njcuwebsupport
asked on
Problem: Website SSL/TLS issue causing "Internet Explorer cannot display the webpage." to be displayed.
Problem: Website SSL/TLS issue causing "Internet Explorer cannot display the webpage." to be displayed.
Certificates were just updated causing users that run IE6 and higher versions that don't have TLS checked off under Advanced Settings to display "Internet Explorer cannot display the webpage."
Since this isn't a 404 error, by which I could normally change the error message, this message is being displayed by the user's browser.
My question is .. when the user doesn't have the option for TLS checked off inside of IE .. how can I deliver a custom message to the user.
We are running Oracle's WEBLOGIC on our server, not IIS.
How can I do this?
Gary
Certificates were just updated causing users that run IE6 and higher versions that don't have TLS checked off under Advanced Settings to display "Internet Explorer cannot display the webpage."
Since this isn't a 404 error, by which I could normally change the error message, this message is being displayed by the user's browser.
My question is .. when the user doesn't have the option for TLS checked off inside of IE .. how can I deliver a custom message to the user.
We are running Oracle's WEBLOGIC on our server, not IIS.
How can I do this?
Gary
ASKER
Arnold,
This is a very serious issue for us. Would you be able and willing to possibly give me a call (or I can call you) or we can chat over Skype TOMORROW (during the day, Eastern Standard Time). I would sincerely appreciate your help if you would be willing to help explain this further. I'm a bit confused and would like to possibly have one of our network people be involved when we chat. Would you be open to this?
Thanks,
Gary
This is a very serious issue for us. Would you be able and willing to possibly give me a call (or I can call you) or we can chat over Skype TOMORROW (during the day, Eastern Standard Time). I would sincerely appreciate your help if you would be willing to help explain this further. I'm a bit confused and would like to possibly have one of our network people be involved when we chat. Would you be open to this?
Thanks,
Gary
ASKER
The problem (in a bit more detail) is that our users .. when they go to a page that uses https (on the WebLogic server) is displaying that "Internet Explorer cannot display the webpage." We desperately need to figure out how to correct this so users that are using browsers that do not have the TLS checked in their browser configuration .. will either get some other message other than that the page can't be displayed, etc. Please let me know if you would be willing to chat with me about this tomorrow.
And, have you ever run into this issue before?
:-) Gary
And, have you ever run into this issue before?
:-) Gary
Gary,
My knowledge of WebLogic is limited.
The error your users are getting is the friendly IE error and you do not have a way to alter the behavior of the browser used by the user or you would have enabled the TLS options through the same approach.
The way to fix this issue is to modify the configuration of your Weblogic server to allow for an SSL connection or provide a FAQ on your site dealing with connection/troubleshooting
The issue seems to be on your WebLogic server's configuration side such that it is only configured for TLS and does not fall back to SSL when an older browser or one that has TLS mode disabled tries to establish a connection.
I've included a link I found for WebLogic 8.1 to address an issue similar to yours i.e. how to enable SSL.
Your issue is somewhat like a person who can understand people talking english here, but having a very difficult time understanding the Queens English or someone who has a heavy accent due to a foreign or regional speech pattern.
Which version of WebLogic do you have? I could try to locate an example that may simplify the steps to correct the issue.
The below link deals with enabling SSL in weblogic 9.2
http://www.coderanch.com/t/421103/BEA-Weblogic/configure-SSL-WEBLOGIC-Server
My knowledge of WebLogic is limited.
The error your users are getting is the friendly IE error and you do not have a way to alter the behavior of the browser used by the user or you would have enabled the TLS options through the same approach.
The way to fix this issue is to modify the configuration of your Weblogic server to allow for an SSL connection or provide a FAQ on your site dealing with connection/troubleshooting
The issue seems to be on your WebLogic server's configuration side such that it is only configured for TLS and does not fall back to SSL when an older browser or one that has TLS mode disabled tries to establish a connection.
I've included a link I found for WebLogic 8.1 to address an issue similar to yours i.e. how to enable SSL.
Your issue is somewhat like a person who can understand people talking english here, but having a very difficult time understanding the Queens English or someone who has a heavy accent due to a foreign or regional speech pattern.
Which version of WebLogic do you have? I could try to locate an example that may simplify the steps to correct the issue.
The below link deals with enabling SSL in weblogic 9.2
http://www.coderanch.com/t/421103/BEA-Weblogic/configure-SSL-WEBLOGIC-Server
ASKER
arnold,
1. I will try to get the version of Weblogic shortly and get back to you. I'm guessing we might have a slighly older version of weblogic, but I'm not sure. I'll find out and get back to you shortly. If you can find information on a slightly older version, that would help.
2. But when you said "The way to fix this issue is to modify the configuration of your Weblogic server to allow for an SSL connection or provide a FAQ on your site dealing with connection/troubleshooting
Thanks,
Gary
1. I will try to get the version of Weblogic shortly and get back to you. I'm guessing we might have a slighly older version of weblogic, but I'm not sure. I'll find out and get back to you shortly. If you can find information on a slightly older version, that would help.
2. But when you said "The way to fix this issue is to modify the configuration of your Weblogic server to allow for an SSL connection or provide a FAQ on your site dealing with connection/troubleshooting
Thanks,
Gary
The URL is the same https://yourhost.yourdomain.com
The TLS/SSL is the type of encryption that the browser and the server negotiate.
