SSL issues hopefully simple

I am very new to Oracle and have a db/app server that I have taken over. I need to add a self signed SSL cert since it is internal only and have came across a few issues. When I create it using openssl (running RHEL 4.5) it appears to take everything but I cannot import the signed key into OWM. When I attempt to import it using either the owm or orapki I receive an error that I need to add the trusted crt. The trusted cert is uploaded to the wallet and the request matches. It just keeps asking to input the correct trusted cert. So I attempted to do the self sign function in orapki which seemed to work great for the wallet, but how do you incorporate it from there into apache? Finally, when using the test SSL setup, I receive an SSL error that shows a security block:
[Wed Sep 24 12:39:31 2008] [error] [client 10.111.47.68] mod_security: Access denied with code 405. Pattern match "!(GET|HEAD|POST)" at REQUEST_METHOD. [uri ""] [unique_id SNptQwoBFI0AAG@2DYA]
For funsies I disabled this line in the security.conf and restarted apache and it gave me the error:
[Wed Sep 24 12:37:41 2008] [error] [client 10.111.47.68] Invalid method in request \x16\x03\x01
This only happens in a ssl session so i am guessing something is wrong in my ssl setup. So in short what I am looking for is a clear explanation on how to get ssl to work on a db/app server via owm and apache.
I hope this wasn't too confusing and please let me know what information if any would make it easier to help.
Thanks!

Hi,
We thought we had all of the outside items secured and brought in, as well. I'll have the boys check that again. FF5 and all other FF have no issues at all and the error only happens occasionally with IE9. Like right now it won’t show but, this morning it did. Really strange. Thanks for the advice.
Matt Waters
BYO Playground/Daycare Furniture
Phone : 1.800.853.5316 x428
Fax: 904.808.8529
www.byoplayground.com - Commercial Playground Equipment
www.byoswingset.com - Backyard Swing Sets
www.BYOParkEquipment.com - Park & Site Amenities

Similar Messages

OIM 11g R1 - AD 9.1.1.7.2 SSL Issue

Hi All,
I am trying to configure the SSL b/w OIM 11g R1 BP05 running on IBM AIX 6.1 and AD Connector 9.1.1.7.2. The recon/provisioning is working fine on port 389.
For SSL Configuration, I imported the AD root certificate in custom keystore configured in WLS and Standard Java Keystore i.e., cacerts. I have updated the ADIT Resource to change the port and use SSL as yes.
So, now when I am running recon, I am getting below error:
*[2013-05-28T13:37:02.043-07:00] [oim_server1] [ERROR] [] [OIMCP.ADCS] [tid: OIMQuartzScheduler_Worker-5] [userId: oiminternal] [ecid: 0000JvgXEpH4ykJLQm5Eid1HdFwe000001,1:28614] [APP: oim#11.1.1.3.0] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : searchResultPageEnum : The error occured in tcADUtilLDAPController::connectToAvailableAD():host:636*
*[2013-05-28T13:37:02.083-07:00] [oim_server1] [ERROR] [] [OIMCP.ADCS] [tid: OIMQuartzScheduler_Worker-5] [userId: oiminternal] [ecid: 0000JvgXEpH4ykJLQm5Eid1HdFwe000001,1:28614] [APP: oim#11.1.1.3.0] com.thortech.xl.exception.ConnectionException: host:636[[*     at com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController.searchResultPageEnum(Unknown Source)
     at com.thortech.xl.schedule.tasks.ADLookupReconTask.performReconciliation(Unknown Source)
     at com.thortech.xl.schedule.tasks.ADLookupReconTask.execute(Unknown Source)
     at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.execute(SchedulerBaseTask.java:384)
     at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:145)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
     at java.lang.reflect.Method.invoke(Method.java:611)
     at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:196)
     at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
     at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
I am able to connecto to AD on port 636 using LDAP Browser and also using JNDI Code. Also, I used XIMDD to test the Target System SSL Trust Verification and it worked too. Also, the telnet/ping are working too.
Any clue on this issue?

Hi Praveen,
Here is the solution suggested by Oracle for this particular error:
This exception is encountered because the Connector Server uses a port that has already been used (mostly by another instance of the Connector Server). You can fix this issue by performing one of the following steps:
If the Connector Server service is running, then stop it.
Search for and open the ConnectorServer.exe.Config file, change the port value to 8758 or 8755, and then start the Connector Server. The default location of the ConnectorServer.exe.Config file is C:\Program Files\Identity Connectors\Connector Server.
Ref: http://docs.oracle.com/cd/E22999_01/doc.111/e20347/trbleshoot.htm
If you still face the issue then try changing Port and Time wait registry values(Take registry backup before making any changes to registry):
Changing the Dynamic Port Range
Open regedit.
Open key HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
Edit (or create as DWORD) the MaxUserPort value.
Set it to a higher number. (i.e. 65534)
Changing the TIME_WAIT delay
Open regedit.
Open key HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
Edit (or create as DWORD) the TCPTimeWaitDelay.
Set it to a lower number. Value is in seconds. (i.e. 60 for 1 minute delay)
Thanks and Regards,
Chinni

Having issues with Simple FTP configuration

I am attempting to set up FTP behind this new CISCO ASA 5510 we just bought. I haven't configured a cisco device in 5 years, so I am having issues., i think i am close, but need a little help to get me over the hump. If I FTP from outside (fixed) IP it connects and takes the password but hangs on PASV and gives no data connection below is my configuration. Can anyone help? I am hoping it is simple since I seem to have the connection inside correct. and yes you can connect to the FTP server from inside without issue.
ASA Version 8.2(5)
hostnameASA1
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
nameif External
security-level 0
ip address y.y.y.y 255.255.255.0
interface Ethernet0/1
nameif Internal
security-level 100
ip address x.x.x.x. 255.255.255.0
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
ftp mode passive
dns domain-lookup External
dns server-group DefaultDNS
name-serverg.g.g.g.g.
name-server h.h.h.h.
access-list 100 extended permit tcp any host y.y.y.y eq ftp
access-list 100 extended permit tcp any host y.y.y.y eq ftp-data
pager lines 24
logging enable
logging asdm informational
mtu External 1500
mtu Internal 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (External) 101 interface
nat (Internal) 101 0.0.0.0 0.0.0.0
static (Internal,External) tcp interface ftp-data 192.168.0.69 ftp-data netmask 255.255.255.255
static (Internal,External) tcp interface ftp 192.168.0.69 ftp netmask 255.255.255.255
access-group 100 in interface External
route External 0.0.0.0 0.0.0.0 L.L.L.L 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.168.0.0 255.255.255.0 Internal
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca
quit
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
class-map INSPECTION_DEFAULT
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home reporting anonymous
Cryptochecksum:9c15122a54bf6b87ce5ab8be0f23e9d5
: end

First of all Thanks! So I pulled those commands off.
I am hitting the FTP server behind the firewall as you can see from my first log... It dies on PASV which is why I thought I needed that FTP-Data.
000018)1/25/2013 11:48:21 AM - (not logged in) (72.90.68.10)> 220-FileZilla Server version 0.9.41 beta
(000018)1/25/2013 11:48:21 AM - (not logged in) (72.90.68.10)> 220-written by Tim Kosse ([email protected])
(000018)1/25/2013 11:48:21 AM - (not logged in) (72.90.68.10)> 220 Please visit http://sourceforge.net/projects/filezilla/(000018)1/25/2013 11:48:21 AM - (not logged in) (72.90.68.10)> USER administrator(000018)1/25/2013 11:48:21 AM - (not logged in) (72.90.68.10)> 331 Password required for administrator(000018)1/25/2013 11:48:21 AM - (not logged in) (72.90.68.10)> PASS *****(000018)1/25/2013 11:48:21 AM - administrator (72.90.68.10)> 230 Logged on(000018)1/25/2013 11:48:21 AM - administrator (72.90.68.10)> CWD /(000018)1/25/2013 11:48:21 AM - administrator (72.90.68.10)> 250 CWD successful. "/" is current directory.(000018)1/25/2013 11:48:21 AM - administrator (72.90.68.10)> TYPE A(000018)1/25/2013 11:48:21 AM - administrator (72.90.68.10)> 200 Type set to A(000018)1/25/2013 11:48:21 AM - administrator (72.90.68.10)> PASV(000018)1/25/2013 11:48:21 AM - administrator (ip.ip.ip.ip.ip)> 227 Entering Passive Mode (72,90,69,2,10,125)
Here's what the Log shows when I hit the FTP server from the outside...
6
Jan 25 2013
08:48:52
72.90.68.10
39185
72.90.69.2
21
Deny TCP (no connection) from ip.ip.ip.ip/39185 to outsideinterfaceip/21 flags PSH ACK on interface External
Does that help?
Thanks again? Cyclist eh? Nice, that's my latest passion and it will probably send me to the poor house with the amount of times I crash.

WLS81sp6 and webservices ssl issues ?

Hi,
We have a simple webservice(via clientgen) that makes calls to a third party ssl based webservice. Under WLS8.1sp4+CRs it worked. We upgraded to 8.1sp6 and it has stopped working. The http portion works, the https portion takes a real long time. We have opened a ticket(70892) with BEA, but have not gotten any solutions. Our only choice is to roll back to 8.1sp4 or switch to JBoss 3.2.3
Is the log we see the following...
HANDSHAKEMESSAGE: Certificate>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Cannot complete the certificate chain: No trusted cert found>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHelloDone>
We have the following options added:
-Dweblogic.webservice.client.ssl.strictcertchecking=false
-Dweblogic.security.SSL.enforceConstraints=false
-Dweblogic.security.SSL.ignoreHostnameVerification=true
-Dweblogic.security.SSL.verbose=true
-Dweblogic.StdoutDebugEnabled=true
-Dssl.debug=true
The JDK we use is in c:\bea\jdk142_11\
Here is the full log
start - weblogic
<Mar 19, 2007 8:52:21 PM EDT> <Debug> <TLS> <000000> <SSL/Domestic license found>
<Mar 19, 2007 8:52:22 PM EDT> <Debug> <TLS> <000000> <Not in server, Certicom SSL license found>
<Mar 19, 2007 8:52:22 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacSHA1>
<Mar 19, 2007 8:52:22 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacSHA1>
<Mar 19, 2007 8:52:22 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacMD5>
<Mar 19, 2007 8:52:22 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacMD5>
<Mar 19, 2007 8:52:22 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE KeyAgreement: SunJCE version 1.42 for algorithm DiffieHellman>
<Mar 19, 2007 8:52:22 PM EDT> <Debug> <TLS> <000000> <Will use default KeyAgreement for algorithm DiffieHellman>
<Mar 19, 2007 8:52:22 PM EDT> <Debug> <TLS> <000000> <Will use default KeyAgreement for algorithm ECDH>
<Mar 19, 2007 8:52:22 PM EDT> <Debug> <TLS> <000000> <Using JCE Cipher: SunJCE version 1.42 for algorithm DESede/CBC/NoPadding>
<Mar 19, 2007 8:52:22 PM EDT> <Debug> <TLS> <000000> <Using JCE Cipher: SunJCE version 1.42 for algorithm DES/CBC/NoPadding>
<Mar 19, 2007 8:52:22 PM EDT> <Debug> <TLS> <000000> <Using JCE Cipher: SunJCE version 1.42 for algorithm AES/CBC/NoPadding>
<Mar 19, 2007 8:52:22 PM EDT> <Debug> <TLS> <000000> <Will use default Cipher for algorithm RC4>
<Mar 19, 2007 8:52:22 PM EDT> <Debug> <TLS> <000000> <Will use default Cipher for algorithm RSA/ECB/PKCS1Padding>
<Mar 19, 2007 8:52:23 PM EDT> <Debug> <TLS> <000000> <Will use default Cipher for algorithm RSA/ECB/NoPadding>
<Mar 19, 2007 8:52:23 PM EDT> <Debug> <TLS> <000000> <SSL Session TTL :90000>
<Mar 19, 2007 8:52:23 PM EDT> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
<Mar 19, 2007 8:52:23 PM EDT> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 20983130>
<Mar 19, 2007 8:52:23 PM EDT> <Debug> <TLS> <000000> <SSLSocket will NOT be Muxing>
<Mar 19, 2007 8:52:23 PM EDT> <Debug> <TLS> <000000> <write SSL_20_RECORD>
<Mar 19, 2007 8:52:23 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:23 PM EDT> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 19, 2007 8:52:23 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <798740 SSL3/TLS MAC>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <798740 received HANDSHAKE>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHello>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Certificate>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Cannot complete the certificate chain: No trusted cert found>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHelloDone>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm MD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Cipher for algorithm RC4>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Cipher for algorithm RSA/ECB/PKCS1Padding>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 134>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Cipher for algorithm RC4>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HMACMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HMACMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 16>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <798740 SSL3/TLS MAC>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <798740 received CHANGE_CIPHER_SPEC>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Cipher for algorithm RC4>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HMACMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HMACMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <798740 SSL3/TLS MAC>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <798740 received HANDSHAKE>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Finished>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 38>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 26>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 37>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 62>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 2>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read(offset=0, length=2048)>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <798740 SSL3/TLS MAC>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <798740 received APPLICATION_DATA: databufferLen 0, contentLength 16384>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read databufferLen 16384>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read B returns 2048>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <avalable(): 17818297 : 14336 + 2495 = 16831>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read(offset=1798, length=6394)>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read databufferLen 14336>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read B returns 6394>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read(offset=0, length=8192)>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read databufferLen 7942>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read A returns 7942>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <avalable(): 17818297 : 0 + 4210 = 4210>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read(offset=0, length=2048)>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <798740 SSL3/TLS MAC>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <798740 received APPLICATION_DATA: databufferLen 0, contentLength 4189>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read databufferLen 4189>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read B returns 2048>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <avalable(): 17818297 : 2141 + 0 = 2141>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read(offset=1798, length=6394)>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read databufferLen 2141>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read A returns 2141>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <avalable(): 17818297 : 0 + 0 = 0>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <NEW ALERT with Severity: WARNING, Type: 0
java.lang.Exception: New alert stack
     at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
     at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown Source)
     at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
     at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)
     at com.certicom.net.ssl.internal.HttpClient.closeServer(Unknown Source)
     at com.certicom.net.ssl.internal.HttpURLConnection.disconnect(Unknown Source)
     at weblogic.webservice.client.https.HttpsURLConnection.disconnect(HttpsURLConnection.java:213)
     at weblogic.webservice.tools.wsdlp.DefinitionFactory.cleanUpConnection(DefinitionFactory.java:313)
     at weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(DefinitionFactory.java:183)
     at weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:76)
     at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:108)
     at weblogic.webservice.core.rpc.ServiceImpl.<init>(ServiceImpl.java:91)
     at com.mckesson.hef.webservice.cardiology.weblogic.GetUrlService_Impl.<init>(GetUrlService_Impl.java:22)
     at com.mckesson.hef.webservice.cardiology.weblogic.Demo.main(Demo.java:29)
>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write ALERT, offset = 0, length = 2>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 read(offset=0, length=1)>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLIOContextTable.removeContext(ctx): 20983130>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <17818297 readRecord returned -1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLIOContextTable.removeContext(ctx): 20983130>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 23664622>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLSocket will NOT be Muxing>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write SSL_20_RECORD>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <30708295 SSL3/TLS MAC>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <30708295 received HANDSHAKE>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHello>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Certificate>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Cannot complete the certificate chain: No trusted cert found>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHelloDone>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm MD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Cipher for algorithm RC4>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Cipher for algorithm RSA/ECB/PKCS1Padding>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 134>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Cipher for algorithm RC4>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HMACMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HMACMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 16>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <30708295 SSL3/TLS MAC>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <30708295 received CHANGE_CIPHER_SPEC>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Cipher for algorithm RC4>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HMACMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HMACMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <30708295 SSL3/TLS MAC>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <30708295 received HANDSHAKE>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Finished>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacMD5>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Ignoring not supported JCE Mac: SunJCE version 1.42 for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <Will use default Mac for algorithm HmacSHA1>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 214>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 407>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <30463067 read(offset=0, length=256)>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 19, 2007 8:52:24 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:25 PM EDT> <Debug> <TLS> <000000> <30708295 SSL3/TLS MAC>
<Mar 19, 2007 8:52:25 PM EDT> <Debug> <TLS> <000000> <30708295 received APPLICATION_DATA: databufferLen 0, contentLength 695>
<Mar 19, 2007 8:52:25 PM EDT> <Debug> <TLS> <000000> <30463067 read databufferLen 695>
<Mar 19, 2007 8:52:25 PM EDT> <Debug> <TLS> <000000> <30463067 read B returns 256>
<Mar 19, 2007 8:52:25 PM EDT> <Debug> <TLS> <000000> <avalable(): 30463067 : 439 + 0 = 439>
<Mar 19, 2007 8:52:25 PM EDT> <Debug> <TLS> <000000> <30463067 read(offset=256, length=439)>
<Mar 19, 2007 8:52:25 PM EDT> <Debug> <TLS> <000000> <30463067 read databufferLen 439>
<Mar 19, 2007 8:52:25 PM EDT> <Debug> <TLS> <000000> <30463067 read B returns 439>
<Mar 19, 2007 8:52:25 PM EDT> <Debug> <TLS> <000000> <NEW ALERT with Severity: WARNING, Type: 0
java.lang.Exception: New alert stack
     at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
     at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown Source)
     at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
     at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)
     at weblogic.webservice.binding.https.HttpsBindingInfo.closeSharedSocket(HttpsBindingInfo.java:145)
     at weblogic.webservice.binding.https.HttpsClientBinding.releaseSocket(HttpsClientBinding.java:75)
     at weblogic.webservice.binding.soap.HttpClientBinding.receive(HttpClientBinding.java:295)
     at weblogic.webservice.core.handler.ClientHandler.handleResponse(ClientHandler.java:63)
     at weblogic.webservice.core.HandlerChainImpl.handleResponse(HandlerChainImpl.java:237)
     at weblogic.webservice.core.ClientDispatcher.receive(ClientDispatcher.java:243)
     at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:144)
     at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:471)
     at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:457)
     at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:303)
     at com.mckesson.hef.webservice.cardiology.weblogic.GetUrlServiceSoap_Stub.DoesPatientHaveStudiesWithImages(GetUrlServiceSoap_Stub.java:140)
     at com.mckesson.hef.webservice.cardiology.weblogic.GetUrlServiceSoap_Stub.DoesPatientHaveStudiesWithImages(GetUrlServiceSoap_Stub.java:161)
     at com.mckesson.hef.webservice.cardiology.weblogic.Demo.main(Demo.java:34)
>
<Mar 19, 2007 8:52:25 PM EDT> <Debug> <TLS> <000000> <write ALERT, offset = 0, length = 2>
<Mar 19, 2007 8:52:25 PM EDT> <Debug> <TLS> <000000> <30463067 read(offset=0, length=1)>
<Mar 19, 2007 8:52:25 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<Mar 19, 2007 8:52:25 PM EDT> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Mar 19, 2007 8:52:25 PM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
Any suggestions ?

Hi,
I am having an issue after our weblogic has been upgraded to SP6 from SP3. It's giving parse error saying it does not find the an attribute called "AdminPassword" in META-INF/application-config.xml file although it's available in this this file. Any idea if there is any limitation in SP6 which is causing this error while parsing this XML file?
Please let us know.
Here is the log:
<May 4, 2007 4:58:01 AM EDT> <Error> <Management> <BEA-400400> <Error while pars
ing Application businessinfo Configuration file META-INF/application-config.xml.
weblogic.management.configuration.ConfigurationException: Unknown MBean attribut
e while parsing META-INF/application-config.xml: MCNEILPORTAL:Application=busine
ssinfo,ApplicationConfiguration=businessinfo,Name=ConsumerSecurity,Type=Consumer
Security does not have attribute "AdminPassword".
at com.bea.p13n.management.internal.lifecycle.ConfigurationParser$Config
urationHandler.parseMBeanAttributes(ConfigurationParser.java:445)
at com.bea.p13n.management.internal.lifecycle.ConfigurationParser$Config
urationHandler.startElement(ConfigurationParser.java:275)
at weblogic.apache.xerces.parsers.AbstractSAXParser.startElement(Abstrac
tSAXParser.java:419)
at weblogic.apache.xerces.parsers.AbstractXMLDocumentParser.emptyElement
(AbstractXMLDocumentParser.java:221)
at weblogic.apache.xerces.impl.XMLNamespaceBinder.handleStartElement(XML
NamespaceBinder.java:874)
at weblogic.apache.xerces.impl.XMLNamespaceBinder.emptyElement(XMLNamesp
aceBinder.java:591)
at weblogic.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanStartE
lement(XMLDocumentFragmentScannerImpl.java:747)
at weblogic.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentCo
ntentDispatcher.dispatch(XMLDocumentFragmentScannerImpl.java:1477)
at weblogic.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocume
nt(XMLDocumentFragmentScannerImpl.java:329)
at weblogic.apache.xerces.parsers.DTDConfiguration.parse(DTDConfiguratio
n.java:525)
at weblogic.apache.xerces.parsers.DTDConfiguration.parse(DTDConfiguratio
n.java:581)
at weblogic.apache.xerces.parsers.XMLParser.parse(XMLParser.java:152)
at weblogic.apache.xerces.parsers.AbstractSAXParser.parse(AbstractSAXPar
ser.java:1175)
at com.bea.p13n.management.internal.lifecycle.ConfigurationParser.parse(
ConfigurationParser.java:124)
at weblogic.management.mbeans.custom.ApplicationConfiguration.doLoad(App
licationConfiguration.java:567)
Thanks
Regrads,
Ratan Das

Issue Applying Simple Links In SharePoint 2013

Having recently migrated a site from 2010 to 2013, I have now started enhancing existing pages whilst adding new one's also.
However, I am unable to add basic links to either text or graphics in 2013? This is frustrating and bizarre.
Typically, I create a thumbnail image and host it on the appropriate SharePoint page, then copy the URL of the page I want it to point to, then add the link to the image, using the
Link feature in the ribbon.
Simple? You would think so.
However, in 2010 it worked without issue. In 2013 it permits me to perform the aforesaid actions. (I even use the
test link feature which confirms the link is correct, yet after saving the page, clicking on the thumbnail thereafter, the links points to the typical
The webpage cannot be found page.
I've not experiened this before. Having tried all obvious options I cannot currently apply links to either text or graphics in 2013 which is greatly impacting my project work.
Any ideas or suggestions very welcome.
Senninha010

Hi Sen,
What is the url when link redirects you to the typical The
webpage cannot be found page ?
Regards
Soni K

Newly Occuring CSS SSL Issue in Chrome, FF10, IE9 with L5 rules; 3 second delay, loss of L5 stickyness

We recently started suffering an issue with our CSS11501S-K9 units not performing URL stickiness on our SSL wrapped L5 rules. I've spent dozens of manhours working on the problem, and have quite a bit of information to report, including a solution. There is a high probability that anybody who uses SSL to an L5 rule on a CSS unit will become affected by this problem over the next few weeks/months as users update their browsers with new SSL patches.
We hadn't made any changes to our config in months, and eliminated hardware problems by testing a second unit.
Here are the exact symptoms we saw:
Browsers affected: Firefox 10, Chrome, IE9, others (and some earlier versions of IE depending on patch levels)
Browsers not affected: FireFox 3.5, w3m 0.5.2, curl7.19.7
Impact 1: For SSL Rules backed by L5 rules, the initial response to the first request would be 3 seconds. Further requests on the same TCP connection would not be delayed
Impact 2: L5 rules being accessed via SSL would nolonger perform any URL based stickiness. Accessing the same rule skipping SSL, would work fine
I focused on the 3 second delay, since that was a new issue and was easier to debug than monitoring multiple servers to see if stickiness was broken. This is what I found when a client tries to connect to an SSL rule that ultimately is routed to a L5 HTTP rule:
1. Client/CSS perform initial TLS handshake, crypto cyphers determined (nearly instantly)
2. Client sends HTTP 1.1 request for resource (nearly instantly)
3. 3 seconds of no traffic in our out of the CSS related to this request
4. CSS opens an HTTP connection to backend webserver, backend webserver responds (nearly instantly)
5. The CSS seems to route to the backend server using the balance method (round-robin) instead of the advanced-balance method (url)
6. Response is sent to the client with the resource (nearly instantly)
7. Future requests sent from the browser on the same TCP connection have no delay, but the advanced-balance continues to be ignored
The 3 seconds is quite an exact figure (within a few milliseconds) and appears to be entirely happening inside of the CSS unit itself, since it does not connect to the backend server until after the 3 seconds elapse. 3 seconds smelled like some sort of internal timeout set in the CSS unit after it gives up waiting for something.
Looking at the packets from affected browsers I discovered that the GET /foobar HTTP/1.1 request was being broken into two separate TLSv1 application messages, the first was 24 bytes and the second was 400 bytes. Decrypting these messages I found the first message was a
G
and the second message was:
ET /foobar HTTP/1.1
This essentially splits the initial request the client is sending into two pieces. This confuses wireshark so much, it doesn't decode this as a HTTP request, and just decodes it as "continuation or non-HTTP traffic".
On the working browsers I saw only one TLSv1 application message, decrypting it I saw:
GET /foobar HTTP/1.1
(obviously I'm simplifying the contents of the request, there were lots of headers and stuff)
I am aware that the CSS can't handle L5 rules appropriately if they get fragmented, so I suspected this was the problem. I pulled a packet trace from a few years ago, and at that time confirmed we never saw a double TLSv1 application messages before.
A number of openssl vulnerabilities were recently fixed: http://www.ubuntu.com/usn/usn-1357-1
and browsers may have been recently updated to fix some of these issues, changing the way they encode their traffic.
Solution:
Our ssl config looked something like this:
ssl-proxy-list SSL_ACCEL
ssl-server 10 vip address XX.XX.XX.XX
ssl-server 10 rsakey XXXX
ssl-server 10 cipher rsa-with-3des-ede-cbc-sha XX.XX.XX.XX 80
ssl-server 10 cipher rsa-with-rc4-128-sha XX.XX.XX.XX 80
ssl-server 10 cipher rsa-with-rc4-128-md5 XX.XX.XX.XX 80
ssl-server 10 unclean-shutdown
ssl-server 10 rsacert XXXXXX
Removing:
ssl-server 10 cipher rsa-with-3des-ede-cbc-sha XX.XX.XX.XX 80
Solves the problem. After that's removed, the browsers will nolonger fragment the first character of their request into a separate TLSv1 message. The 3 second delay goes away, and L5 stickiness is fixed. The "CBC" in the cyper refers to Cypher-Block-Chaining (a great article here:
http://en.wikipedia.org/wiki/Cipher-block_chaining), and breaking the payload into multiple packages may have been an attempt to initialize the IV for encryption -- although I'm really just guessing, I stopped researching once I verified this solution was acceptable.
This issue became serious enough for us to notice first on Monday Feb 13th 2012. We believe a number of our large customers distributed workstation updates over the weekend. The customers affected were using IE7, although my personal IE7 test workstation did not appear to be affected. It's quite possible our customers were going through an SSL proxy. I suspect as more people upgrade their browsers, this will become a more serious issue for CSS users, and I hope this saves somebody a huge headache and problems with their production environment.
-Joe

Hi Joe,
That's a very good analysis you did.
As you already suspected, the issue comes from the TLS record fragmentation feature that was introduced in the latest browser versions to overcome a SSL vulnerability (http://www.kb.cert.org/vuls/id/864643). Unfortunately, similar issues are happening with multiple products.
For CSS, the bug tracking this issue is CSCtx68270. The development team is actively working on a fix for it, which should be available (in an interim software release, so to get it you wil have to go through TAC) in the next couple of weeks
In the meantime, as workaround, you can configure the CSS to use only RC4 cyphers (which is what you were suggesting also). These are not affected by the vulnerability, so, browsers don't apply the record fragmentation when they are in use. This workaround has been tested by several customers already, and the results seem to be very positive.
Regards
Daniel

Two way SSL issue in weblogic

Hi All,
we have enabled 2 way SSL in weblogic, we have one Admin Server and one managed (soa) server version 11.1.1.5
steps we have followed:
we have imported identity certificate and key file to a custom identity store
improted trust certificates to a custom trust keystore
in weblogic consile: soa_server1-> keystires : we have updated custom identity and trust details
in weblogic consile: soa_server1-> ssl - we have updated required custom identity details and selected " Client Certs Requested And Enforced" for Two Way Client Cert Behavior.
but while testing our process we are getting below error:
we have tried openssl to test the connectivity but not sure about the output, is there any way to trace the SSL connection?
any input will be really helpful.
<AIASessionPoolManagerFault xmlns="http://xmlns.oracle.com/AIASessionPoolManager">
-<part name="summary">
<summary xmlns:def="http://www.w3.org/2001/XMLSchema" xsi:type="def:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
com.oracle.bpel.client.BPELFault: faultName: {{http://xmlns.oracle.com/AIASessionPoolManager}AIASessionPoolManagerFault}
messageType: {{http://schemas.oracle.com/bpel/extension}RuntimeFaultMessage}
parts: {{
summary=<summary xmlns:def="http://www.w3.org/2001/XMLSchema" xsi:type="def:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Error on AIASessionPoolManager.bpel when attempting Get operation</summary>
,detail=<detail xmlns:def="http://www.w3.org/2001/XMLSchema" xsi:type="def:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Error on AIASessionPoolManager.bpel: Operation=Get.
     SessionPoolHost.getSession(Siebel,170006): getSession(Siebel,170006) failed: Thread [weblogic.work.j2ee.J2EEWorkManager$WorkWithListener@107d5bb4] faild to initialize the session pool. SessionPoolHost.create() thread[weblogic.work.j2ee.J2EEWorkManager$WorkWithListener@107d5bb4]: Failed to obtain a session after 3 attempts. SPM cannot successfully connect to web server Login credentials [endpoint: https://+<host>+:443/ngbeai_enu/start.swe?SWEExtSource=SecureWebService&SWEExtCmd=Execute&WSSOAP=1 ]
     java.lang.Throwable: SOAPException occured when requesting : javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: Received fatal alert: handshake_failure
     javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: Received fatal alert: handshake_failure.
     </detail>
,code=<code xmlns:def="http://www.w3.org/2001/XMLSchema" xsi:type="def:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Error</code>}
</summary>
</part>
-<part name="detail">
<detail xmlns:def="http://www.w3.org/2001/XMLSchema" xsi:type="def:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
Error on AIASessionPoolManager.bpel: Operation=Get.
     SessionPoolHost.getSession(Siebel,170006): getSession(Siebel,170006) failed: Thread [weblogic.work.j2ee.J2EEWorkManager$WorkWithListener@107d5bb4] faild to initialize the session pool. SessionPoolHost.create() thread[weblogic.work.j2ee.J2EEWorkManager$WorkWithListener@107d5bb4]: Failed to obtain a session after 3 attempts. SPM cannot successfully connect to web server Login credentials [endpoint: https://+<host>+/ngbeai_enu/start.swe?SWEExtSource=SecureWebService&SWEExtCmd=Execute&WSSOAP=1 ]
     java.lang.Throwable: SOAPException occured when requesting : javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: Received fatal alert: handshake_failure
     javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: Received fatal alert: handshake_failure.
</detail>
</part>
TIA,
Vivek
Edited by: 909283 on Apr 15, 2013 12:07 AM

