Then you need 1494 open on the internal firewall so that NFuse can = contact your farm(s). -Paul > ---------- > From: Daniel Schoppmann[SMTP:dschoppmann@xxxxxx] > Reply To: thin@xxxxxxxxxxxxx > Sent: Thursday, January 09, 2003 5:48 PM > To: thin@xxxxxxxxxxxxx > Subject: [THIN] AW: Re: SSL Problems with NFUSE/CSG Access from > within a cooperate Network and via java client >=20 >=20 > There is no SSL Relay ! >=20 > Ciao, Daniel >=20 > dschoppmann@xxxxxx > http://www.schoppmann.com/ >=20 > Meer=E4ckerstr. 24 > 68163 Mannheim >=20 > home: 0621/8191407 > mobil:0172/6395617 >=20 >=20 > -----Urspr=FCngliche Nachricht----- > Von: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]Im > Auftrag von Stansel, Paul > Gesendet: Donnerstag, 9. Januar 2003 14:29 > An: 'thin@xxxxxxxxxxxxx' > Betreff: [THIN] Re: SSL Problems with NFUSE/CSG Access from within a > cooperate Network and via java client >=20 >=20 >=20 > Do you have the SSL relay configured correctly? Otherwise you'll = need =3D > 1494 > open also. >=20 > -Paul >=20 > > ---------- > > From: Daniel Schoppmann[SMTP:dschoppmann@xxxxxx] > > Reply To: thin@xxxxxxxxxxxxx > > Sent: Wednesday, January 08, 2003 4:12 PM > > To: thin@xxxxxxxxxxxxx > > Subject: [THIN] SSL Problems with NFUSE/CSG Access from within a > > cooperate Network and via java client > >=3D20 > >=3D20 > > Hi List > >=3D20 > > We have NFuse 1.71 / CSG 1.1 in DMZ with Certificates from =3D > Globalsign. > > All secured over 443. STA in Cooperate Network. > >=3D20 > > From outside company network (internet) access via ICA-full and =3D > webclient > > works perfect. > >=3D20 > > Here the 2 problems we still have: > >=3D20 > > 1. From inside the coorperate Network (the client has to traverse = =3D > Proxy, > > Firewall, Router) it is not possible to open Metaframe apps. SSL = =3D > error 40 > > ! > > First of all I thought this doesn't matter for our network, because = I =3D > also > > have an internal NFUSE Server for access within the VPN. But know = we =3D > want > > to > > access our Metaframe server through our NFUSE in DMZ from other =3D > companies > > cooperate networks (or Intranet or whatever the common name is) = using > > their > > Internet access way.(ASP) > > The NFuse "client side firewall" settings are set to "use proxy =3D > settings > > from Browser". > > No my question: I think all that is need to be open on the client = =3D > side > > firewall is Port 80 and port 443. Am I right ? > > The first test we made from another companies network brought ssl = =3D > error > > 40. > > Any ideas ? > > Anyone made same experience from other companies network with such = an =3D > ASP > > like environment ? > >=3D20 > >=3D20 > > 2. As already said above, from outside company network (internet) = =3D > access > > via > > ICA-full and webclient works perfect. > > The Java Client doesn't work. It start and then brings an error =3D > sounds > > like, > > that > >=3D20 > > Translated from German: > > The security certificate of the server is not trustworthy. To allow = =3D > access > > to this server, you have to install the certificate "GlobalSign = Root =3D > CA" > > Details shows: > >=3D20 > > SslCertificateNotTrustedException. Issuer "GlobalSign Root CA" > > at com/citrix/sdk/security/exceptions/SslException.convert > > at com/citrix/sdk/security/ssl/SslOutputStream.write > > at > > =3D > = com/citrix/sdk/security/socks/authentication/DefaultAuthenticator.beginS= =3D > oc > > ks > > 5Handshake > > at com/citrix/sdk/security/socks/a/b.a > > at com/citrix/sdk/security/socks/a/b.b > > at com/citrix/sdk/security/socks/a/b.<init> > > at com/citrix/sdk/security/Socks5SocketFactory.createSocket > > at com/citrix/sdk/security/SocketFactory.createSocks5Socket > > at = com/citrix/sdk/security/SocketFactory.createMultiplexedSslSocket > > at java/lang/reflect/Method.invoke > > at com/citrix/client/io/net/ip/x.b > > at com/citrix/client/io/net/ip/x.c > > at com/citrix/client/io/net/ip/x.a > > at com/citrix/client/io/net/ip/x.connect > > at com/citrix/client/io/net/ip/v.<init> > > at com/citrix/client/io/net/ip/v.<init> > > at com/citrix/client/module/td/tcp/TCPTransportDriver.q > > at com/citrix/client/module/td/TransportDriver.run > >=3D20 > > I have already opened a call at citrix, but we already seem to have > > checked > > everything. > >=3D20 > > - Root and server Certs are installed on both CSG and NFUSE > >=3D20 > > and remember, it works perfectly with local ica-clients. That is = =3D > realy > > crazy > > ! > > Is their perhaps a known issue with certificates from Globalsign ? > >=3D20 > > I am wishufully waiting on some genious ideas !!! > >=3D20 > >=3D20 > > Ciao, Daniel > >=3D20 > > dschoppmann@xxxxxx > > http://www.schoppmann.com/ > >=3D20 > > Meer=3DE4ckerstr. 24 > > 68163 Mannheim > >=3D20 > > home: 0621/8191407 > > mobil:0172/6395617 > >=3D20 > > ***********************************************=3D20 > > This Weeks Sponsor: WM Software > > WMS Messenger for TSE > > Affordable Instant Messaging for Terminal Servers > > http://www.wmsoftware.com/wmsm/ > > ************************************************ > > For Archives, to Unsubscribe, Subscribe or=3D20 > > set Digest or Vacation mode use the below link. > >=3D20 > > http://thethin.net/citrixlist.cfm > >=3D20 > *********************************************** > This Weeks Sponsor: WM Software > WMS Messenger for TSE > Affordable Instant Messaging for Terminal Servers > http://www.wmsoftware.com/wmsm/ > ************************************************ > For Archives, to Unsubscribe, Subscribe or > set Digest or Vacation mode use the below link. >=20 > http://thethin.net/citrixlist.cfm >=20 > ***********************************************=20 > This Weeks Sponsor: WM Software > WMS Messenger for TSE > Affordable Instant Messaging for Terminal Servers > http://www.wmsoftware.com/wmsm/ > ************************************************ > For Archives, to Unsubscribe, Subscribe or=20 > set Digest or Vacation mode use the below link. >=20 > http://thethin.net/citrixlist.cfm >=20 *********************************************** This Weeks Sponsor: WM Software WMS Messenger for TSE Affordable Instant Messaging for Terminal Servers http://www.wmsoftware.com/wmsm/ ************************************************ For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm