[THIN] AW: Re: SSL Problems with NFUSE/CSG Access from within a cooperate Network and via java client
- From: "Daniel Schoppmann" <dschoppmann@xxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Thu, 9 Jan 2003 23:48:02 +0100
There is no SSL Relay !
Ciao, Daniel
dschoppmann@xxxxxx
http://www.schoppmann.com/
Meeräckerstr. 24
68163 Mannheim
home: 0621/8191407
mobil:0172/6395617
-----Ursprüngliche Nachricht-----
Von: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]Im
Auftrag von Stansel, Paul
Gesendet: Donnerstag, 9. Januar 2003 14:29
An: 'thin@xxxxxxxxxxxxx'
Betreff: [THIN] Re: SSL Problems with NFUSE/CSG Access from within a
cooperate Network and via java client
Do you have the SSL relay configured correctly? Otherwise you'll need =
1494
open also.
-Paul
> ----------
> From: Daniel Schoppmann[SMTP:dschoppmann@xxxxxx]
> Reply To: thin@xxxxxxxxxxxxx
> Sent: Wednesday, January 08, 2003 4:12 PM
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] SSL Problems with NFUSE/CSG Access from within a
> cooperate Network and via java client
>=20
>=20
> Hi List
>=20
> We have NFuse 1.71 / CSG 1.1 in DMZ with Certificates from =
Globalsign.
> All secured over 443. STA in Cooperate Network.
>=20
> From outside company network (internet) access via ICA-full and =
webclient
> works perfect.
>=20
> Here the 2 problems we still have:
>=20
> 1. From inside the coorperate Network (the client has to traverse =
Proxy,
> Firewall, Router) it is not possible to open Metaframe apps. SSL =
error 40
> !
> First of all I thought this doesn't matter for our network, because I =
also
> have an internal NFUSE Server for access within the VPN. But know we =
want
> to
> access our Metaframe server through our NFUSE in DMZ from other =
companies
> cooperate networks (or Intranet or whatever the common name is) using
> their
> Internet access way.(ASP)
> The NFuse "client side firewall" settings are set to "use proxy =
settings
> from Browser".
> No my question: I think all that is need to be open on the client =
side
> firewall is Port 80 and port 443. Am I right ?
> The first test we made from another companies network brought ssl =
error
> 40.
> Any ideas ?
> Anyone made same experience from other companies network with such an =
ASP
> like environment ?
>=20
>=20
> 2. As already said above, from outside company network (internet) =
access
> via
> ICA-full and webclient works perfect.
> The Java Client doesn't work. It start and then brings an error =
sounds
> like,
> that
>=20
> Translated from German:
> The security certificate of the server is not trustworthy. To allow =
access
> to this server, you have to install the certificate "GlobalSign Root =
CA"
> Details shows:
>=20
> SslCertificateNotTrustedException. Issuer "GlobalSign Root CA"
> at com/citrix/sdk/security/exceptions/SslException.convert
> at com/citrix/sdk/security/ssl/SslOutputStream.write
> at
> =
com/citrix/sdk/security/socks/authentication/DefaultAuthenticator.beginS=
oc
> ks
> 5Handshake
> at com/citrix/sdk/security/socks/a/b.a
> at com/citrix/sdk/security/socks/a/b.b
> at com/citrix/sdk/security/socks/a/b.<init>
> at com/citrix/sdk/security/Socks5SocketFactory.createSocket
> at com/citrix/sdk/security/SocketFactory.createSocks5Socket
> at com/citrix/sdk/security/SocketFactory.createMultiplexedSslSocket
> at java/lang/reflect/Method.invoke
> at com/citrix/client/io/net/ip/x.b
> at com/citrix/client/io/net/ip/x.c
> at com/citrix/client/io/net/ip/x.a
> at com/citrix/client/io/net/ip/x.connect
> at com/citrix/client/io/net/ip/v.<init>
> at com/citrix/client/io/net/ip/v.<init>
> at com/citrix/client/module/td/tcp/TCPTransportDriver.q
> at com/citrix/client/module/td/TransportDriver.run
>=20
> I have already opened a call at citrix, but we already seem to have
> checked
> everything.
>=20
> - Root and server Certs are installed on both CSG and NFUSE
>=20
> and remember, it works perfectly with local ica-clients. That is =
realy
> crazy
> !
> Is their perhaps a known issue with certificates from Globalsign ?
>=20
> I am wishufully waiting on some genious ideas !!!
>=20
>=20
> Ciao, Daniel
>=20
> dschoppmann@xxxxxx
> http://www.schoppmann.com/
>=20
> Meer=E4ckerstr. 24
> 68163 Mannheim
>=20
> home: 0621/8191407
> mobil:0172/6395617
>=20
> ***********************************************=20
> This Weeks Sponsor: WM Software
> WMS Messenger for TSE
> Affordable Instant Messaging for Terminal Servers
> http://www.wmsoftware.com/wmsm/
> ************************************************
> For Archives, to Unsubscribe, Subscribe or=20
> set Digest or Vacation mode use the below link.
>=20
> http://thethin.net/citrixlist.cfm
>=20
***********************************************
This Weeks Sponsor: WM Software
WMS Messenger for TSE
Affordable Instant Messaging for Terminal Servers
http://www.wmsoftware.com/wmsm/
************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link.
http://thethin.net/citrixlist.cfm
***********************************************
This Weeks Sponsor: WM Software
WMS Messenger for TSE
Affordable Instant Messaging for Terminal Servers
http://www.wmsoftware.com/wmsm/
************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link.
http://thethin.net/citrixlist.cfm
Other related posts:
