There is no SSL Relay ! Ciao, Daniel dschoppmann@xxxxxx http://www.schoppmann.com/ Meeräckerstr. 24 68163 Mannheim home: 0621/8191407 mobil:0172/6395617 -----Ursprüngliche Nachricht----- Von: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]Im Auftrag von Stansel, Paul Gesendet: Donnerstag, 9. Januar 2003 14:29 An: 'thin@xxxxxxxxxxxxx' Betreff: [THIN] Re: SSL Problems with NFUSE/CSG Access from within a cooperate Network and via java client Do you have the SSL relay configured correctly? Otherwise you'll need = 1494 open also. -Paul > ---------- > From: Daniel Schoppmann[SMTP:dschoppmann@xxxxxx] > Reply To: thin@xxxxxxxxxxxxx > Sent: Wednesday, January 08, 2003 4:12 PM > To: thin@xxxxxxxxxxxxx > Subject: [THIN] SSL Problems with NFUSE/CSG Access from within a > cooperate Network and via java client >=20 >=20 > Hi List >=20 > We have NFuse 1.71 / CSG 1.1 in DMZ with Certificates from = Globalsign. > All secured over 443. STA in Cooperate Network. >=20 > From outside company network (internet) access via ICA-full and = webclient > works perfect. >=20 > Here the 2 problems we still have: >=20 > 1. From inside the coorperate Network (the client has to traverse = Proxy, > Firewall, Router) it is not possible to open Metaframe apps. SSL = error 40 > ! > First of all I thought this doesn't matter for our network, because I = also > have an internal NFUSE Server for access within the VPN. But know we = want > to > access our Metaframe server through our NFUSE in DMZ from other = companies > cooperate networks (or Intranet or whatever the common name is) using > their > Internet access way.(ASP) > The NFuse "client side firewall" settings are set to "use proxy = settings > from Browser". > No my question: I think all that is need to be open on the client = side > firewall is Port 80 and port 443. Am I right ? > The first test we made from another companies network brought ssl = error > 40. > Any ideas ? > Anyone made same experience from other companies network with such an = ASP > like environment ? >=20 >=20 > 2. As already said above, from outside company network (internet) = access > via > ICA-full and webclient works perfect. > The Java Client doesn't work. It start and then brings an error = sounds > like, > that >=20 > Translated from German: > The security certificate of the server is not trustworthy. To allow = access > to this server, you have to install the certificate "GlobalSign Root = CA" > Details shows: >=20 > SslCertificateNotTrustedException. Issuer "GlobalSign Root CA" > at com/citrix/sdk/security/exceptions/SslException.convert > at com/citrix/sdk/security/ssl/SslOutputStream.write > at > = com/citrix/sdk/security/socks/authentication/DefaultAuthenticator.beginS= oc > ks > 5Handshake > at com/citrix/sdk/security/socks/a/b.a > at com/citrix/sdk/security/socks/a/b.b > at com/citrix/sdk/security/socks/a/b.<init> > at com/citrix/sdk/security/Socks5SocketFactory.createSocket > at com/citrix/sdk/security/SocketFactory.createSocks5Socket > at com/citrix/sdk/security/SocketFactory.createMultiplexedSslSocket > at java/lang/reflect/Method.invoke > at com/citrix/client/io/net/ip/x.b > at com/citrix/client/io/net/ip/x.c > at com/citrix/client/io/net/ip/x.a > at com/citrix/client/io/net/ip/x.connect > at com/citrix/client/io/net/ip/v.<init> > at com/citrix/client/io/net/ip/v.<init> > at com/citrix/client/module/td/tcp/TCPTransportDriver.q > at com/citrix/client/module/td/TransportDriver.run >=20 > I have already opened a call at citrix, but we already seem to have > checked > everything. >=20 > - Root and server Certs are installed on both CSG and NFUSE >=20 > and remember, it works perfectly with local ica-clients. That is = realy > crazy > ! > Is their perhaps a known issue with certificates from Globalsign ? >=20 > I am wishufully waiting on some genious ideas !!! >=20 >=20 > Ciao, Daniel >=20 > dschoppmann@xxxxxx > http://www.schoppmann.com/ >=20 > Meer=E4ckerstr. 24 > 68163 Mannheim >=20 > home: 0621/8191407 > mobil:0172/6395617 >=20 > ***********************************************=20 > This Weeks Sponsor: WM Software > WMS Messenger for TSE > Affordable Instant Messaging for Terminal Servers > http://www.wmsoftware.com/wmsm/ > ************************************************ > For Archives, to Unsubscribe, Subscribe or=20 > set Digest or Vacation mode use the below link. >=20 > http://thethin.net/citrixlist.cfm >=20 *********************************************** This Weeks Sponsor: WM Software WMS Messenger for TSE Affordable Instant Messaging for Terminal Servers http://www.wmsoftware.com/wmsm/ ************************************************ For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm *********************************************** This Weeks Sponsor: WM Software WMS Messenger for TSE Affordable Instant Messaging for Terminal Servers http://www.wmsoftware.com/wmsm/ ************************************************ For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm