Configuring SSL Authentication

Similar Messages

• SSL authentication

  Hello
  I am configuring ssl authentication ( document oracle support 736510.1)
  But when doing tnsping from client side i have an tns-12560
  [oracle@testrac3 admin]$ tnsping TEST
  TNS Ping Utility for Linux: Version 11.2.0.3.0 - Production on 17-JUN-2013 10:04:14
  Copyright (c) 1997, 2011, Oracle.  All rights reserved.
  Used parameter files:
  /opt/app/oracle/product/11.2.0.3/db/network/admin/sqlnet.ora
  Used TNSNAMES adapter to resolve the alias
  Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST = testrac1.XX.XX)(PORT =2484)) (SECURITY= (SSL_SERVER_CERT_DN=CN=dbasecurityRoot,O=dbasecurity,C=US)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME= TEST.XXX.XXX)))
  TNS-12560: TNS:protocol adapter error
  Can someone give me an help
  Best regards

  Hi, djoloff,
  I already answered in this thread, may be it will help.
  https://forums.oracle.com/thread/2527585

• Configuring SSL

  DB version: 11.1.0.6
  Platform: AIX 5L
  I'm planning to configure SSL authentication to the client. Per Oracle documentation, I don't see 'Oracle Advanced Security Profile' in Oracle Net Manager. I'm able to see only 'Naming' and 'General' tabs in the drop down. How can I install advanced security features?

  I have already gone though these documents. But, it has just mentioned 'install advanced security features'. When I have seen the installed products, I'm able to see 'Oracle Advanced Security', SSL, etc. If so, why is the netmgr not displaying 'Oracle Advanced Security' in the dropdown.

• Configure SSL in J2SE Plain adapter

  I tryed to configure SSL in J2SE Plain adapter. (7.0)
  I've generated a certificate file "certif_file.cer" and
  while I put in GUIBrowserEngine Property File the following
  line:
  HTTP.SSLcertificate=F:\tech_adapter_70\certif_file.cer
  I've got the following error message:
  16:19:10 : Error(s) in GUIBrowserEngine configuration
  parameters found:
  ERROR: Certificate file 'F: ech_adapter_70certif_file.cer' not
  found, must quit!
  It seems that something wrong with my definition of full path
  to this file. But I do not find from SAP Library any solution
  about this problem.
  Could you help me?

  Hi Boris,
  Please try to give the full path using backslash '/' :
  e.g.  F:/tech_adapter_70/certif_file.cer
  I hope it will work.
            The J2SE Adapter Engine uses SSL only for communication line encryption, not for client and server authentications. Since this is a drawback with respect to security, you should use the J2EE Adapter Engine in insecure environments.
                           All configuration data for the Plain J2SE Adapter Engine is maintained in flat property files.The file for the engine administration data itself is located in the following directory:
  <installation directory>/tech_adapter/BaseConfiguration
  The file for the adapter configuration data is located in the following directory:
  <installation directory>/tech_adapter/Configuration
                     The adapters of the Plain J2SE Adapter Engine are configured locally and not in the Integration  Directory. Exchanged messages are also stored directly in the file system.
  Therefore, ensure that only the operating system user, who has started and therefore owns the adapter engine process, can read the property files and has access to the directories used for message exchange.
  *Pls: Reward points if helpful*
  Regards,
  Jyoti
  Edited by: Jyoti Acharya on Dec 19, 2007 5:05 PM

• Connecting Using SSL Authentication Without Username and Password

  Hi,
  We're on RedHat Linux 4.0 using 10.2.0.3 (server/client). We're trying to figure out a way to connect to the database using instantclient and JDBC-OCI and SSL authentication without using a username or password. According to the documentation this should be possible but no sample code is given.
  LD_LIBRARY_PATH is set /opt/app/oracle/product/10.2.0/db_1/lib:/usr/lib:/home/oracle/instantclient where the instantclient was installed from the 10.2.0.1 client software
  and we are using JDK version 1.6.0_03.
  We're also referencing the following paper:
  http://www.oracle.com/technology/tech/java/sqlj_jdbc/pdf/wp-oracle-jdbc_thin_ssl_2007.pdf
  We've got our client and server wallets configured and the sample code we tried looks like this:
  import java.sql.*;
  import java.sql.*;
  import java.io.*;
  import java.util.*;
  import oracle.net.ns.*;
  import oracle.net.ano.*;
  import oracle.jdbc.*;
  import oracle.jdbc.pool.*;
  import java.security.*;
  import oracle.jdbc.pool.OracleDataSource;
  public static void main(String[] argv) throws Exception {
  DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
  Security.addProvider(new oracle.security.pki.OraclePKIProvider());
  System.setProperty("oracle.net.tns_admin", "/opt/app/oracle/product/10.2.0/db_1/network/admin");
  String url = "jdbc:oracle:thin:@orcl";
  java.util.Properties props = new java.util.Properties();
  props.setProperty("oracle.net.authentication_services","(TCPS)");
  props.setProperty("javax.net.ssl.trustStore",
  "/opt/app/oracle/product/10.2.0/db_1/admin/wallet/server/cwallet.sso");
  props.setProperty("javax.net.ssl.trustStoreType","SSO");
  props.setProperty("javax.net.ssl.keyStore", "/opt/app/oracle/product/10.2.0/db_1/admin/wallet/client/cwallet.sso");
  props.setProperty("javax.net.ssl.keyStoreType","SSO");
  props.put ("oracle.net.ssl_version","3.0");
  props.put ("oracle.net.wallet_location", "(SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=/opt/app/oracle/product/10.2.0/db_1/admin/wallet/client)))");
  System.out.println("At Here...");
  OracleDataSource ods = new OracleDataSource();
  //ods.setUser("scott");
  //ods.setPassword("tiger");
  ods.setURL(url);
  ods.setConnectionProperties(props);
  System.out.println("At Here1...");
  Connection conn = ods.getConnection();
  System.out.println("At Here2...");
  Statement stmt = conn.createStatement();
  ResultSet rset = stmt.executeQuery("select 'Hello Thin driver SSL "
  + "tester ' from dual");
  while (rset.next())
  System.out.println(rset.getString(1));
  rset.close();
  stmt.close();
  conn.close();
  When this code is compiled and run, the following error is thrown:
  Exception in thread "main" java.sql.SQLException: invalid arguments in call
  at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:112)
  If a username and password is supplied, the code works. So does anyone have a working of using SSL to authenticate without supplying username/password?
  Thanks
  mohammed

  Hi,
  I just solved this. I noticed from another thread that I was not using the OCI driver (see below):
  String url = "jdbc:oracle:thin:@pki14";
  Once I changed it to:
  String url = "jdbc:oracle:oci:@pki14";
  The code worked perfectly. One more setting that you'll have to do is to create the user you want to connect as externally:
  create user scott identified externally as
  'CN=acme, OU=development, O=acme, C=US';
  grant connect,create session to scott;
  Note that the DN should be the same as the SSL certificate that you created in your wallet.
  hth
  mohammed

• Java sp 2-way SSL authentication

  I've written a java stored proc that uses JSSE to implement an HTTPS client to a partner's server. In the past, this strategy has worked well, and we have several successful projects under our belts.
  This time, the partner's server is configured for 2-way ssl authentication. When I try to open the connection from my client, it is reporting-
  javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate.
  I'm not 100% sure what that means, but I think that it means the server is asking for a public cert from the client, and it isn't happy with what it is getting back.
  Can anyone tell me how to configure the client-side cert in a way that will make it available for my java code running in the Oracle JVM. I understand how to set up the keystore so that it is available for Tomcat, for example, but I'm at a loss to find how to setup client certs for access within an Oracle Java Stored Procedure...
  I hope that I have explained this clearly. If I need to provide more information, just ask.
  Thanks in advance for any help.
  Cole

  http://www.weblogic.com/docs51/classdocs/API_acl.html
  Michael Girdley
  BEA Systems Inc
  "gennot" <[email protected]> wrote in message
  news:[email protected]..
  Could you send me the complete URL of these example, please?
  Thanks
  Enrico
  Michael Girdley <[email protected]> wrote in message
  39b87078$[email protected]..
  The passing of the client's certificate should be automatic to WebLogic.We
  have an example of getting the client side certificate from inside of
  WebLogic in our documentation.
  This does not require for SSL to be used from the Web server to
  WebLogic.
  >>
  Thanks,
  Michael
  Michael Girdley
  BEA Systems Inc
  "Bob Simonoff" <[email protected]> wrote in message
  news:[email protected]..
  I have read through the docs and haven't found anything that would
  address
  the following confusion:
  Suppose I want to use Apache or IPlanet as the webserver with WebLogicas
  the back end application server (obviously). I have the need to use 2way
  SSL authentication. As I understand it the following applies:
  Client (browser) has a certificate as does the web server. Theyauthenticate
  each other.
  Now, the web server and weblogic need to communicate. WebLogic, in our
  environment does authentication via the security realm.
  What do I have to do to get the the web server (Apache or IPlanet) to
  communicate the client's certificate to WebLogic so the WebLogic canperform
  the authentication?
  Does the communication between the web server and WebLogic also need
  to
  be
  SSL?
  Thanks
  Bob Simonoff

• Mutual SSL Authentication

  Hi,
  We are trying to implement Mutual SSL Authentication in our environment with Reverse Proxy and the Client's Browser.
  Can anybody help me out in this.
  We are using OAM

  Make sure the following for reverse proxy:
  1. make sure the webserver that uses reverse proxy accepts requests from reverse proxies.
  2. update the virtual hosts configured in the policy manager
  3. prevent people from using the direct url, u can use web server ACL's
  4.redirect all existing URL's to reverse proxy hostname with port
  5. deploy enough proxy servers to handle the load
  Thanks.
  Subhani Shaik

• Configuring the authentication scheme for a web application

  Hi all,
  We have a requirement to configure the authentication scheme for a web application where some set of users should access the application using basic LDAP (userid/password) authentication and some using digital certificate authentication.
  Since the deployment descriptor (web.xml) allows only one directive for auth-method in logic-config, we want to know if there is any other way to achieve this requirement. We are thinking of a custom login module approach. But we are not able to figure out how to configure the auth-method at runtime from the login servlet.
  Please let us know if there is any other approach to achieve this.
  I will be thankful if any body shares any specific solution to this issue.

  This forum is probably not the correct one to ask in. It's more related to the web container than Java Programming.
  Kaj

• Configuring SSL to make a HTTPS web Service call from XI

  Hi All,
  We are making a <b>https web service call</b> using soap adapter from XI. Looking at the various posts and SAP help links, we are configuring SSL for the same.
  The procedure given in SAP help has been followed to configure SSL but with no luck. If someone had done this could you please give a <b>step by step procedure</b> to configure SSL, we might have missed out on something.
  Also are there are <b>any other settings apart from SSL</b> to be done to make a  https web service call using soap adapter from XI.
  Cheers,
  Chandra

  user13046122 wrote:
  I have an old pl/sql "helper" package, originally written to make SOAP Web Service calls from the database - it uses UTL_HTTP to invoke the target services.
  I now need to make SOAP Web Service calls - from an 8.1.7.4 database
  But the version of UTL_HTTP inside 8.1.7.4 does not contain the functions needed in the helper package
  Can anybody suggest a means of making SOAP Web Service calls from an 8.1.7.4 database ?I think you'll be very lucky to find anyone here who still has access to a version of Oracle that is that old.... I mean... that's like what? 15 years old at least? I'm surprised you've still got hardware that can run that.
  It would probably help if you could post what code you've got and explain which function(s) it's complaining about, as I doubt people will want to guess.

• Error while configuring SAP authentication in CMC adn Win XP PRO

  Hi,
  I am new to Business Objects and i was installing the Business Objects integartion Kit for SAP.
  I have already installed Crystal Server 2008 and copied the SAP Jco to the specified folders.But whiling trying to configure the SAP authenticatuion, I keep getting the TOMCAT error. I unistalled and reinstalled again. Still not working
  Note: My Operating System is Windows XP.
  Appreciate any suggestions
  Regards,
  Biju

  Hello All,
  I reinstalled it again based on the link BusinessObjects and SAP - Configure SAP Authentication from Ingo Hilgefort and all are working as expected.
  Now I have a different problem, My Company does not intent to go for a portal at this time, but is considering using formatted reports using crystal reports. What are the other options available for the users to access these reports? For instance all the bex users have Bex Analyser installed on each client machine, do we have anything similar for Crystal reports.
  Any help is greatly appreciated.
  Regards,
  Biju

• Error while configuring SSL in OID 11g - LDAP 50 Insufficient Access rights

  HI,
  I am trying to configure SSL in OID 11g.As per the doc http://download.oracle.com/docs/cd/E12839_01/oid.1111/e10029/ssl.htm#CBHGBGAF ,i tried creating a Self-Signed Wallte using Fusion Middleware control,But i am getting an error LDAP 50: Insufficient access rights".I logged into Fusion Middle Ware control as Weblogic user.Is anybody faced this issue?.Thanks in advance.

  I am not sure how you tried, but I would recommend to do the following...
  1. Add the 'user1' to "OU=Franchisees,ou=People,dc=company,dc=com"
  2. Delete the 'user1' from 'OU=Internal,ou=People,dc=company,dc=com'

• Configure User Authentication on SOAP Receiver Adapter

  Hi,
  I am calling a WebService that is available over the internet.  We are on PI 7.1 and I am using a Soap Receiver Adapter.  The configuration was downloaded from SAP in a partner package.  The development in the package was done on XI3. 
  I need to call the WS with user authentication.  I've selected the "Configure User Authentication" radio button and entered the username and password.  The message fail with "HTTP 401 Unauthorized" and it is because the user details are not being send from the adapter.  If I copy the XML payload to a XML tool, like Stylus Studio, I can call the webservice successfully.  I've read through numerous blogs and messages on this Forum, including adding the adapter module (MessageTransformBean) and changing the Conversion Parameters without any luck. 
  Any suggestions please?
  Thanks

  I am calling a WebService that is available over the internet.
  I copy the XML payload to a XML tool, like Stylus Studio, I can call the webservice successfully.
  normally the webservices that we use (from internet) are freely available...meaning they dont require any username/ password.
  if no credentials are required then do not select Configure User Authentication...uncheck it....if user-details are provided by the Webservice, then use these details (not your XI/ PI user details) in the channel.
  Are you using any user-name/ password while testing from SOAP tools?
  Regards,
  Abhishek.

• Do i have to configure ssl on cisco unified provisioning manager for it to work. I am running BE6000 9.X

  Do i have to configure ssl on cisco unified provisioning manager for it to work

  Here is the code
  #include <userint.h>
  #include "iface.h"
  #define DAQmxErrChk(functionCall) if( DAQmxFailed(error=(functionCall)) ) goto Error; else    
  int write_onoff(uInt8 HL, const char linename[])
    int         error=0;              // error code (initialized to zero i.e. no error)
    TaskHandle  taskHandle=0;            // task ID for DAQmx
    char        errBuff[2048]={'\0'}; // error message
    // DAQmx Configure Code
    SetWaitCursor(1);
    DAQmxErrChk(DAQmxCreateTask("", &taskHandle));
    DAQmxErrChk(DAQmxCreateDOChan(taskHandle, linename, "", DAQmx_Val_ChanPerLine ));
    // DAQmx Start Code
    DAQmxErrChk(DAQmxStartTask(taskHandle));
    // DAQmx Write Code
    DAQmxErrChk(DAQmxWriteDigitalU8(taskHandle, 1, 1, 10.0, DAQmx_Val_GroupByChannel, &HL, NULL, NULL));
    Error:
      SetWaitCursor(0);
      if (DAQmxFailed(error)) DAQmxGetExtendedErrorInfo(errBuff, 2048);
      if (taskHandle!=0)
        // DAQmx Stop Code
        DAQmxStopTask(taskHandle);
        DAQmxClearTask(taskHandle);
      if (DAQmxFailed(error)) MessagePopup("DAQmx Error", errBuff);  
    return error;  
  } // end write_digital_line
  int CVICALLBACK test (int panel, int control, int event, void *callbackData, int eventData1, int eventData2)
    uInt8 onoff=0;
    if (event==EVENT_COMMIT)
      GetCtrlVal(panel, control, &onoff);
      write_onoff(onoff, "Dev1/port0/line0");
    return 0;  // return 0 to tell the system the message has been handled    

• Configuring SSL in Oracle Apps 11.5.10.2

  Hi,
  I am in the process of configuring SSL in oracle apps 11.5.10.2.
  I am a bit confused with the Note ID: 123718.1. Could you please clarify me on the below things?
  1. SSL can be implemented at three levels,
  (a) Oracle Web/Apache Server Level
  (b) Oracle Form Server Level
  (c) Oracle Database Level
  Can Implement SSL on any one or any two component levels? As per Note:123718.1, we MUST configure SSL for both the Oracle HTTP Server and Oracle Forms Level and these cannot be configured independently.
  2. As per the Note ID: 123718.1, Option 2.1. Certificate Provisioning for Oracle HTTP Server
  Point b in point 2 says to execute "$OPENSSL_TOP/bin/openssl sha1 or* > $HOME/.rnd"
  But which will be the OPENSSL_TOP?
  Please advise on these above two queries.
  Thanks in advance
  Regards,
  Sravan

  Thanks Hussien,
  I have completed SSL configuration at all level including database. Forms are not getting launched. I am getting below error in the Java Console.
  Java Plug-in 1.6.0_23
  Using JRE version 1.6.0_23-b05 Java HotSpot(TM) Client VM
  User home directory = C:\Documents and Settings\sdalav
  c: clear console window
  f: finalize objects on finalization queue
  g: garbage collect
  h: display this help message
  l: dump classloader list
  m: print memory usage
  o: trigger logging
  q: hide console
  r: reload policy configuration
  s: dump system and deployment properties
  t: dump thread list
  v: dump thread stack
  x: clear classloader cache
  0-5: set trace level to <n>
  proxyHost=null
  proxyPort=0
  connectMode=HTTPS
  Exception in thread "thread applet-oracle.forms.engine.Main-2" java.lang.NoClassDefFoundError: oracle/security/ssl/OracleSSLSocketFactory
       at oracle.forms.net.HTTPSStream.<init>(Unknown Source)
       at oracle.forms.net.HTTPConnection.connect(Unknown Source)
       at oracle.forms.engine.Runform.initConnection(Unknown Source)
       at oracle.forms.engine.Runform.startRunform(Unknown Source)
       at oracle.forms.engine.Main.createRunform(Unknown Source)
       at oracle.forms.engine.Main.start(Unknown Source)
       at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  Caused by: java.lang.ClassNotFoundException: oracle.security.ssl.OracleSSLSocketFactory
       at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       ... 8 more
  Caused by: java.io.IOException: open HTTP connection failed:https://sandispa.bp.com:8443/OA_JAVA/oracle/security/ssl/OracleSSLSocketFactory.class
       at sun.plugin2.applet.Applet2ClassLoader.getBytes(Unknown Source)
       at sun.plugin2.applet.Applet2ClassLoader.access$000(Unknown Source)
       at sun.plugin2.applet.Applet2ClassLoader$1.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       ... 13 more
  Thanks,
  Sravan

• NPE when configuring SSL in 9.2

  Hi all,
  I'm trying to configure SSL on WLS 9.2 mp4 but am getting a NullPointerException with no additional helpful information.
  I'm using "Custom Identity and Java Standard Trust." I think the location, type, and password of my identity keystore are correct.
  This is the output I'm getting:
  ####<Jun 7, 2011 11:02:05 AM CDT> <Debug> <SecuritySSL> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1307462525894> <000000> <SSLContextManager: initializing SSL context for channel DefaultSecure>
  ####<Jun 7, 2011 11:02:05 AM CDT> <Debug> <SecuritySSL> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1307462525894> <000000> <SSLContextManager: loading server SSL identity>
  ####<Jun 7, 2011 11:02:05 AM CDT> <Debug> <SecurityEncryptionService> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1307462525894> <000000> <1307462525894 : [ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)' : starting decrypt operation>
  ####<Jun 7, 2011 11:02:05 AM CDT> <Debug> <SecurityEncryptionService> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1307462525894> <000000> <1307462525894 : [ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)' : done with decrypt operation>
  ####<Jun 7, 2011 11:02:05 AM CDT> <Notice> <Security> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1307462525894> <BEA-090171> <Loading the identity certificate and private key stored under the alias weblogicssl from the JKS keystore file c:\projects\ssl\keystore.>
  ####<Jun 7, 2011 11:02:05 AM CDT> <Error> <WebLogicServer> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1307462525894> <BEA-000297> <Inconsistent security configuration, java.lang.NullPointerException>
  ####<Jun 7, 2011 11:02:05 AM CDT> <Error> <Server> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1307462525894> <BEA-002618> <An invalid attempt was made to configure a channel for unconfigured protocol "null".>
  I've turned on all the debug output I can find.
  I also wrote a little java program that reads the keystore and prints out its contents. Nothing looks wrong to me. I also tried using a known-good keystore from one of our other servers, both in my test app and in WL. Test app shows the same output for both stores with the exception of the things I expect to be different, like DN. WL also fails with the same error.
  Any idea what the problem is or how to debug this further?
  thanks

  Thanks for the response.
  That is the correct name. I should probably change it to keystore.jks but I was following the example of the common trust store named cacerts.
  SSL is enabled with port 7002.
  JVM versions are the same.
  Keytool works fine with it. It shows 1 cert, which is what I expect. The alias is correct. I know the keystore password but I don't know the private key password. I might try generating a new pw and make sure to set and remember a pw on the key itself.
  thanks