[THIN] Re: AW: Re: SSL Problems with NFUSE/CSG Access from within a cooperate Network and via java client

  • From: "Stansel, Paul" <Paul.Stansel@xxxxxxxxxxxxx>
  • To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
  • Date: Fri, 10 Jan 2003 08:26:15 -0500

Then you need 1494 open on the internal firewall so that NFuse can =
contact
your farm(s).

-Paul

> ----------
> From:         Daniel Schoppmann[SMTP:dschoppmann@xxxxxx]
> Reply To:     thin@xxxxxxxxxxxxx
> Sent:         Thursday, January 09, 2003 5:48 PM
> To:   thin@xxxxxxxxxxxxx
> Subject:      [THIN] AW: Re: SSL Problems with NFUSE/CSG Access from
> within a cooperate Network and via java client
>=20
>=20
> There is no SSL Relay !
>=20
> Ciao, Daniel
>=20
> dschoppmann@xxxxxx
> http://www.schoppmann.com/
>=20
> Meer=E4ckerstr. 24
> 68163 Mannheim
>=20
> home: 0621/8191407
> mobil:0172/6395617
>=20
>=20
> -----Urspr=FCngliche Nachricht-----
> Von: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]Im
> Auftrag von Stansel, Paul
> Gesendet: Donnerstag, 9. Januar 2003 14:29
> An: 'thin@xxxxxxxxxxxxx'
> Betreff: [THIN] Re: SSL Problems with NFUSE/CSG Access from within a
> cooperate Network and via java client
>=20
>=20
>=20
> Do you have the SSL relay configured correctly?  Otherwise you'll =
need =3D
> 1494
> open also.
>=20
> -Paul
>=20
> > ----------
> > From:       Daniel Schoppmann[SMTP:dschoppmann@xxxxxx]
> > Reply To:   thin@xxxxxxxxxxxxx
> > Sent:       Wednesday, January 08, 2003 4:12 PM
> > To:         thin@xxxxxxxxxxxxx
> > Subject:    [THIN] SSL Problems with NFUSE/CSG Access from within a
> > cooperate Network and via java client
> >=3D20
> >=3D20
> > Hi List
> >=3D20
> > We have NFuse 1.71 / CSG 1.1 in DMZ with Certificates from =3D
> Globalsign.
> > All secured over 443. STA in Cooperate Network.
> >=3D20
> > From outside company network (internet) access via ICA-full and =3D
> webclient
> > works perfect.
> >=3D20
> > Here the 2 problems we still have:
> >=3D20
> > 1. From inside the coorperate Network (the client has to traverse =
=3D
> Proxy,
> > Firewall, Router) it is not possible to open Metaframe apps. SSL =
=3D
> error 40
> > !
> > First of all I thought this doesn't matter for our network, because =
I =3D
> also
> > have an internal NFUSE Server for access within the VPN. But know =
we =3D
> want
> > to
> > access our Metaframe server through our NFUSE in DMZ from other =3D
> companies
> > cooperate networks (or Intranet or whatever the common name is) =
using
> > their
> > Internet access way.(ASP)
> > The NFuse "client side firewall" settings are set to "use proxy =3D
> settings
> > from Browser".
> > No my question: I think all that is need to be open on the client =
=3D
> side
> > firewall is Port 80 and port 443. Am I right ?
> > The first test we made from another companies network brought ssl =
=3D
> error
> > 40.
> > Any ideas ?
> > Anyone made same experience from other companies network with such =
an =3D
> ASP
> > like environment ?
> >=3D20
> >=3D20
> > 2. As already said above, from outside company network (internet) =
=3D
> access
> > via
> > ICA-full and webclient works perfect.
> > The Java Client doesn't work. It start and then brings an error =3D
> sounds
> > like,
> > that
> >=3D20
> > Translated from German:
> > The security certificate of the server is not trustworthy. To allow =
=3D
> access
> > to this server, you have to install the certificate "GlobalSign =
Root =3D
> CA"
> > Details shows:
> >=3D20
> > SslCertificateNotTrustedException.  Issuer "GlobalSign Root CA"
> >     at com/citrix/sdk/security/exceptions/SslException.convert
> >     at com/citrix/sdk/security/ssl/SslOutputStream.write
> >     at
> > =3D
> =
com/citrix/sdk/security/socks/authentication/DefaultAuthenticator.beginS=
=3D
> oc
> > ks
> > 5Handshake
> >     at com/citrix/sdk/security/socks/a/b.a
> >     at com/citrix/sdk/security/socks/a/b.b
> >     at com/citrix/sdk/security/socks/a/b.<init>
> >     at com/citrix/sdk/security/Socks5SocketFactory.createSocket
> >     at com/citrix/sdk/security/SocketFactory.createSocks5Socket
> >     at =
com/citrix/sdk/security/SocketFactory.createMultiplexedSslSocket
> >     at java/lang/reflect/Method.invoke
> >     at com/citrix/client/io/net/ip/x.b
> >     at com/citrix/client/io/net/ip/x.c
> >     at com/citrix/client/io/net/ip/x.a
> >     at com/citrix/client/io/net/ip/x.connect
> >     at com/citrix/client/io/net/ip/v.<init>
> >     at com/citrix/client/io/net/ip/v.<init>
> >     at com/citrix/client/module/td/tcp/TCPTransportDriver.q
> >     at com/citrix/client/module/td/TransportDriver.run
> >=3D20
> > I have already opened a call at citrix, but we already seem to have
> > checked
> > everything.
> >=3D20
> > - Root and server Certs are installed on both CSG and NFUSE
> >=3D20
> > and remember, it works perfectly with local ica-clients. That is =
=3D
> realy
> > crazy
> > !
> > Is their perhaps a known issue with certificates from Globalsign ?
> >=3D20
> > I am wishufully waiting on some genious ideas !!!
> >=3D20
> >=3D20
> > Ciao, Daniel
> >=3D20
> > dschoppmann@xxxxxx
> > http://www.schoppmann.com/
> >=3D20
> > Meer=3DE4ckerstr. 24
> > 68163 Mannheim
> >=3D20
> > home: 0621/8191407
> > mobil:0172/6395617
> >=3D20
> > ***********************************************=3D20
> > This Weeks Sponsor: WM Software
> > WMS Messenger for TSE
> > Affordable Instant Messaging for Terminal Servers
> > http://www.wmsoftware.com/wmsm/
> > ************************************************
> > For Archives, to Unsubscribe, Subscribe or=3D20
> > set Digest or Vacation mode use the below link.
> >=3D20
> > http://thethin.net/citrixlist.cfm
> >=3D20
> ***********************************************
> This Weeks Sponsor: WM Software
> WMS Messenger for TSE
> Affordable Instant Messaging for Terminal Servers
> http://www.wmsoftware.com/wmsm/
> ************************************************
> For Archives, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link.
>=20
> http://thethin.net/citrixlist.cfm
>=20
> ***********************************************=20
> This Weeks Sponsor: WM Software
> WMS Messenger for TSE
> Affordable Instant Messaging for Terminal Servers
> http://www.wmsoftware.com/wmsm/
> ************************************************
> For Archives, to Unsubscribe, Subscribe or=20
> set Digest or Vacation mode use the below link.
>=20
> http://thethin.net/citrixlist.cfm
>=20
*********************************************** 
This Weeks Sponsor: WM Software
WMS Messenger for TSE
Affordable Instant Messaging for Terminal Servers
http://www.wmsoftware.com/wmsm/
************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm

Other related posts: