Configuring SSL Authentication
I am attempting to set up SSL authentication in a test environment with Oracle 9.2 on Windows XP. When I try to connect the client I get ORA-28862: SSL connection failed. I switched on client tracing which appears to show that the wallet is being opened successfully but the connection fails on the SSL handshake with ORA-28862 and a minor code of 542. Where can I find out what this minor code means? There doesn't appear to be any further indication of what the problem might be in the trace file but here is the section with the handshake error, any assistance gratefully received:
[04-DEC-2008 18:44:40:795] ntzCreateConnection: performing NZOS handshake - pass 1
[04-DEC-2008 18:44:40:795] nzos_Handshake: entry
[04-DEC-2008 18:44:40:795] nttwr: entry
[04-DEC-2008 18:44:40:795] nttwr: socket 1772 had bytes written=51
[04-DEC-2008 18:44:40:795] nttwr: exit
[04-DEC-2008 18:44:40:795] nttrd: entry
[04-DEC-2008 18:44:40:795] ntt2err: entry
[04-DEC-2008 18:44:40:795] ntt2err: soc 1772 error - operation=5, ntresnt[0]=530, ntresnt[1]=53, ntresnt[2]=0
[04-DEC-2008 18:44:40:795] ntt2err: exit
[04-DEC-2008 18:44:40:795] nttrd: exit
[04-DEC-2008 18:44:40:795] nzos_Handshake: exit
[04-DEC-2008 18:44:40:795] ntzCreateConnection: SSL handshake failed with error 28862.
[04-DEC-2008 18:44:40:795] ntzchknb: entry
[04-DEC-2008 18:44:40:795] nttctl: entry
[04-DEC-2008 18:44:40:795] nttctl: Setting connection into async mode
[04-DEC-2008 18:44:40:795] ntzchknb: exit
[04-DEC-2008 18:44:40:795] ntzchknb: entry
[04-DEC-2008 18:44:40:795] nttctl: entry
[04-DEC-2008 18:44:40:795] nttctl: Setting connection into callback mode
[04-DEC-2008 18:44:40:795] ntzchknb: exit
[04-DEC-2008 18:44:40:795] ntzCreateConnection: returning NZ error 28862 in result structure
[04-DEC-2008 18:44:40:795] ntzCreateConnection: failed with error 542
[04-DEC-2008 18:44:40:795] ntzCreateConnection: exit
[04-DEC-2008 18:44:40:795] ntzdisconnect: entry
[04-DEC-2008 18:44:40:795] ntzFreeNTZData: entry
[04-DEC-2008 18:44:40:795] ntzFreeNTZData: exit
[04-DEC-2008 18:44:40:795] nttdisc: entry
[04-DEC-2008 18:44:40:795] nttdisc: exit
[04-DEC-2008 18:44:40:795] ntzdisconnect: exit
[04-DEC-2008 18:44:40:795] ntzconnect: failed with error 542
[04-DEC-2008 18:44:40:795] ntzconnect: exit
[04-DEC-2008 18:44:40:795] nserror: entry
[04-DEC-2008 18:44:40:795] nserror: nsres: id=0, op=65, ns=12560, ns2=0; nt[0]=28862, nt[1]=542, nt[2]=0; ora[0]=28862, ora[1]=0, ora[2]=0
[04-DEC-2008 18:44:40:795] nsopen: unable to open transport
[04-DEC-2008 18:44:40:795] nsbfr: entry
[04-DEC-2008 18:44:40:795] nsbfr: normal exit
[04-DEC-2008 18:44:40:795] nsbfr: entry
[04-DEC-2008 18:44:40:795] nsbfr: normal exit
[04-DEC-2008 18:44:40:795] nsmfr: entry
[04-DEC-2008 18:44:40:795] nsmfr: 2348 bytes at 0xdee0b8
[04-DEC-2008 18:44:40:795] nsmfr: normal exit
[04-DEC-2008 18:44:40:795] nsmfr: entry
[04-DEC-2008 18:44:40:795] nsmfr: 492 bytes at 0xdbd2d0
[04-DEC-2008 18:44:40:795] nsmfr: normal exit
[04-DEC-2008 18:44:40:795] nsopen: error exit
[04-DEC-2008 18:44:40:795] nsclose: entry
[04-DEC-2008 18:44:40:795] nsclose: normal exit
[04-DEC-2008 18:44:40:795] nladget: entry
[04-DEC-2008 18:44:40:795] nladget: exit
[04-DEC-2008 18:44:40:795] nsmfr: entry
[04-DEC-2008 18:44:40:795] nsmfr: 164 bytes at 0xdd7ea0
[04-DEC-2008 18:44:40:795] nsmfr: normal exit
[04-DEC-2008 18:44:40:795] nladtrm: entry
[04-DEC-2008 18:44:40:795] nladtrm: exit
[04-DEC-2008 18:44:40:795] nscall: error exit
[04-DEC-2008 18:44:40:795] nioqper: error from nscall
[04-DEC-2008 18:44:40:795] nioqper: nr err code: 0
[04-DEC-2008 18:44:40:795] nioqper: ns main err code: 12560
[04-DEC-2008 18:44:40:795] nioqper: ns (2) err code: 0
[04-DEC-2008 18:44:40:795] nioqper: nt main err code: 28862
[04-DEC-2008 18:44:40:795] nioqper: nt (2) err code: 542
[04-DEC-2008 18:44:40:795] nioqper: nt OS err code: 0
[04-DEC-2008 18:44:40:795] niomapnserror: entry
[04-DEC-2008 18:44:40:795] niqme: entry
[04-DEC-2008 18:44:40:795] niqme: reporting ORA-28862 error
Hi Ian,
Well, I'm pretty sure Oracle Advanced Security is an Oracle product so you may not need to contact Microsoft just yet. :)
I don't have too much to offer but I can say that I have seen this error when the operating system user used to create the wallet is not the same user that the listener and database services run as (these likely are running as the default Local System account unless you've already changed them).
That is to say, if a user named "abc" created the wallet the listener and database services should be edited to run as that user using the Log On tab for the service properties. Hopefully that makes sense.
Perhaps that will help a bit,
Regards,
Mark
Similar Messages
-
Hello
I am configuring ssl authentication ( document oracle support 736510.1)
But when doing tnsping from client side i have an tns-12560
[oracle@testrac3 admin]$ tnsping TEST
TNS Ping Utility for Linux: Version 11.2.0.3.0 - Production on 17-JUN-2013 10:04:14
Copyright (c) 1997, 2011, Oracle. All rights reserved.
Used parameter files:
/opt/app/oracle/product/11.2.0.3/db/network/admin/sqlnet.ora
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST = testrac1.XX.XX)(PORT =2484)) (SECURITY= (SSL_SERVER_CERT_DN=CN=dbasecurityRoot,O=dbasecurity,C=US)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME= TEST.XXX.XXX)))
TNS-12560: TNS:protocol adapter error
Can someone give me an help
Best regardsHi, djoloff,
I already answered in this thread, may be it will help.
https://forums.oracle.com/thread/2527585 -
DB version: 11.1.0.6
Platform: AIX 5L
I'm planning to configure SSL authentication to the client. Per Oracle documentation, I don't see 'Oracle Advanced Security Profile' in Oracle Net Manager. I'm able to see only 'Naming' and 'General' tabs in the drop down. How can I install advanced security features?I have already gone though these documents. But, it has just mentioned 'install advanced security features'. When I have seen the installed products, I'm able to see 'Oracle Advanced Security', SSL, etc. If so, why is the netmgr not displaying 'Oracle Advanced Security' in the dropdown.
-
Configure SSL in J2SE Plain adapter
I tryed to configure SSL in J2SE Plain adapter. (7.0)
I've generated a certificate file "certif_file.cer" and
while I put in GUIBrowserEngine Property File the following
line:
HTTP.SSLcertificate=F:\tech_adapter_70\certif_file.cer
I've got the following error message:
16:19:10 : Error(s) in GUIBrowserEngine configuration
parameters found:
ERROR: Certificate file 'F: ech_adapter_70certif_file.cer' not
found, must quit!
It seems that something wrong with my definition of full path
to this file. But I do not find from SAP Library any solution
about this problem.
Could you help me?Hi Boris,
Please try to give the full path using backslash '/' :
e.g. F:/tech_adapter_70/certif_file.cer
I hope it will work.
The J2SE Adapter Engine uses SSL only for communication line encryption, not for client and server authentications. Since this is a drawback with respect to security, you should use the J2EE Adapter Engine in insecure environments.
All configuration data for the Plain J2SE Adapter Engine is maintained in flat property files.The file for the engine administration data itself is located in the following directory:
<installation directory>/tech_adapter/BaseConfiguration
The file for the adapter configuration data is located in the following directory:
<installation directory>/tech_adapter/Configuration
The adapters of the Plain J2SE Adapter Engine are configured locally and not in the Integration Directory. Exchanged messages are also stored directly in the file system.
Therefore, ensure that only the operating system user, who has started and therefore owns the adapter engine process, can read the property files and has access to the directories used for message exchange.
*Pls: Reward points if helpful*
Regards,
Jyoti
Edited by: Jyoti Acharya on Dec 19, 2007 5:05 PM -
Connecting Using SSL Authentication Without Username and Password
Hi,
We're on RedHat Linux 4.0 using 10.2.0.3 (server/client). We're trying to figure out a way to connect to the database using instantclient and JDBC-OCI and SSL authentication without using a username or password. According to the documentation this should be possible but no sample code is given.
LD_LIBRARY_PATH is set /opt/app/oracle/product/10.2.0/db_1/lib:/usr/lib:/home/oracle/instantclient where the instantclient was installed from the 10.2.0.1 client software
and we are using JDK version 1.6.0_03.
We're also referencing the following paper:
http://www.oracle.com/technology/tech/java/sqlj_jdbc/pdf/wp-oracle-jdbc_thin_ssl_2007.pdf
We've got our client and server wallets configured and the sample code we tried looks like this:
import java.sql.*;
import java.sql.*;
import java.io.*;
import java.util.*;
import oracle.net.ns.*;
import oracle.net.ano.*;
import oracle.jdbc.*;
import oracle.jdbc.pool.*;
import java.security.*;
import oracle.jdbc.pool.OracleDataSource;
public static void main(String[] argv) throws Exception {
DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
Security.addProvider(new oracle.security.pki.OraclePKIProvider());
System.setProperty("oracle.net.tns_admin", "/opt/app/oracle/product/10.2.0/db_1/network/admin");
String url = "jdbc:oracle:thin:@orcl";
java.util.Properties props = new java.util.Properties();
props.setProperty("oracle.net.authentication_services","(TCPS)");
props.setProperty("javax.net.ssl.trustStore",
"/opt/app/oracle/product/10.2.0/db_1/admin/wallet/server/cwallet.sso");
props.setProperty("javax.net.ssl.trustStoreType","SSO");
props.setProperty("javax.net.ssl.keyStore", "/opt/app/oracle/product/10.2.0/db_1/admin/wallet/client/cwallet.sso");
props.setProperty("javax.net.ssl.keyStoreType","SSO");
props.put ("oracle.net.ssl_version","3.0");
props.put ("oracle.net.wallet_location", "(SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=/opt/app/oracle/product/10.2.0/db_1/admin/wallet/client)))");
System.out.println("At Here...");
OracleDataSource ods = new OracleDataSource();
//ods.setUser("scott");
//ods.setPassword("tiger");
ods.setURL(url);
ods.setConnectionProperties(props);
System.out.println("At Here1...");
Connection conn = ods.getConnection();
System.out.println("At Here2...");
Statement stmt = conn.createStatement();
ResultSet rset = stmt.executeQuery("select 'Hello Thin driver SSL "
+ "tester ' from dual");
while (rset.next())
System.out.println(rset.getString(1));
rset.close();
stmt.close();
conn.close();
When this code is compiled and run, the following error is thrown:
Exception in thread "main" java.sql.SQLException: invalid arguments in call
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:112)
If a username and password is supplied, the code works. So does anyone have a working of using SSL to authenticate without supplying username/password?
Thanks
mohammedHi,
I just solved this. I noticed from another thread that I was not using the OCI driver (see below):
String url = "jdbc:oracle:thin:@pki14";
Once I changed it to:
String url = "jdbc:oracle:oci:@pki14";
The code worked perfectly. One more setting that you'll have to do is to create the user you want to connect as externally:
create user scott identified externally as
'CN=acme, OU=development, O=acme, C=US';
grant connect,create session to scott;
Note that the DN should be the same as the SSL certificate that you created in your wallet.
hth
mohammed -
Java sp 2-way SSL authentication
I've written a java stored proc that uses JSSE to implement an HTTPS client to a partner's server. In the past, this strategy has worked well, and we have several successful projects under our belts.
This time, the partner's server is configured for 2-way ssl authentication. When I try to open the connection from my client, it is reporting-
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate.
I'm not 100% sure what that means, but I think that it means the server is asking for a public cert from the client, and it isn't happy with what it is getting back.
Can anyone tell me how to configure the client-side cert in a way that will make it available for my java code running in the Oracle JVM. I understand how to set up the keystore so that it is available for Tomcat, for example, but I'm at a loss to find how to setup client certs for access within an Oracle Java Stored Procedure...
I hope that I have explained this clearly. If I need to provide more information, just ask.
Thanks in advance for any help.
Colehttp://www.weblogic.com/docs51/classdocs/API_acl.html
Michael Girdley
BEA Systems Inc
"gennot" <[email protected]> wrote in message
news:[email protected]..
Could you send me the complete URL of these example, please?
Thanks
Enrico
Michael Girdley <[email protected]> wrote in message
39b87078$[email protected]..
The passing of the client's certificate should be automatic to WebLogic.We
have an example of getting the client side certificate from inside of
WebLogic in our documentation.
This does not require for SSL to be used from the Web server to
WebLogic.
>>
Thanks,
Michael
Michael Girdley
BEA Systems Inc
"Bob Simonoff" <[email protected]> wrote in message
news:[email protected]..
I have read through the docs and haven't found anything that would
address
the following confusion:
Suppose I want to use Apache or IPlanet as the webserver with WebLogicas
the back end application server (obviously). I have the need to use 2way
SSL authentication. As I understand it the following applies:
Client (browser) has a certificate as does the web server. Theyauthenticate
each other.
Now, the web server and weblogic need to communicate. WebLogic, in our
environment does authentication via the security realm.
What do I have to do to get the the web server (Apache or IPlanet) to
communicate the client's certificate to WebLogic so the WebLogic canperform
the authentication?
Does the communication between the web server and WebLogic also need
to
be
SSL?
Thanks
Bob Simonoff -
Hi,
We are trying to implement Mutual SSL Authentication in our environment with Reverse Proxy and the Client's Browser.
Can anybody help me out in this.
We are using OAMMake sure the following for reverse proxy:
1. make sure the webserver that uses reverse proxy accepts requests from reverse proxies.
2. update the virtual hosts configured in the policy manager
3. prevent people from using the direct url, u can use web server ACL's
4.redirect all existing URL's to reverse proxy hostname with port
5. deploy enough proxy servers to handle the load
Thanks.
Subhani Shaik -
Configuring the authentication scheme for a web application
Hi all,
We have a requirement to configure the authentication scheme for a web application where some set of users should access the application using basic LDAP (userid/password) authentication and some using digital certificate authentication.
Since the deployment descriptor (web.xml) allows only one directive for auth-method in logic-config, we want to know if there is any other way to achieve this requirement. We are thinking of a custom login module approach. But we are not able to figure out how to configure the auth-method at runtime from the login servlet.
Please let us know if there is any other approach to achieve this.
I will be thankful if any body shares any specific solution to this issue.This forum is probably not the correct one to ask in. It's more related to the web container than Java Programming.
Kaj -
Configuring SSL to make a HTTPS web Service call from XI
Hi All,
We are making a <b>https web service call</b> using soap adapter from XI. Looking at the various posts and SAP help links, we are configuring SSL for the same.
The procedure given in SAP help has been followed to configure SSL but with no luck. If someone had done this could you please give a <b>step by step procedure</b> to configure SSL, we might have missed out on something.
Also are there are <b>any other settings apart from SSL</b> to be done to make a https web service call using soap adapter from XI.
Cheers,
Chandrauser13046122 wrote:
I have an old pl/sql "helper" package, originally written to make SOAP Web Service calls from the database - it uses UTL_HTTP to invoke the target services.
I now need to make SOAP Web Service calls - from an 8.1.7.4 database
But the version of UTL_HTTP inside 8.1.7.4 does not contain the functions needed in the helper package
Can anybody suggest a means of making SOAP Web Service calls from an 8.1.7.4 database ?I think you'll be very lucky to find anyone here who still has access to a version of Oracle that is that old.... I mean... that's like what? 15 years old at least? I'm surprised you've still got hardware that can run that.
It would probably help if you could post what code you've got and explain which function(s) it's complaining about, as I doubt people will want to guess. -
Error while configuring SAP authentication in CMC adn Win XP PRO
Hi,
I am new to Business Objects and i was installing the Business Objects integartion Kit for SAP.
I have already installed Crystal Server 2008 and copied the SAP Jco to the specified folders.But whiling trying to configure the SAP authenticatuion, I keep getting the TOMCAT error. I unistalled and reinstalled again. Still not working
Note: My Operating System is Windows XP.
Appreciate any suggestions
Regards,
BijuHello All,
I reinstalled it again based on the link BusinessObjects and SAP - Configure SAP Authentication from Ingo Hilgefort and all are working as expected.
Now I have a different problem, My Company does not intent to go for a portal at this time, but is considering using formatted reports using crystal reports. What are the other options available for the users to access these reports? For instance all the bex users have Bex Analyser installed on each client machine, do we have anything similar for Crystal reports.
Any help is greatly appreciated.
Regards,
Biju -
Error while configuring SSL in OID 11g - LDAP 50 Insufficient Access rights
HI,
I am trying to configure SSL in OID 11g.As per the doc http://download.oracle.com/docs/cd/E12839_01/oid.1111/e10029/ssl.htm#CBHGBGAF ,i tried creating a Self-Signed Wallte using Fusion Middleware control,But i am getting an error LDAP 50: Insufficient access rights".I logged into Fusion Middle Ware control as Weblogic user.Is anybody faced this issue?.Thanks in advance.I am not sure how you tried, but I would recommend to do the following...
1. Add the 'user1' to "OU=Franchisees,ou=People,dc=company,dc=com"
2. Delete the 'user1' from 'OU=Internal,ou=People,dc=company,dc=com' -
Configure User Authentication on SOAP Receiver Adapter
Hi,
I am calling a WebService that is available over the internet. We are on PI 7.1 and I am using a Soap Receiver Adapter. The configuration was downloaded from SAP in a partner package. The development in the package was done on XI3.
I need to call the WS with user authentication. I've selected the "Configure User Authentication" radio button and entered the username and password. The message fail with "HTTP 401 Unauthorized" and it is because the user details are not being send from the adapter. If I copy the XML payload to a XML tool, like Stylus Studio, I can call the webservice successfully. I've read through numerous blogs and messages on this Forum, including adding the adapter module (MessageTransformBean) and changing the Conversion Parameters without any luck.
Any suggestions please?
ThanksI am calling a WebService that is available over the internet.
I copy the XML payload to a XML tool, like Stylus Studio, I can call the webservice successfully.
normally the webservices that we use (from internet) are freely available...meaning they dont require any username/ password.
if no credentials are required then do not select Configure User Authentication...uncheck it....if user-details are provided by the Webservice, then use these details (not your XI/ PI user details) in the channel.
Are you using any user-name/ password while testing from SOAP tools?
Regards,
Abhishek. -
Do i have to configure ssl on cisco unified provisioning manager for it to work
Here is the code
#include <userint.h>
#include "iface.h"
#define DAQmxErrChk(functionCall) if( DAQmxFailed(error=(functionCall)) ) goto Error; else
int write_onoff(uInt8 HL, const char linename[])
int error=0; // error code (initialized to zero i.e. no error)
TaskHandle taskHandle=0; // task ID for DAQmx
char errBuff[2048]={'\0'}; // error message
// DAQmx Configure Code
SetWaitCursor(1);
DAQmxErrChk(DAQmxCreateTask("", &taskHandle));
DAQmxErrChk(DAQmxCreateDOChan(taskHandle, linename, "", DAQmx_Val_ChanPerLine ));
// DAQmx Start Code
DAQmxErrChk(DAQmxStartTask(taskHandle));
// DAQmx Write Code
DAQmxErrChk(DAQmxWriteDigitalU8(taskHandle, 1, 1, 10.0, DAQmx_Val_GroupByChannel, &HL, NULL, NULL));
Error:
SetWaitCursor(0);
if (DAQmxFailed(error)) DAQmxGetExtendedErrorInfo(errBuff, 2048);
if (taskHandle!=0)
// DAQmx Stop Code
DAQmxStopTask(taskHandle);
DAQmxClearTask(taskHandle);
if (DAQmxFailed(error)) MessagePopup("DAQmx Error", errBuff);
return error;
} // end write_digital_line
int CVICALLBACK test (int panel, int control, int event, void *callbackData, int eventData1, int eventData2)
uInt8 onoff=0;
if (event==EVENT_COMMIT)
GetCtrlVal(panel, control, &onoff);
write_onoff(onoff, "Dev1/port0/line0");
return 0; // return 0 to tell the system the message has been handled -
Configuring SSL in Oracle Apps 11.5.10.2
Hi,
I am in the process of configuring SSL in oracle apps 11.5.10.2.
I am a bit confused with the Note ID: 123718.1. Could you please clarify me on the below things?
1. SSL can be implemented at three levels,
(a) Oracle Web/Apache Server Level
(b) Oracle Form Server Level
(c) Oracle Database Level
Can Implement SSL on any one or any two component levels? As per Note:123718.1, we MUST configure SSL for both the Oracle HTTP Server and Oracle Forms Level and these cannot be configured independently.
2. As per the Note ID: 123718.1, Option 2.1. Certificate Provisioning for Oracle HTTP Server
Point b in point 2 says to execute "$OPENSSL_TOP/bin/openssl sha1 or* > $HOME/.rnd"
But which will be the OPENSSL_TOP?
Please advise on these above two queries.
Thanks in advance
Regards,
SravanThanks Hussien,
I have completed SSL configuration at all level including database. Forms are not getting launched. I am getting below error in the Java Console.
Java Plug-in 1.6.0_23
Using JRE version 1.6.0_23-b05 Java HotSpot(TM) Client VM
User home directory = C:\Documents and Settings\sdalav
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
proxyHost=null
proxyPort=0
connectMode=HTTPS
Exception in thread "thread applet-oracle.forms.engine.Main-2" java.lang.NoClassDefFoundError: oracle/security/ssl/OracleSSLSocketFactory
at oracle.forms.net.HTTPSStream.<init>(Unknown Source)
at oracle.forms.net.HTTPConnection.connect(Unknown Source)
at oracle.forms.engine.Runform.initConnection(Unknown Source)
at oracle.forms.engine.Runform.startRunform(Unknown Source)
at oracle.forms.engine.Main.createRunform(Unknown Source)
at oracle.forms.engine.Main.start(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.ClassNotFoundException: oracle.security.ssl.OracleSSLSocketFactory
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
... 8 more
Caused by: java.io.IOException: open HTTP connection failed:https://sandispa.bp.com:8443/OA_JAVA/oracle/security/ssl/OracleSSLSocketFactory.class
at sun.plugin2.applet.Applet2ClassLoader.getBytes(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.access$000(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
... 13 more
Thanks,
Sravan -
NPE when configuring SSL in 9.2
Hi all,
I'm trying to configure SSL on WLS 9.2 mp4 but am getting a NullPointerException with no additional helpful information.
I'm using "Custom Identity and Java Standard Trust." I think the location, type, and password of my identity keystore are correct.
This is the output I'm getting:
####<Jun 7, 2011 11:02:05 AM CDT> <Debug> <SecuritySSL> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1307462525894> <000000> <SSLContextManager: initializing SSL context for channel DefaultSecure>
####<Jun 7, 2011 11:02:05 AM CDT> <Debug> <SecuritySSL> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1307462525894> <000000> <SSLContextManager: loading server SSL identity>
####<Jun 7, 2011 11:02:05 AM CDT> <Debug> <SecurityEncryptionService> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1307462525894> <000000> <1307462525894 : [ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)' : starting decrypt operation>
####<Jun 7, 2011 11:02:05 AM CDT> <Debug> <SecurityEncryptionService> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1307462525894> <000000> <1307462525894 : [ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)' : done with decrypt operation>
####<Jun 7, 2011 11:02:05 AM CDT> <Notice> <Security> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1307462525894> <BEA-090171> <Loading the identity certificate and private key stored under the alias weblogicssl from the JKS keystore file c:\projects\ssl\keystore.>
####<Jun 7, 2011 11:02:05 AM CDT> <Error> <WebLogicServer> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1307462525894> <BEA-000297> <Inconsistent security configuration, java.lang.NullPointerException>
####<Jun 7, 2011 11:02:05 AM CDT> <Error> <Server> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1307462525894> <BEA-002618> <An invalid attempt was made to configure a channel for unconfigured protocol "null".>
I've turned on all the debug output I can find.
I also wrote a little java program that reads the keystore and prints out its contents. Nothing looks wrong to me. I also tried using a known-good keystore from one of our other servers, both in my test app and in WL. Test app shows the same output for both stores with the exception of the things I expect to be different, like DN. WL also fails with the same error.
Any idea what the problem is or how to debug this further?
thanksThanks for the response.
That is the correct name. I should probably change it to keystore.jks but I was following the example of the common trust store named cacerts.
SSL is enabled with port 7002.
JVM versions are the same.
Keytool works fine with it. It shows 1 cert, which is what I expect. The alias is correct. I know the keystore password but I don't know the private key password. I might try generating a new pw and make sure to set and remember a pw on the key itself.
thanks
Maybe you are looking for
-
Hello, I've had harsh time trying to figure out how to read a csv file with double quotes, I need to read a csv file in order to fill a spreadsheet. I attach a csv file example to show the sort of file I'm working on. Thank you Raymundo Cassani Solve
-
Has anyone solved the Apple ID issue yet?
My 4 year old iTunes ID, a Yahoo email, was disabled as I could not verify it. I could not verify it as I never received the verification email. I get the same problem when I try to reset. iForgot tells me the ID does not exist but when I try to set
-
H I have an Azure hosted RD deployment that consists of 2 x RDG/WebAccess servers (one of these is the connection broker) that sit behind an Azure Traffic manager. Behind these I have 6 RD Session Hosts. I am totally confused over certifcates. What c
-
Hi Friends/Experts, This is really a silly question from my "Global security implementation Project" An issue came up: How do we access the infotypes in a role , list the infotypes with description for that role Now this is what I did 1. SE16 - AGR-
-
In upgrading my OS X to 10.6, I lost iPhoto. How do I regain capability?
In upgrading my OS X from 10.4 to 10.6, I lost iPhoto. How can I regain iPhoto capability so I can access to my iPoto Library in the backup disk and downlaod from my camera? Thank you! <Edited by Host>