Configure HFM environment with SSL

Similar Messages

• Has any one configured Tomcat 4. with SSL?

  Has any one configured Tomcat 4. with SSL?
  Please I am getting a problem with this.
  When I say $tomcat_home/bin>startup,it starts up fine.
  When I change to the server.xml to point out to the server
  ceritificate I have created using the keytool,and again say
  startup,it disappears.
  Here is the extract of my server.xml
  Can some one please help as to what i am missing?
  <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
  <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
  port="8443" minProcessors="5" maxProcessors="75"
  enableLookups="true"
       acceptCount="100" debug="0" scheme="https" secure="true"
  useURIValidationHack="false" disableUploadTimeout="true">
  <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
  keystoreFile="C:/AHTTPS_UrlConnect/.keystore"
  keystorePass="changeit"
  clientAuth="false" protocol="TLS" />
  </Connector>

  this works for me
  <!-- unedited part below for ssl 21/7 -->
  <Connector className="org.apache.catalina.connector.http.HttpConnector"
  port="8443" minProcessors="5" maxProcessors="200"
  enableLookups="false"
  acceptCount="10" connectionTimeout="60000" debug="0"
  scheme="https" secure="true">
  <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
  clientAuth="false" keystoreFile="c:\jwsdp-1_0-ea2\tomcat_keystore\tomcatks" keystorePass="tomcat" protocol="TLS"/>
  </Connector>
  <!-- unedited part above 21/7 -->

• SSRS configuration in multi server environment with SSL

  Hi
  I have read numerous articles on configuration of Reporting Services in SharePoint integrated mode but not able to figure out if I'm missing something.
  Environment description
  SharePoint Enterprise 2010
  2 web servers, 2 app servers, 1 DB server.
  Authentication is custom claims (not windows claims)
  Since SSRS does not work in Custom Claims (confirmed by MS in ticket), we extended the webapplication. The URLs are
  https://actualurl (custom claims)
  https://EWAURL (Windows NT and Extended Web Application)
  Reporting Services Add-In has been installed on 2 web and 2 app servers.
  Reporting Services is running on app01 server. When we access
  http://app01/reportserver we get list of site collections. However when we try to create a new Report Source in
  https://EWAURL we get exception. Exception has both certificate error and SSRS SOAP exception. SSRS URL is not SSL enabled.
   My question is:
  Does SSRS work when it is running only on one app server? Or do I need to install reporting services on all app and web servers and then configure them to the app01 Reporting DB?
  Due to limitations we are trying to use one app server as reporting server. 

  My apologies
  I thought I was creating this in SharePoint 2010 -  Setup, Upgrade, Administration and Operations.
  @Admin/Moderator: could you please change this to the correct forum

• Issue in setting flex app in load balanced environment using SSL

  I have developed the dashboard in my application using flex 3.0. For this I have used JSP wrapper around the flex application. My application runs on JBoss application server. for communication between flex app and my application i am using LCDS. HTTPService component is being used to receive data from the server. Channel definitions are given in service-config.xml for amf and http channels and for both secure secure and not secure mode. In my proxy-config.xml i have defined Channels and destinations.
  services-config.xml
  <channel-definition id="my-amf" class="mx.messaging.channels.AMFChannel">
      <endpoint url="http://{server.name}:{server.port}/{context.root}/messagebroker/amf" class="flex.messaging.endpoints.AMFEndpoint"/>
      <properties>
            <polling-enabled>false</polling-enabled>
      </properties>
  </channel-definition>
  <channel-definition id="my-secure-amf" class="mx.messaging.channels.SecureAMFChannel">
      <endpoint url="https://{server.name}:{server.port}/{context.root}/messagebroker/amfsecure" class="flex.messaging.endpoints.SecureAMFEndpoint"/>
      <properties>
            <add-no-cache-headers>false</add-no-cache-headers>
      </properties>
  </channel-definition>
  <channel-definition id="my-http" class="mx.messaging.channels.HTTPChannel">
      <endpoint url="http://{server.name}:{server.port}/{context.root}/messagebroker/http" class="flex.messaging.endpoints.HTTPEndpoint"/>
  </channel-definition>
  <channel-definition id="my-secure-http" class="mx.messaging.channels.SecureHTTPChannel">
      <endpoint url="https://{server.name}:{server.port}/{context.root}/messagebroker/httpsecure" class="flex.messaging.endpoints.SecureHTTPEndpoint"/>
      <properties>
          <add-no-cache-headers>false</add-no-cache-headers>
      </properties>
  </channel-definition>
  proxy-config.xml
  <default-channels>
      <channel ref="my-http"/>
      <channel ref="my-amf"/>
      <channel ref="my-secure-http"/>
      <channel ref="my-secure-amf"/>
  </default-channels>
  <destination id="dashboardService">
      <properties>
  <url>/kr/servlet/DashboardServlet</url>
      </properties>
  </destination>
  <destination id="dashboardJSPService">
      <properties>
  <url>/kr/krportal/dashboardJSPService.jsf</url>
      </properties>
  </destination>
  In my development environment both secure and non secure mode were working fine. Now when I have deployed it behind the load balancer(which accepts secure requests only and if the request is not secure it redirects it to secure url) there is no response from the message broker servlet. One thing more I have observed is when the environment is non load balanced there are request like 'http://{server.name}:{server.port}/{context.root}/messagebroker/http'. and these requests are post request. But in load balanced environment with ssl the request is again like 'http://{server.name}:{server.port}/{context.root}/messagebroker/http' which is a post request and it is redirected to 'https://{server.name}:{server.port}/{context.root}/messagebroker/http' which is a get request. The content returned by this get request is null.
  Looking for some comments
  Thanks
  Abhishek Gupta

  if the load balancing environment is already well configured, thes rest is very easy, there is no difference between a configuration of load balancing environment and a simple one, for you that is transparent, except the manual deployment and manual copying
  of files in the directory 15

• Application Server 10g installation with SSL

  Hello,
  I'm planning to install the new 10g application server on a Red Hat Linux. I need the infrastructure and the middle tier components to work on SSL. Anybody has installed and configured the 10g with SSL? Is it as difficult and time consuming as in the 9iASR2? Is there any guide to do that?
  thanks.

  Pls refer to "Oracle Application Server 10g Administrator's Guide", Chapter 1.6 for more information on how to configure in SSL mode. By default SSL us not configured in 10g.

• SSL-Problems when setting up a test environment with Exchange

  Hello everyone,
  I am trying to set up a test environment with Exchange 2013 to learn how the stuff works. However, I am facing some problems due to the fact that Exchange is designed for use with SSL certificates. The main thing that makes problems is the connection with
  RPC over HTTP. I've used the MS remote connectivity analyzer to find out why it is not working and as I thought it is because of a missing SSL certificate (it seems the self signed doesn't work here). Now in order to get this working I just bought a certificate
  for "mydomain.com". Now here is the first problem: This certificate is NOT a wildcard certificate. So if I understood correctly it works for mydomain.com but it won't work for subdomain.mydomain.com. Is this correct? (First question)
  If this is correct I will probably another problem: As I said this is a learning-environment so the server is at home behind a router. This means: Only one WAN-IP. I think could get this working by forwarding everything to the Exchange Server (like mydomain.com
  goes to the WAN-IP where the router is forwarding everything like port 25 or 443 directly to the exchange Server). This way I wouldn't have any problems I think: mydomain.com has a valid SSL cert, it resolves to my WAN-IP which forwards everything to the internal
  Exchange Server. Now here is the problem: I plan to setup a SharePoint Server as well. I thought about using ARR (IIS) to make both available behind the same WAN-IP without using ports inside the url. Ideally the Exchange Server should then be available via
  "mail.mydomain.com". This will work fine with ARR but then I probably have SSL problems again? (second question)
  Do you have any ideas what I can do to solve such problems? Should I buy another certificate for mail.mydomain.com? But then I would need to buy several certificates (e.g. for autodiscover.mydomain.com to get this working as well). This can become very expensive...
  Thanks!
  Regards
  Christian

  Hi,
  For your first question, if there is a single certificate just for “mydomain.com”, it cannot work for subdomain.mydomain.com.
  Generally, antodiscover.domain.com is used to access the autodiscover service for external users. If you just need test users to access Exchange server from internal environment, it is not necessary to get a certificate for autodiscover.domain.com.
  Therefore, for your second question what I can ensure is that if all URLs that used to connect Exchange from internal and external are configured to mail.mydomain.com with all services(IIS,SMTP,POP,IMAP), there will be no certificate problems in Exchange
  side.
  Best Regards,
  Winnie Liang
  TechNet Community Support

• How to configure sso with SSL step by step

  Purpose
  In this document, you can learn how to configure SSO with SSL. After user have certificate installed in browser, he can login without input username and password.
  Overview
  In this document we will demonstrate:
  1.     How to configure OHS support SSL
  2.     How to Register SSO with SSL
  3.     Configure SSO for certificates
  Prerequisites
  Before start this document, you should have:
  1.     Oracle AS 10g infrastructure installed (10.1.2)
  2.     OCA installed
  Note:
  1.     “When you install Oracle infrastructure, please make sure you have select OCA.
  2.     How Certificate-Enabled Authentication Works:
  a.     The user tries to access a partner application.
  b.     The partner application redirects the user to the single sign-on server for authentication. As part of this redirection, the browser sends the user's certificate to the login URL of the server (2a). If it is able to verify the certificate, the server returns the user to the requested application.
  c.     The application delivers content. Users whose browsers are configured to prompt for a certificate-store password may only have to present this password once, depending upon how their browser is configured. If they log out and then attempt to access a partner application, the browser passes their certificate to the single sign-on server automatically. This means that they never really log out. To effectively log out, they must close the browser.
  Enable SSL on the Single Sign-On Middle Tier
  The following steps involve configuring the Oracle HTTP Server. Perform them on the single sign-on middle tier. In doing so, keep the following in mind:
  l     You must configure SSL on the computer where the single sign-on middle tier is running.
  l     You are configuring one-way SSL.
  l     You may enable SSL for simple network encryption; PKI authentication is not required. Note though that you must use a valid wallet and server certificate. The default wallet location is ORACLE_HOME/Apache/Apache/conf/ssl.wlt/default.
  1.     Back up the opmn.xml file, found at ORACLE_HOME/opmn/conf
  2.     In opmn.xml, change the value for the start-mode parameter to ssl-enabled. This parameter appears in boldface in the xml tag immediately following.
  <ias-component id="HTTP_Server">
  <process-type id="HTTP_Server" module-id="OHS">
  <module-data>
  <category id="start-parameters">
  <data id="start-mode" value="ssl-enabled"/>
  </category>
  </module-data>
  <process-set id="HTTP_Server" numprocs="1"/>
  </process-type>
  </ias-component>
  3.     Update the distributed cluster management database with the change: ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct opmn
  4.     Reload the modified opmn configuration file:
  ORACLE_HOME/opmn/bin/opmnctl reload
  5.     Keep a non-SSL port active. The External Applications portlet communicates with the single sign-on server over a non-SSL port. The HTTP port is enabled by default. If you have not disabled the port, this step requires no action.
  6.     Apply the rule mod_rewrite to SSL configuration. This step involves modifying the ssl.conf file on the middle-tier computer. The file is at ORACLE_HOME/Apache/Apache/conf. Back up the file before editing it.
  Because the Oracle HTTP Server has to be available over both HTTP and HTTPS, the SSL host must be configured as a virtual host. Add the lines that follow to the SSL Virtual Hosts section of ssl.conf if they are not already there. These lines ensure that the single sign-on login module in OC4J_SECURITY is invoked when a user logs in to the SSL host.
  <VirtualHost ssl_host:port>
  RewriteEngine on
  RewriteOptions inherit
  </VirtualHost>
  Save and close the file.
  7.     Update the distributed cluster management database with the changes:
  ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct ohs
  8.     Restart the Oracle HTTP Server:
  ORACLE_HOME/opmn/bin/opmnctl stopproc process-type=HTTP_Server
  ORACLE_HOME/opmn/bin/opmnctl startproc process-type=HTTP_Server
  9.     Verify that you have enabled the single sign-on middle tier for SSL by trying to access the OracleAS welcome page, using the format https://host:ssl_port.
  Reconfigure the Identity Management Infrastructure Database
  Change all references of http in single sign-on URLs to https within the identity management infrastructure database. When you change single sign-on URLs in the database, you must also change these URLs in the targets.xml file on the single sign-on middle tier. targets.xml is the configuration file for the various "targets" that Oracle Enterprise Manager monitors. One of these targets is OracleAS Single Sign-On.
  1.     Change Single Sign-On URLs
  Run the ssocfg script, taking care to enter the command on the computer where the single sign-on middle tier is located. Use the following syntax:
  UNIX:
  $ORACLE_HOME/sso/bin/ssocfg.sh protocol host ssl_port
  Windows:
  %ORACLE_HOME%\sso\bin\ssocfg.bat protocol host ssl_port
  In this case, protocol is https. (To change back to HTTP, use http.) The parameter host is the host name, or server name, of the Oracle HTTP listener for the single sign-on server.
  Here is an example:
  ssocfg.sh https login.acme.com 4443
  2. Restart OC4J_SECURITY instance and verify the configuration
  To determine the correct port number, examine the ssl.conf file. Port 4443 is the port number that the OracleAS installer assigns during installation.
  If you run ssocfg successfully, the script returns a status 0. To confirm that you were successful, restart the OC4J_SECURITY instance:
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY
  Then try logging in to the single sign-on server at its SSL address:
  https://host:ssl_port/pls/orasso/
       3. Back up the file targets.xml:
  cp ORACLE_HOME/sysman/emd/targets.xml ORACLE_HOME/sysman/emd/targets.xml.backup
  4. Open the file and find the target type oracle_sso_server. Within this target type, locate and edit the three attributes that you passed to ssocfg:
  ·     HTTPMachine—the server host name
  ·     HTTPPort—the server port number
  ·     HTTPProtocol—the server protocol
  If, for example, you run ssocfg like this:
  ORACLE_HOME/sso/bin/ssocfg.sh http sso.mydomain.com:4443
  Update the three attributes this way:
  <Property NAME="HTTPMachine" VALUE="sso.mydomain.com"/>
  <Property NAME="HTTPPort" VALUE="4443"/>
  <Property NAME="HTTPProtocol" VALUE="HTTPS"/>
  5.Save and close the file.
  6.     Reload the OracleAS console:
       ORACLE_HOME/bin/emctl reload
  7. Issue these two commands:
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY
  Registering mod_osso
  1.     This command sequence that follows shows a mod_osso instance being reregistered with the single sign-on server.
  $ORACLE_HOME/sso/bin/ssoreg.sh
       -oracle_home_path $ORACLE_HOME
       -config_mod_osso TRUE
       -mod_osso_url https://myhost.mydomain.com:4443
  2.     Restarting the Oracle HTTP Server
  After running ssoreg, restart the Oracle HTTP Server:
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server
  Configuring the Single Sign-On System for Certificates
  1.     Configure policy.properties with the Default Authentication Plugin
  Update the DefaultAuthLevel section of the policy.properties file with the correct authentication level for certificate sign-on. This file is at ORACLE_HOME/sso/conf. Set the default authentication level to this value:
  DefaultAuthLevel = MediumHighSecurity
  Then, in the Authentication plugins section, pair this authentication level with the default authentication plugin:
  MediumHighSecurity_AuthPlugin = oracle.security.sso.server.auth.SSOX509CertAuth
  2.     Restart the Single Sign-On Middle Tier
  After configuring the server, restart the middle tier:
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY
  Bringing the SSO Users to OCA User Certificate Request URL
  The OCA server reduces the administrative and maintenance cost of provisioning a user certificate. The OCA server achieves this by authenticating users by using OracleAS SSO server authentication. All users who have an Oracle AS SSO server account can directly get a certificate by using the OCA user interface. This reduces the time normoally requidred to provision a certificate by a certificate authority.
  The URL for the SSO certificate Request is:
  https://<Oracle_HTTP_host>:<oca_ssl_port>/oca/sso_oca_link
  You can configure OCA to provide the user certificate request interface URL to SSO server for display whenever SSO is not using a sertificate to authenticate a user. After the OracleAS SSO server authenticates a user, it then display the OCA screen enabling that user to request a certificate.
  To link the OCA server to OracleAS SSO server, use the following command:
  ocactl linksso
  opmnctl stoproc type=oc4j instancename=oca
  opmnctl startproc type=oc4j instancename=oca
  You also can use ocactl unlinksso to unlink the OCA to SSO.

  I have read the SSO admin guide, and performed the steps for enabling SSL on the SSO, and followed the steps to configure mod_osso with virtual host on port 4443 as mentioned in the admin guide.
  The case now is that when I call my form (which is developed by forms developer suite 10g and deployed on the forms server which is SSO enabled) , it calls the SSO module on port 7777 using http (the default behaviour).
  on a URL that looks like this :
  http://myhostname:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
  and gives the error :
  ( Forbidden
  You don't have permisission to access /sso/auth on this server at port 7777)
  when I manually change the URL to :
  https://myhostname:4443/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
  the SSO works correctly.
  The question is :
  How can I change this default behaviour and make it call SSO on port 4443 using https instead ?
  Any ideas ?
  Thanks in advance

• Configure Sun Directory Server 6.3 with SSL in OIM 9.1.0.2

  Hi,
  I am using OIM 9.1.0.2. i want to Provision User to Directory Server 6.3 with SSL confiuration
  Can anyone tell me the steps for configuring the Certificate import, etc..
  followed SJSDS_904120 doc but there is no info for DSEE 6.3 in it.
  Regards,
  Praveen
  Edited by: Praveen on Feb 16, 2012 9:08 PM

  Well not sure about the exact clicks you need to do but the basic steps are that you export certificates from DS and then import it into the jdk which has OIM running. Look at the doc for SJDS6.3 about setting and exporting certs.
  -Bikash

• Configuring JMS and loadbalancer with SSL termination? Has Anyone done it?

  Hi all,
  I'm having a problem getting JMS or even any JNDI lookup to work with a hardware load balancer and SSL termination. Has anyone used such a configuration? The load balancer in question is a Cisco CSS 11500 Series which has an SSL module. A client communicates with the CSS over SSL, the SSL module decrypts the packets and sends it for content switching and on to WebLogic as cleartext.
  Without SSL termination everthing works fine. With SSL termination active, Web service and web content all work fine, but I can't get SSL tGetting Initial context from ms01
  <29-Sep-2006 16:07:22 o'clock IST> <Debug> <TLS> <000000> <SSL/Domestic license found>
  <29-Sep-2006 16:07:22 o'clock IST> <Debug> <TLS> <000000> <Not in server, Certicom SSL license found>
  <29-Sep-2006 16:07:23 o'clock IST> <Debug> <TLS> <000000> <SSL Session TTL :90000>
  <29-Sep-2006 16:07:23 o'clock IST> <Debug> <TLS> <000000> <Trusted CA keystore: D:/eclipse/workspace/LoadBalancerTest/ssl/keystores/cssKeyS
  ore.keystore>
  <29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
  <29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 886220>
  <29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <SSLSocket will NOT be Muxing>
  <29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <write SSL_20_RECORD>
  <29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
  <29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <3941240 SSL3/TLS MAC>
  <29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <3941240 received HANDSHAKE>
  <29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHello>
  <29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
  <29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <3941240 SSL3/TLS MAC>
  <29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <3941240 received HANDSHAKE>
  <29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Certificate>
  <29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <validationCallback: validateErr = 0>
  <29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> < cert[0] = [
  Version: V3
  Subject: EMAILADDRESS="[email protected] ", CN=10.51.0.200, OU=Web Administration, O=Revenue Commissioners, L=Dublin, ST=Dublin,
  =IE
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: SunJSSE RSA public key:
  public exponent:
  010001
  modulus:
  a8f60248 b87c5860 229b9044 a666a9ae 27eb488c 424d9e67 e7b9d6d0 c292f081
  cfa76c04 f3d89b28 1bf544f9 5de2b66d 576ebeca 5dc5ca8a fceead9a 52e2ce6c
  2b91afef e4da5071 49b8784c 12d7f5f3 99f76482 79efe1d8 0a24f664 4c8d6e9e
  b0bc63be 1faf8319 eeb23e8a 019b65b2 59dd086d 1b714d4c 01618804 66f416bb
  Validity: [From: Fri Sep 08 11:44:28 BST 2006,
                 To: Mon Sep 05 11:44:28 BST 2016]
  Issuer: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
  SerialNumber: [    0131]
  Certificate Extensions: 4
  [1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
  0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
  0020: 65 e
  [2]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: 0E 6E 72 2E B1 3B B6 A3 59 79 5A C5 41 26 B7 B6 .nr..;..YyZ.A&..
  0010: A2 39 4C 73 .9Ls
  [3]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
  0010: AA 97 05 0D ....
  [CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE]
  SerialNumber: [    00]
  [4]: ObjectId: 2.5.29.19 Criticality=false
  BasicConstraints:[
  CA:false
  PathLen: undefined
  Algorithm: [MD5withRSA]
  Signature:
  0000: 2C A0 0C 34 4E 0D CA 24 A5 C3 03 3A 71 A1 2D D3 ,..4N..$...:q.-.
  0010: 65 A2 FA EF C1 5D D4 4A 28 8C 1A 70 5F 92 73 5E e....].J(..p_.s^
  0020: 7B 13 D4 AE 36 A8 86 EA 60 7F A5 E3 86 6E 84 1F ....6...`....n..
  0030: 5E 5F 30 06 B4 AA 2E 5C A7 65 74 32 09 0A 91 14 ^_0....\.et2....
  ]>
  <29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> < cert[1] = [
  Version: V3
  Subject: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: SunJSSE RSA public key:
  public exponent:
  010001
  modulus:
  bc61b29f a830c97a 7a76883e 1665a241 a68b891f 8e4167eb 62e578ac 9e342c3e
  53c9de8b e756634b e364010f 4d36c1c5 21a65b37 b64b4861 6f4dda29 b932191f
  Validity: [From: Mon May 31 15:22:15 BST 2004,
                 To: Thu May 29 15:22:15 BST 2014]
  Issuer: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
  SerialNumber: [    00]
  Certificate Extensions: 3
  [1]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
  0010: AA 97 05 0D ....
  [2]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
  0010: AA 97 05 0D ....
  [CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE]
  SerialNumber: [    00]
  [3]: ObjectId: 2.5.29.19 Criticality=true
  BasicConstraints:[
  CA:true
  PathLen:2147483647
  Algorithm: [MD5withRSA]
  Signature:
  0000: 3C 64 7C 9E 0B 90 48 9D 70 74 06 80 7F 2C AF 73 <d....H.pt...,.s
  0010: 92 1C C3 39 DD C3 45 B6 A4 8E 11 27 8E 21 18 4B ...9..E....'.!.K
  0020: FD AA 31 5E 35 FC DF 9E 70 42 F4 65 5C DF 56 9A ..1^5...pB.e\.V.
  0030: DD 8C 6B B7 3B BE E5 A7 D5 4A 16 23 C1 91 07 CA ..k.;....J.#....
  ]>
  <29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <SSLTrustValidator returns: 0>
  <29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <Trust status (0): NONE>
  <29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <Performing hostname validation checks: 10.51.0.200>
  <29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
  <29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <3941240 SSL3/TLS MAC>
  <29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <3941240 received HANDSHAKE>
  <29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHelloDone>
  <29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 134>
  <29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
  <29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 16>
  <29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
  <29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <3941240 SSL3/TLS MAC>
  <29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <3941240 received CHANGE_CIPHER_SPEC>
  <29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
  <29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <3941240 SSL3/TLS MAC>
  <29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <3941240 received HANDSHAKE>
  <29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Finished>
  <29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 0>
  <29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 272>
  <29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <3445873 read(offset=0, length=2048)>
  <29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
  <29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3941240 SSL3/TLS MAC>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3941240 received APPLICATION_DATA: databufferLen 0, contentLength 372>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3445873 read databufferLen 372>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3445873 read A returns 372>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 0>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 339>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3445873 read(offset=372, length=1676)>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 6771926>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLSocket will NOT be Muxing>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 93>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 SSL3/TLS MAC>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 received HANDSHAKE>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHello>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 SSL3/TLS MAC>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 received CHANGE_CIPHER_SPEC>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 SSL3/TLS MAC>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 received HANDSHAKE>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Finished>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 16>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 0>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 402>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 0>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 1707>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <23328673 read(offset=0, length=2048)>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 SSL3/TLS MAC>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 received APPLICATION_DATA: databufferLen 0, contentLength 174>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <23328673 read databufferLen 174>
  <29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <23328673 read A returns 174>
  <29-Sep-2006 16:07:44 o'clock IST> <Debug> <TLS> <000000> <NEW ALERT with Severity: WARNING, Type: 0
  java.lang.Exception: New alert stack
  at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
  at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown Source)
  at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
  at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)
  at weblogic.net.http.HttpClient.closeServer(HttpClient.java:466)
  at weblogic.net.http.KeepAliveCache$1.run(KeepAliveCache.java:120)
  at java.util.TimerThread.mainLoop(Unknown Source)
  at java.util.TimerThread.run(Unknown Source)
  >
  <29-Sep-2006 16:07:44 o'clock IST> <Debug> <TLS> <000000> <avalable(): 23328673 : 0 + 0 = 0>
  <29-Sep-2006 16:07:44 o'clock IST> <Debug> <TLS> <000000> <write ALERT, offset = 0, length = 2>
  <29-Sep-2006 16:07:44 o'clock IST> <Debug> <TLS> <000000> <SSLIOContextTable.removeContext(ctx): 6771926>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <3941240 SSL3/TLS MAC>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <3941240 received APPLICATION_DATA: databufferLen 0, contentLength 98>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <3445873 read databufferLen 98>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <3445873 read A returns 98>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 8406772>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLSocket will NOT be Muxing>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 93>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <21830977 SSL3/TLS MAC>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <21830977 received HANDSHAKE>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHello>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <21830977 SSL3/TLS MAC>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <21830977 received CHANGE_CIPHER_SPEC>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <21830977 SSL3/TLS MAC>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <21830977 received HANDSHAKE>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Finished>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 16>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 0>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 339>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <5618579 read(offset=0, length=2048)>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
  <29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  Exception in thread "main" javax.naming.CommunicationException [Root exception is java.net.ConnectException: https://10.51.0.200:8143: Boot
  trap to: 10.51.0.200/10.51.0.200:8143' over: 'https' got an error or timed out]
  at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:47)
  at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:636)
  at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:306)
  at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:239)
  at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:135)
  at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
  at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
  at javax.naming.InitialContext.init(Unknown Source)
  at javax.naming.InitialContext.<init>(Unknown Source)
  at TestAllManagedServers.main(TestAllManagedServers.java:54)
  Caused by: java.net.ConnectException: https://10.51.0.200:8143: Bootstrap to: 10.51.0.200/10.51.0.200:8143' over: 'https' got an error or t
  med out
  at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:200)
  at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:125)
  at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:296)
  ... 7 more
  o work for a simple JNDI lookup. With SSL debugging turned on, the following output is given:
  When I compare the Server HTTP logs I see that an initial context lookup involves 3 HTTP requests, e.g.
  25.2.1.210 - - [29/Sep/2006:16:29:12 +0100] "GET /bea_wls_internal/HTTPClntLogin/a.tun?wl-login=https+dummy+WLREQS+8.1.5+dummy+%0A&r
  and=3018901804201457976&AS=255&HL=19 HTTP/1.1" 200 17
  25.2.1.210 - - [29/Sep/2006:16:29:12 +0100] "GET /bea_wls_internal/HTTPClntRecv/a.tun?connectionID=0&rand=7332722597180897050 HTTP/1
  .1" 200 2341
  25.2.1.210 - - [29/Sep/2006:16:29:12 +0100] "POST /bea_wls_internal/HTTPClntSend/a.tun?connectionID=0&rand=3415396992694182025 HTTP/
  1.1" 200 17
  When my request goes through the load balancer I see the following in the HTTP logs:
  10.51.0.200 - - [29/Sep/2006:16:31:33 +0100] "GET /bea_wls_internal/HTTPClntLogin/a.tun?wl-login=https+dummy+WLREQS+8.1.5+dummy+%0A&
  rand=8279752507152372405&AS=255&HL=19 HTTP/1.1" 200 17
  10.51.0.200 - - [29/Sep/2006:16:31:33 +0100] "POST /bea_wls_internal/HTTPClntSend/a.tun?connectionID=0&rand=1051450669479197885 HTTP
  /1.1" 200 17
  10.51.0.200 - - [29/Sep/2006:16:32:28 +0100] "GET /bea_wls_internal/HTTPClntRecv/a.tun?connectionID=0&rand=6035654607615870287 HTTP/
  1.1" 200 5
  10.51.0.200 - - [29/Sep/2006:16:33:13 +0100] "GET /bea_wls_internal/HTTPClntRecv/a.tun?connectionID=0&rand=8245112057388607005 HTTP/
  1.1" 200 5
  Notice the time delay in some of the messages.
  The following error appears in the WebLogic server log, however I've verified that all IP addresses referenced by the load balancer configuration match those in the WebLogic configuration:
  <29-Sep-2006 16:31:43 o'clock IST> <Error> <RJVM> <BEA-000572> <The server rejected a connection attempt JVMMessage from: '266014296
  868812899C:25.2.1.210R:2462711729186814398S:10.51.0.2:[8113,8113,8114,8114,8113,8114,-1,0,0]:10.51.0.1:8103,10.51.0.1:8105,10.51.0.1
  :8107,10.51.0.2:8109,10.51.0.2:8111,10.51.0.2:8113:risIntCluster01:ms06' to: '0S:10.51.0.200:[-1,-1,-1,8143,-1,-1,-1,-1,-1]' cmd: 'C
  MD_IDENTIFY_REQUEST', QOS: '102', responseId: '0', invokableId: '0', flags: 'JVMIDs Sent, TX Context Not Sent', abbrev offset: '228'
  probably due to an incorrect firewall configuration or admin command.>
  When a JNDI lookup is made directly to a WebLogic server on the https port, the client gives the following output:
  Getting Initial context from ms01
  <29-Sep-2006 16:29:22 o'clock IST> <Debug> <TLS> <000000> <SSL/Domestic license found>
  <29-Sep-2006 16:29:22 o'clock IST> <Debug> <TLS> <000000> <Not in server, Certicom SSL license found>
  <29-Sep-2006 16:29:23 o'clock IST> <Debug> <TLS> <000000> <SSL Session TTL :90000>
  <29-Sep-2006 16:29:23 o'clock IST> <Debug> <TLS> <000000> <Trusted CA keystore: D:/eclipse/workspace/LoadBalancerTest/ssl/keystores/cssKeySt
  ore.keystore>
  <29-Sep-2006 16:29:23 o'clock IST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
  <29-Sep-2006 16:29:23 o'clock IST> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 7860099>
  <29-Sep-2006 16:29:23 o'clock IST> <Debug> <TLS> <000000> <SSLSocket will NOT be Muxing>
  <29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <write SSL_20_RECORD>
  <29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
  <29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <32915800 SSL3/TLS MAC>
  <29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <32915800 received HANDSHAKE>
  <29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHello>
  <29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
  <29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <32915800 SSL3/TLS MAC>
  <29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <32915800 received HANDSHAKE>
  <29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Certificate>
  <29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <validationCallback: validateErr = 0>
  <29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> < cert[0] = [
  Version: V3
  Subject: CN=10.52.0.3, OU=Revenue Integration Server, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: SunJSSE RSA public key:
  public exponent:
  010001
  modulus:
  ac47cae5 45e55fe4 8ec06362 84aab923 af35d7f1 8b7e8aaa 32772d8a d8185106
  0ba91363 07162207 6eaa33b4 db8a3fbb 1e228e93 841ff322 e319242a 04ae7447
  Validity: [From: Mon May 31 16:45:21 BST 2004,
                 To: Thu May 29 16:45:21 BST 2014]
  Issuer: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
  SerialNumber: [    05]
  Certificate Extensions: 4
  [1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
  0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
  0020: 65 e
  [2]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: D7 B3 92 7B C7 4E 2F 5D F3 97 CB 3B F9 FB 0A 1E .....N/]...;....
  0010: 97 C5 DD F1 ....
  [3]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
  0010: AA 97 05 0D ....
  [CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE]
  SerialNumber: [    00]
  [4]: ObjectId: 2.5.29.19 Criticality=false
  BasicConstraints:[
  CA:false
  PathLen: undefined
  Algorithm: [MD5withRSA]
  Signature:
  0000: 57 B6 54 4E 1A 54 91 66 5C A8 FE AF B6 50 AB 23 W.TN.T.f\....P.#
  0010: 6A 32 42 77 06 44 D5 7D 40 81 E4 DD 84 E3 7B 55 [email protected]
  0020: 96 A6 BC E9 E9 51 96 B9 E4 01 56 F9 41 B7 0C C3 .....Q....V.A...
  0030: 0A 92 C0 17 6E 6B 9D D6 9A 87 6D 6E 15 5A 86 F4 ....nk....mn.Z..
  ]>
  <29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> < cert[1] = [
  Version: V3
  Subject: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: SunJSSE RSA public key:
  public exponent:
  010001
  modulus:
  bc61b29f a830c97a 7a76883e 1665a241 a68b891f 8e4167eb 62e578ac 9e342c3e
  53c9de8b e756634b e364010f 4d36c1c5 21a65b37 b64b4861 6f4dda29 b932191f
  Validity: [From: Mon May 31 15:22:15 BST 2004,
                 To: Thu May 29 15:22:15 BST 2014]
  Issuer: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
  SerialNumber: [    00]
  Certificate Extensions: 3
  [1]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
  0010: AA 97 05 0D ....
  [2]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
  0010: AA 97 05 0D ....
  [CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE]
  SerialNumber: [    00]
  [3]: ObjectId: 2.5.29.19 Criticality=true
  BasicConstraints:[
  CA:true
  PathLen:2147483647
  Algorithm: [MD5withRSA]
  Signature:
  0000: 3C 64 7C 9E 0B 90 48 9D 70 74 06 80 7F 2C AF 73 <d....H.pt...,.s
  0010: 92 1C C3 39 DD C3 45 B6 A4 8E 11 27 8E 21 18 4B ...9..E....'.!.K
  0020: FD AA 31 5E 35 FC DF 9E 70 42 F4 65 5C DF 56 9A ..1^5...pB.e\.V.
  0030: DD 8C 6B B7 3B BE E5 A7 D5 4A 16 23 C1 91 07 CA ..k.;....J.#....
  ]>
  <29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <SSLTrustValidator returns: 0>
  <29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <Trust status (0): NONE>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <Performing hostname validation checks: 10.51.0.1>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <32915800 SSL3/TLS MAC>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <32915800 received HANDSHAKE>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHelloDone>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 70>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 16>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <32915800 SSL3/TLS MAC>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <32915800 received CHANGE_CIPHER_SPEC>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <32915800 SSL3/TLS MAC>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <32915800 received HANDSHAKE>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Finished>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 0>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 270>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <30340343 read(offset=0, length=2048)>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <32915800 SSL3/TLS MAC>
  <29-Sep-2006 16:29:28 o'clock IST> <Debug> <TL

  You will need an AAM set with the internal (http) address.
  http://blogs.msdn.com/b/ajithas/archive/2009/09/11/alternate-access-mapping-in-reverse-proxy-configuration.aspx
  Dimitri Ayrapetov (MCSE: SharePoint)

• How to configure OC4J using RMI/IIOP with SSL

  Any help?
  I just mange configure the OC4J using RMI/IIOP but base on
  But when I follow further to use RMI/IIOP with SSL I face the problem with: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
  p/s: I use self generate keystore which should be ok as I can use it for https connection.
  Any one can help?
  Below is the OC4J log:
  D:\oc4j\j2ee\home>java -Djavax.net.debug=all -DGenerateIIOP=true -Diiop.runtime.debug=true -jar oc4j.jar
  05/02/23 16:43:16 ================ IIOPServerExtensionProvider.preInitApplicationServer
  05/02/23 16:43:38 ================= IIOPServerExtensionProvider.postInitApplicationServer
  05/02/23 16:43:38 ================== config = {SEPS={IIOP={ssl-port=5556, port=5555, ssl=true, trusted-clients=*, ssl-client-server-auth-port=5557, keystore=D:\\oc4j\\j2ee\\home\\server.keystore, keystore-password=123456, truststore=D:\\oc4j\\j2ee\\home\\server.keystore, truststore-password=123456, ClassName=com.oracle.iiop.server.IIOPServerExtensionProvider, host=localhost}}}
  05/02/23 16:43:38 ================== server.getAttributes() = {threadPool=com.evermind.server.ApplicationServerThreadPool@968fda}
  05/02/23 16:43:38 ================== pool: null
  05/02/23 16:43:38 ====================== In startServer ...
  05/02/23 16:43:38 ==================== Creating an IIOPServer ...
  05/02/23 16:43:38 ========= IIOP server being initialized
  05/02/23 16:43:38 SSL port: 5556
  05/02/23 16:43:38 SSL port 2: 5557
  05/02/23 16:43:43 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): getEndpoint(IIOP_CLEAR_TEXT, 5555, null)
  05/02/23 16:43:43 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): createListener( socketType = IIOP_CLEAR_TEXT port = 5555 )
  05/02/23 16:43:44 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): getEndpoint(SSL, 5556, null)
  05/02/23 16:43:44 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): createListener( socketType = SSL port = 5556 )
  05/02/23 16:43:45 ***
  05/02/23 16:43:45 found key for : mykey
  05/02/23 16:43:45 chain [0] = [
  Version: V1
  Subject: CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: SunJSSE RSA public key:
  public exponent:
  010001
  modulus:
  b1239fff 2ae5d31d b01a0cfb 1186bae0 bbc7ac41 94f24464 e92a7e33 6a5b0844
  109e30fb d24ad770 99b3ff86 bd96c705 56bf2e7a b3bb9d03 40fdcc0a c9bea9a1
  c21395a4 37d8b2ce ff00eb64 e22a6dd6 97578f92 29627229 462ebfee 061c99a4
  1c69b3a0 aea6a95b 7ed3fd89 f829f17e a9362efe ccf8034a 0910989a a8573305
  Validity: [From: Wed Feb 23 15:57:28 SGT 2005,
                 To: Tue May 24 15:57:28 SGT 2005]
  Issuer: CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
  SerialNumber: [    421c3768]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 34 F4 FA D4 6F 23 7B 84 30 42 F3 5C 4B 5E 18 17 4...o#..0B.\K^..
  0010: 73 69 73 A6 BF 9A 5D C0 67 8D C3 56 DF A9 4A AC sis...].g..V..J.
  0020: 88 AF 24 28 C9 39 16 22 29 81 01 93 86 AA 1A 5D ..$(.9.")......]
  0030: 07 89 26 22 91 F0 8F DE E1 4A CF 17 9A 02 51 7D ..&".....J....Q.
  0040: 92 D3 6D 9B EF 5E C1 C6 66 F9 11 D4 EB 13 8F 17 ..m..^..f.......
  0050: E7 66 58 9F 6C B0 60 7C 39 B4 E0 B7 04 A7 7F A6 .fX.l.`.9.......
  0060: 4D A5 89 E7 F4 8A DC 59 B4 E7 A5 D4 0A 35 9A F1 M......Y.....5..
  0070: A2 CD 3A 04 D6 8F 16 B1 9E 6F 34 40 E8 C0 47 03 ..:[email protected].
  05/02/23 16:43:45 ***
  05/02/23 16:43:45 adding as trusted cert:
  05/02/23 16:43:45 Subject: CN=Client, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
  05/02/23 16:43:45 Issuer: CN=Client, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
  05/02/23 16:43:45 Algorithm: RSA; Serial number: 0x421c3779
  05/02/23 16:43:45 Valid from Wed Feb 23 15:57:45 SGT 2005 until Tue May 24 15:57:45 SGT 2005
  05/02/23 16:43:45 adding as trusted cert:
  05/02/23 16:43:45 Subject: CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
  05/02/23 16:43:45 Issuer: CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
  05/02/23 16:43:45 Algorithm: RSA; Serial number: 0x421c3768
  05/02/23 16:43:45 Valid from Wed Feb 23 15:57:28 SGT 2005 until Tue May 24 15:57:28 SGT 2005
  05/02/23 16:43:45 trigger seeding of SecureRandom
  05/02/23 16:43:45 done seeding SecureRandom
  05/02/23 16:43:45 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): getEndpoint(SSL_MUTUALAUTH, 5557, null)
  05/02/23 16:43:45 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): createListener( socketType = SSL_MUTUALAUTH port = 5557 )
  05/02/23 16:43:45 matching alias: mykey
  matching alias: mykey
  05/02/23 16:43:46 ORB created ..com.oracle.iiop.server.OC4JORB@65b738
  05/02/23 16:43:47 com.sun.corba.ee.internal.corba.ClientDelegate(Thread[Orion Launcher,5,main]): invoke(ClientRequest) called
  05/02/23 16:43:47 com.oracle.iiop.server.OC4JORB(Thread[Orion Launcher,5,main]): process: dispatching to scid 2
  05/02/23 16:43:47 com.oracle.iiop.server.OC4JORB(Thread[Orion Launcher,5,main]): dispatching to sc [email protected]7
  05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ClientDelegate(Thread[Orion Launcher,5,main]): invoke(ClientRequest) called
  05/02/23 16:43:48 com.oracle.iiop.server.OC4JORB(Thread[Orion Launcher,5,main]): process: dispatching to scid 2
  05/02/23 16:43:48 com.oracle.iiop.server.OC4JORB(Thread[Orion Launcher,5,main]): dispatching to sc com.sun.corba.ee.internal.corba.ServerDelegate@9300cc
  05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ServerDelegate(Thread[Orion Launcher,5,main]): Entering dispatch method
  05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ServerDelegate(Thread[Orion Launcher,5,main]): Consuming service contexts, GIOP version: 1.2
  05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ServerDelegate(Thread[Orion Launcher,5,main]): Has code set context? false
  05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ServerDelegate(Thread[Orion Launcher,5,main]): Dispatching to servant
  05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ServerDelegate(Thread[Orion Launcher,5,main]): Handling invoke handler type servant
  05/02/23 16:43:48 NS service created and started ..org.omg.CosNaming._NamingContextExtStub:IOR:000000000000002b49444c3a6f6d672e6f72672f436f734e616d696e672f4e616d696e67436f6e746578744578743a312e30000000000001000000000000007c000102000000000c31302e312e3231342e31310015b3000000000031afabcb0000000020d309e06a0000000100000000000000010000000c4e616d65536572766963650000000004000000000a0000000000000100000001000000200000000000010001000000020501000100010020000101090000000100010100
  05/02/23 16:43:48 NS ior = ..IOR:000000000000002b49444c3a6f6d672e6f72672f436f734e616d696e672f4e616d696e67436f6e746578744578743a312e30000000000001000000000000007c000102000000000c31302e312e3231342e31310015b3000000000031afabcb0000000020d309e06a0000000100000000000000010000000c4e616d65536572766963650000000004000000000a0000000000000100000001000000200000000000010001000000020501000100010020000101090000000100010100
  05/02/23 16:43:48 Oracle Application Server Containers for J2EE 10g (9.0.4.0.0) initialized
  05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.ConnectionTable(Thread[JavaIDL Listener,5,main]): Server getConnection(119e583[Unknown 0x0:0x0: Socket[addr=/127.0.0.1,port=1281,localport=5556]], SSL)
  05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.ConnectionTable(Thread[JavaIDL Listener,5,main]): host = 127.0.0.1 port = 1281
  05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.ConnectionTable(Thread[JavaIDL Listener,5,main]): Created connection Connection[type=SSL remote_host=127.0.0.1 remote_port=1281 state=ESTABLISHED]
  com.sun.corba.ee.internal.iiop.MessageMediator(Thread[JavaIDL Reader for 127.0.0.1:1281,5,main]): Creating message from stream
  05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, handling exception: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
  05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, SEND TLSv1 ALERT: fatal, description = unexpected_message
  05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, WRITE: TLSv1 Alert, length = 2
  05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called closeSocket()
  05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.ReaderThread(Thread[JavaIDL Reader for 127.0.0.1:1281,5,main]): IOException in createInputStream: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
  05/02/23 16:45:14 javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
  05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.d(DashoA12275)
  05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA12275)
  05/02/23 16:45:14 at com.sun.corba.ee.internal.iiop.messages.MessageBase.readFully(MessageBase.java:520)
  05/02/23 16:45:14 at com.sun.corba.ee.internal.iiop.messages.MessageBase.createFromStream(MessageBase.java:58)
  05/02/23 16:45:14 at com.sun.corba.ee.internal.iiop.MessageMediator.processRequest(MessageMediator.java:110)
  05/02/23 16:45:14 at com.sun.corba.ee.internal.iiop.IIOPConnection.processInput(IIOPConnection.java:339)
  05/02/23 16:45:14 at com.sun.corba.ee.internal.iiop.ReaderThread.run(ReaderThread.java:63)
  05/02/23 16:45:14 Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
  05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.InputRecord.b(DashoA12275)
  05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA12275)
  05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
  05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
  05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
  05/02/23 16:45:14 ... 6 more
  05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.IIOPConnection(Thread[JavaIDL Reader for 127.0.0.1:1281,5,main]): purge_calls: starting: code = 1398079696 die = true
  05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called close()
  05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called closeInternal(true)
  05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called close()
  05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called closeInternal(true)
  05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called close()
  05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called closeInternal(true)
  05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.ConnectionTable(Thread[JavaIDL Reader for 127.0.0.1:1281,5,main]): DeleteConn called: host = 127.0.0.1 port = 1281

  Good point, I do belive what you are referring to is this:
  Any client, whether running inside a server or not, has EJB security properties. Table 15-2 lists the EJB client security properties controlled by the ejb_sec.properties file. By default, OC4J searches for this file in the current directory when running as a client, or in ORACLE_HOME/j2ee/home/config when running in the server. You can specify the location of this file explicitly with the system property setting -Dejb_sec_properties_location=pathname.
  Table 15-2 EJB Client Security Properties
  Property Meaning
  # oc4j.iiop.keyStoreLoc
  The path and name of the keystore. An absolute path is recommended.
  # oc4j.iiop.keyStorePass
  The password for the keystore.
  # oc4j.iiop.trustStoreLoc
  The path name and name of the truststore. An absolute path is recommended.
  # oc4j.iiop.trustStorePass
  The password for the truststore.
  # oc4j.iiop.enable.clientauth
  Whether the client supports client-side authentication. If this property is set to true, you must specify a keystore location and password.
  # oc4j.iiop.ciphersuites
  Which cipher suites are to be enabled. The valid cipher suites are:
  TLS_RSA_WITH_RC4_128_MD5
  SSL_RSA_WITH_RC4_128_MD5
  TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
  SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
  TLS_RSA_EXPORT_WITH_RC4_40_MD5
  SSL_RSA_EXPORT_WITH_RC4_40_MD5
  TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
  SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
  nameservice.useSSL
  Whether to use SSL when making the initial connection to the server.
  client.sendpassword
  Whether to send user name and password in clear form (unencrypted) in the service context when not using SSL. If this property is set to true, the user name and password are sent only to servers listed in the trustedServer list.
  oc4j.iiop.trustedServers
  A list of servers that can be trusted to receive passwords sent in clear form. This has no effect if client.sendpassword is set to false. The list is comma-delimited. Each entry in the list can be an IP address, a host name, a host name pattern (for example, *.example.com), or * (where "*" alone means that all servers are trusted.

• How to configure BODS in network environment with NAT ?

  Hi Team,
  Now we are working on POC of BO Data Services 4.0 with SI partner and they reported us that  a communication error (error code:BODI-1241023) occurred when they started a job from Designer. 
  They can do it without any problems in the following two cases.
  1. from Designer which is installed in the CMS/JobServer machine
  2. from Designer which is installed in local PC within internal network (without firewall / NAT) 
  That is, the cause is Firewall with NAT(Network Address Translation) between Designer and JobServer/CMS.
  And, they can log on to CMS/JobServer with NAT environment, however, cann't start a job from Designer.
  The port #3500 for JobServer is open. They confirmed that they could log on to the JobServer in the event log
  of the JobServer.
  That is,  Designer -> CMS/JobServer communication is OK, but JobServer -> Designer communication must be NG.
  Could you advise us how to configure BODS both client and server sides in the network environment with NAT ?
  Thanks and best regards,

  HI Buddy,
  You can achieve this by $FLEX$, create first value set, and assign it to first field. Create second value set based on first value set using $FLEX$.
  follow steps mentioned in the bellow link
  http://erpschools.com/articles/usage-of-flex

• Configuring HFM 11.1.2 with sql2008 with multiple instances.

  Hello All,
  I have installed and configured HFM against an SQL 2008 server that has more than one DB instance. So, in order for me to successfully connect to the DB instance (say for example in a UDL), I first have to put the server name and the a “\instancename”. Unfortunately, it seems that the “\instancename” doesn’t seem to be saved in the conifg utility. If I rerun the config, only the server name shows in the config. I believe that this is causing me to not be able to register the HFM cluster with Shared Services. I look in the log files (specifically the HsvEventLog.log file) and I can see in there errors that state “SQL Server does not exist or access denied”. I know that I am a DBO on this DB and that this error is exactly the same error that I get in a UDL that does not have the “\instance” when I try to connect. When I go into Shared Services deployment artifacts for HFM, I can see that it is also not saving the “\instance” name in their either. I try to export/import with the “\instance” name added in and it fails upon import stating that the servername\instance host is unreachable or does not exist. So, all of this to ask is if there is a simple fix out there that already exist on how to configure HFM if the DB has multiple instances. Thank you in advance for any help or information that you are able to provide.

  I think you would need to file a support call for us to take a look. Something is amiss here. You have 2 OHS running. Are they on 2 different boxes using the same shared service? How are these 2 OHS controlled? Do you have a load balancer in front of it?
  Run the epmsys_registry.bat and look at the output. Search for CALC_LWA (LOGICAL_WEB_APP). Look at the children of that. How many CALC_WEBAPP do you see?
  Based on that I can tell if it is a problem with the configuration.
  In the meantime,
  If you can get to the exploded directory of CALC manager, (On my Windows box it is C:\Oracle\Middleware\user_projects\domains\EPMSystem\servers\CalcMgr0\tmp\servers\CalcMgr0\tmp\_WL_user\CALC_11.1.2.0\qxf61x\war), edit CalcMgrConfig.properties under WEB-INF\conf
  Add the following line to the end:
  DATABASE_CACHE_CLUSTER=true
  Now save the file and REPEAT the same for the other instances of CALC manager.
  Now restart all CALC servers and see if the issue is resolved (just a temporary check to see if it working without any issues)
  -Sree Menon

• Configuring BI Publisher with BI Server on SSL

  I am trying to configure BI Publisher 10.1.3.4 with a BI Server that is configured in SSL.
  The options we have for appending the connection string are:
  <Property Name>:= <Catalog>|<User>|<Password>|<SSL>|<SSLKeyStoreFileName> |<SSLKeyStorePassword>|<TrustAnyServer>|<TrustStoreFileName >|<TrustStorePassword>|<LogLevel>|<LogFilePath>|<PrimaryCCS>|<PrimaryCCSPort>| <SecondaryCCS>|<SecondaryCCSPort>
  eg:ssl=true;sslKeystorefilename=<path and filename of keystore>;sslKeystorepassword=<password of keystore and key>;trustanyserver=true;
  How should we configure this if we do not have a keystore on BI Server with SSL.
  We only have a cacert.pem,server-req.pem,server-cert.pem,server-key.pem,serverpwd.txt and cacert.pem..

  We have got the solution for this issue.
  We need to generate a certificate thro a keytool with a Distinguished Name associated with it.
  Certifying it with self cert of keytool and import the certified certificate into the jave a keystore cacerts and modifying the web site that directs the url to the Publisher Application.
  Steps below:
  C:\OracleBI\oc4j_bi\j2ee\home\config>keytool -genkey -keyalg RSA -keystore sslfile -storepass obiee123 -alias testalias5
  What is your first and last name?
  [Unknown]: shravan
  What is the name of your organizational unit?
  [Unknown]: unit
  What is the name of your organization?
  [Unknown]: Org
  What is the name of your City or Locality?
  [Unknown]: BU
  What is the name of your State or Province?
  [Unknown]: MA
  What is the two-letter country code for this unit?
  [Unknown]: US
  Is CN=shravan, OU=unit, O=Org, L=BU, ST=MA, C=US correct?
  [no]: yes
  Enter key password for <testalias>
  (RETURN if same as keystore password):
  C:\OracleBI\oc4j_bi\j2ee\home\config>keytool -selfcert -keystore sslfile -storepass obiee123 -alias testalias
  C:\OracleBI\oc4j_bi\j2ee\home\config>keytool -list -keystore sslfile -rfc
  Enter keystore password: obiee123
  Keystore type: jks
  Keystore provider: SUN
  Your keystore contains 1 entry
  Alias name: testalias
  Creation date: Dec 31, 2008
  Entry type: keyEntry
  Certificate chain length: 1
  Certificate[1]:
  -----BEGIN CERTIFICATE-----
  MIICMDCCAZkCBElbp/wwDQYJKoZIhvcNAQEEBQAwXzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1B
  MQswCQYDVQQHEwJCVTEUMBIGA1UEChMLT3JhY2xlIENvcnAxEDAOBgNVBAsTB1N1cHBvcnQxDjAM
  BgNVBAMTBUJpbmR1MB4XDTA4MTIzMTE3MTIyOFoXDTA5MDMzMTE3MTIyOFowXzELMAkGA1UEBhMC
  VVMxCzAJBgNVBAgTAk1BMQswCQYDVQQHEwJCVTEUMBIGA1UEChMLT3JhY2xlIENvcnAxEDAOBgNV
  BAsTB1N1cHBvcnQxDjAMBgNVBAMTBUJpbmR1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDL
  yBssKV4mneXMpvIJbAdlVUe2PkWTKYNjs52mEa6a05kbgUstvtL1OAMErycLZUwe4I0q/PKEKZ6K
  4e3AITnUugeHBIxki62DIZcMpHq5NgbqKuEFboBZJeRZgTy61aBfEWIclWpUi0BblXpUZCv0KYAV
  QgSVh71QDJJGyUjTgwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAHNnUcwia4abj5pJ97uPtbtiKB4b
  6Yx6G/RDf67jwThvvOHgYBo9ue+4s+VXAoNXp7NwFlLTvv0OopSq8IQvQyFy/cTpqYMT4In0t+u+
  0VaKXeL+sMwi3wRYI0RYbMy6NwxGLekjEHLaZa4IXoR8koD69TJLwXk92h48vnLI3YnB
  -----END CERTIFICATE-----
  C:\OracleBI\oc4j_bi\j2ee\home\config>keytool -export -alias testalias -keystore sslfile -file myfile.crt
  Enter keystore password: obiee123
  Certificate stored in file <myfile6.crt>
  C:\OracleBI\oc4j_bi\j2ee\home\config>
  C:\Program Files\Java\jdk1.5.0_14\jre\lib\security>keytool -import -trustcacerts -alias testalias6 -file myfile6.crt -keystore cacerts -storetype JKS
  Enter keystore password: changeit
  Owner: CN=shravan, OU=unit, O=Org, L=BU, ST=MA, C=US
  Issuer: CN=shravan, OU=unit, O=Org, L=BU, ST=MA, C=US
  Serial number: 495ba7fc
  Valid from: Wed Dec 31 10:12:28 MST 2008 until: Tue Mar 31 11:12:28 MDT 2009
  Certificate fingerprints:
  MD5: 14:B5:82:73:8B:9F:DF:D5:8D:BF:69:A8:DC:AA:E1:43
  SHA1: 4E:8B:34:8D:76:BE:83:81:CF:3E:9F:5D:6C:C0:44:55:6B:58:71:81
  Trust this certificate? [no]: yes
  Certificate was added to keystore
  Also modify the web-site on j2ee/home/config and server.xml appropritately to access the site on https.
  secure-web-site shld be appended with : port=4443, protocol=http, secure="true"
  server.xml shld be added with this secure-web-site to make the app work on SSL...

• Problem in Blazeds with Jboss Clustering ( Mod_JK with SSL )

  Hi,
       We are running our flex application in jboss clustering environment with the help of Apache mod_jk(Apache Web server as front end with mod_ssl enabled). We are using the SecureAMFChannel as we deploy the application in SSL. We use the RemoteObject for communicating with Java.
  The Application is running fine when we have only one node of JBoss. But once we add one more node to the cluster the application throws the following exception .
  Duplicate HTTP-based FlexSession error: A request for FlexClient 'FDCA49A7-9317-4D8A-881F-9248B1136E7A' arrived over a new FlexSession 'C9C563B8266A03C2207C00796CD7DFF1', but FlexClient is already associated with  FlexSession '8A328320F5C530D55E94568996A1B552', therefore it cannot be associated with the new session.
  As I am maintaing the session in the server, I need to use the JBoss cluster for session replication. I heard that flex clustering is not needed as we have mod_jk and it will do all the stuff for us.
  I checked with simple application without any session data also then too I faced the same problem.
  After the very first login, I can see 2 session created simultaneously and destroyed. I checked the application whether it calls twice before the session is created, but it is calling only once.
  Also when application connects with server2 and if I down the server2 my flex application throws the error that the server is not found, It is not detecting the other server.But it works once I refresh the browser.
  Application Environment Details
  JBoss 6
  Blaze Ds 4.5
  Apache Web server 2.2.21
  Mod_JK   1.2.32
  Mod_SSL 2.8.31
  Thanks,
  Suresh T
  I enabled the sticky session in Mod_jk .
  It is working when the connection is not secure(http) in both apache web server and jboss web server ). But when the connection is https the above problem is happening .
  Message was edited by: suresh.thirumurugan

  Hi,
   Thanks for your info.
    It worked for me as well.
  Thanks,
  Prasad
  On 6/26/08,
  Matthieu Labour <
  [email protected]> wrote:
  A new message was posted by Matthieu Labour in
  Configuration and Getting Started Discussion --
    Problem with configuring BlazeDS with JBOSS
  You might want to download the following tutorial
  http://sebastien-arbogast.com/2008/04/10/flex-spring-and-blazeds-the-full-stack/
  it works on jboss
  Best
  Matt
  View/reply at
  Problem with configuring BlazeDS with JBOSS
  Replies by email are OK.
  Use the
  unsubscribe form to cancel your email subscription.

• Configuring exchange 2013 with MS PKI

  while trying to configure exchange to work with certificates issued from my internal MS PKI, I deleted the self signed certificates. and now I can't access exchange. the good thing is that this is not a production environment yet. I was looking around and
  I couldn't find a documentation on how to request certificates from an internal CA. and how to assign the certificate to exchange.
  I need help regarding this, if any one has a working environment with CAS and MB on different server, how the certificates are assigned in IIS.

  Hi mtxfayez,
  First, I would like to share some information on Self-signed certificate and PKI certificate.
  1. Self-signed certificate.
  This self-signed certificate is used to encrypt communications between the Client Access server and the Mailbox server. The Client Access server trusts the self-signed certificate on the Mailbox server automatically, so no third-party
  certificate is needed on the Mailbox server.
  By default, the digital certificate installed on the Mailbox server or servers is a self-signed certificate. You don’t need to replace the self-signed certificate on the Mailbox servers in your organization with a trusted third-party certificate. The
  Client Access server automatically trusts the self-signed certificate on the Mailbox server and no other configuration is needed for certificates on the Mailbox server.
  2. PKI certificate.
  If you obtain certificates from a domain-joined Windows CA, you can use the CA to request or sign certificates to issue to your own servers or computers on your network. This enables you to use a PKI that resembles a third-party certificate vendor,
  but is less expensive. These PKI certificates can't be deployed publicly, as other types of certificates can be.
  The steps for deploying a PKI-generated certificate resemble those required for deploying a self-signed certificate. You must still install a copy of the trusted root certificate from the PKI to the trusted root certificate store of the computers or
  mobile devices that you want to be able to establish an SSL connection to Microsoft Exchange.
  Note: One problem with self-signed and PKI-based certificates is that, because the certificate is not automatically trusted by the client computer or mobile device, you must make sure that you import the certificate into
  the trusted root certificate store on client computers and devices.
  More details in the following article:
  http://technet.microsoft.com/en-us/library/dd351044(v=exchg.150).aspx
  Second, about "how to request certificates from an internal CA" and "how to assign the certificate to exchange", found a great blog for your reference:
  Enterprise PKI with Windows Server 2012 R2 Active Directory Certificate Services (Part 1 of 2)
  http://blogs.technet.com/b/yungchou/archive/2013/10/21/enterprise-pki-with-windows-server-2012-r2-active-directory-certificate-services-part-1-of-2.aspx
  Enterprise PKI with Windows Server 2012 R2 Active Directory Certificate Services (Part 2 of 2)
  http://blogs.technet.com/b/yungchou/archive/2013/10/22/enterprise-pki-with-windows-server-2012-r2-active-directory-certificate-services-part-2-of-2.aspx
  Last, if it still not works well, please paste the detailed error message without sensitive information for the further troubleshooting.
  Hope it is helpful
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support