  Page attachments to disk no.
  /*************/
  
  When I try to sbconsole, the connection lasts about 3 minutes. Why not meet the deadline set to 5 seconds?
  
  Thank you very much, greetings.

  But the setting of timeout (timeout = 5 sg) still not come into force. It may be a possible bug?

  Only the timeout setting is actually to READ timeout. So if the target server takes longer than the number of seconds that you have configured in the timeout parameter, then only this setting will take effect. Like currently, you are not able to even connect (connect timeout came into picture), that's why READ timeout isn't triggering because READ has not even started.

  It works as expected and there is no problem with the setting.

  Kind regards
  Anuj