TLS is based on SSL but TLS does not include a mechanism to fall back if TLS is not supported on the browser. This is why both have to be enabled through through a configuration on the server.
If you would provide the URL and only the URL, that may clear up things further.
Need to try to establish a connection while TLS is disabled to see whether the issue is that SSL mode is not enabled or there might be other issues that prevent the SSL mode connections.
The TLS/SSL is the type of encryption that the browser and the server negotiate.
TLS is based on SSL but TLS does not include a mechanism to fall back if TLS is not supported on the browser. This is why both have to be enabled through through a configuration on the server.
If you would provide the URL and only the URL, that may clear up things further.
Need to try to establish a connection while TLS is disabled to see whether the issue is that SSL mode is not enabled or there might be other issues that prevent the SSL mode connections.
The discussion deals with going into:
http://www.coderanch.com/t/421103/BEA-Weblogic/configure-SSL-WEBLOGIC-Server
The last comment by Vijay:
"
[Post New]posted Monday, November 03, 2008 11:15 AM private message
Quote
Yes, you can do that when your creating the DOMAIN using weblogic-configuration wizard.
If not, login to AdminConsole - slect the Server then go to properties of General tab there you need to select LOCK&EDIT option then enable SSL and you can even configure the port as well.
"
From: http://download.oracle.com/docs/cd/E13222_01/wls/docs92/secmanage/ssl.html
http://www.coderanch.com/t/421103/BEA-Weblogic/configure-SSL-WEBLOGIC-Server
The last comment by Vijay:
"
[Post New]posted Monday, November 03, 2008 11:15 AM private message
Quote
Yes, you can do that when your creating the DOMAIN using weblogic-configuration wizard.
If not, login to AdminConsole - slect the Server then go to properties of General tab there you need to select LOCK&EDIT option then enable SSL and you can even configure the port as well.
"
From: http://download.oracle.com/docs/cd/E13222_01/wls/docs92/secmanage/ssl.html
"Specifying the Version of the SSL Protocol
WebLogic Server supports both the SSL V3.0 and TLS V1.0 protocols. When WebLogic Server is acting as an SSL server, the protocol that the client specifies as preferred in its client hello message. When WebLogic Server is acting as an SSL client, it specifies TLS1.0 as the preferred protocol in its SSL V2.0 client hello message, but can use SSL V3.0 as well, if that is the highest version that the SSL server on the other end supports. The peer must respond with an SSL V3.0 or TLS V1.0 message or the SSL connection is dropped.
While in most cases the SSL V3.0 protocol is acceptable some circumstances (compatibility, SSL performance, and environments with maximum security requirements) make the TLS V1.0 protocol more desirable. The weblogic.security.SSL.protocolVersion command-line argument lets you specify which protocol is used for SSL connections.
Note: The SSL V3.0 and TLS V1.0 protocols can not be interchanged. Only use the TLS V1.0 protocol if you are certain all desired SSL clients are capable of using the protocol.
The following command-line argument can be specified so that WebLogic Server supports only SSL V3.0 or TLS V1.0 connections:
* -Dweblogic.security.SSL.protocolVersion=SSL3—Only SSL V3.0 messages are sent and accepted.
* -Dweblogic.security.SSL.protocolVersion=TLS1—Only TLS V1.0 messages are sent and accepted.
* -Dweblogic.security.SSL.protocolVersion=ALL—This is the default behavior.
"
ASKER
Note: We are running Weblogic v8.1 (let me know if and what difference this may make)
The issue is with your weblogic server configuration which seems to be set to only negotiate a TLS connection.
IE does not provide descriptive errors that could lead to a solution, Mozilla Firefox does:
After disabling the TLS option as a valid secure mode/encryption:
"Secure Connection Failed
An error occurred during a connection to gothicnet.njcu.edu.
Peer reports incompatible or unsupported protocol version.
(Error code: ssl_error_protocol_version
* The page you are trying to view can not be shown because the authenticity of the received data could not be verified.
* Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
"
IE does not provide descriptive errors that could lead to a solution, Mozilla Firefox does:
After disabling the TLS option as a valid secure mode/encryption:
"Secure Connection Failed
An error occurred during a connection to gothicnet.njcu.edu.
Peer reports incompatible or unsupported protocol version.
(Error code: ssl_error_protocol_version
* The page you are trying to view can not be shown because the authenticity of the received data could not be verified.
* Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
"
ASKER
So ... once again (and I apologize) .. so for IE (as well as Firefox) .. what can I do to present a custom message or redirect the users effected by this to a different URL?
What can be done and how? And .. again, we're on Weblogic version 8.1
If you can simply provide me with exactly what needs to be done, that would be appreciated.
Gary
PS: Thank you.
What can be done and how? And .. again, we're on Weblogic version 8.1
If you can simply provide me with exactly what needs to be done, that would be appreciated.
Gary
PS: Thank you.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you very much. I have passed this information to our network people. If you don't mind, I may (but hopefully not) be back for any last and final follow up questions. But thank you for all of your help and information.
i.e. you only require TLS v2 etc. you need to make sure your application server supports SSL as well as TLS.
http://hosteddocs.ittoolbox.com/NA2.5.07.pdf for version 8.1 as an example.