Hi Kishor/Rene,
Thanks for the reply, we have already referred to the mentioned Oracle Note and enabled SSL debugging.
while starting Admin server we are getting below output:
Can you please confirm from below logs that SSL connection is correct, i have also provided below the error message we are getting in our process.
<Apr 2, 2013 6:49:56 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 316588026>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write SSL_20_RECORD>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received HANDSHAKE>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received HANDSHAKE>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 105197569742293346305268
Issuer:DC=com, DC=<xyz>, DC=dir, DC=test, DC=testcore, CN= Test AD Objects CA1
Subject:C=AU, ST=NSW, L=Sydney, O=<xyz>, OU=Operations and Shared Services, CN= xyz>.com.au, EMAIL=<abcd>@<.com>
Not Valid Before:Thu Oct 11 11:00:23 EST 2012
Not Valid After:Sat Oct 11 11:00:23 EST 2014
Signature Algorithm:SHA1withRSA
>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 458601664052503175495693
Issuer:CN=<xyz> Test Policy CA
Subject:DC=com, DC=<xyz>, DC=dir, DC=test, DC=testcore, CN=<xyz> Test AD Objects CA1
Not Valid Before:Thu Nov 10 15:24:24 EST 2011
Not Valid After:Thu Nov 10 15:34:24 EST 2016
Signature Algorithm:SHA1withRSA
>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 0>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 105197569742293346305268
Issuer:DC=com, DC=<xyz>, DC=dir, DC=test, DC=testcore, CN=<xyz> Test AD Objects CA1
Subject:C=AU, ST=NSW, L=Sydney, O=<xyz>, OU=Operations and Shared Services, CN=<abcd>.<.com>, EMAIL=<abcd>@<.com>
Not Valid Before:Thu Oct 11 11:00:23 EST 2012
Not Valid After:Sat Oct 11 11:00:23 EST 2014
Signature Algorithm:SHA1withRSA
>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 458601664052503175495693
Issuer:CN=<xyz> Test Policy CA
Subject:DC=com, DC=<xyz>, DC=dir, DC=test, DC=testcore, CN=<xyz> Test AD Objects CA1
Not Valid Before:Thu Nov 10 15:24:24 EST 2011
Not Valid After:Thu Nov 10 15:34:24 EST 2016
Signature Algorithm:SHA1withRSA
>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 0>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 0>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (0): NONE>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Performing hostname validation checks: <abcd>.<.com>>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received HANDSHAKE>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerKeyExchange RSA>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm MD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received HANDSHAKE>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHelloDone>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 70>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HMACMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HMACMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 16>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received CHANGE_CIPHER_SPEC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HMACMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HMACMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received HANDSHAKE>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Finished>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 8>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read(offset=0, length=8192)>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received APPLICATION_DATA: databufferLen 0, contentLength 26>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read databufferLen 26>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read A returns 26>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <avalable(): 316565651 : 0 + 0 = 0>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 24>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read(offset=0, length=8192)>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received APPLICATION_DATA: databufferLen 0, contentLength 45>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read databufferLen 45>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read A returns 45>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <avalable(): 316565651 : 0 + 0 = 0>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 15>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read(offset=0, length=8192)>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received APPLICATION_DATA: databufferLen 0, contentLength 30>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read databufferLen 30>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read A returns 30>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <avalable(): 316565651 : 0 + 0 = 0>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 18>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read(offset=0, length=8192)>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received APPLICATION_DATA: databufferLen 0, contentLength 23>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read databufferLen 23>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read A returns 23>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <avalable(): 316565651 : 0 + 0 = 0>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 20>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read(offset=0, length=8192)>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received APPLICATION_DATA: databufferLen 0, contentLength 41>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read databufferLen 41>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read A returns 41>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <avalable(): 316565651 : 0 + 0 = 0>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 7>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read(offset=0, length=8192)>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received APPLICATION_DATA: databufferLen 0, contentLength 13>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read databufferLen 13>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read A returns 13>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <avalable(): 316565651 : 0 + 0 = 0>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: WARNING, Type: 0
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
at javax.net.ssl.impl.SSLLayeredSocket.close(Unknown Source)
at weblogic.nodemanager.client.NMServerClient.disconnect(NMServerClient.java:276)
at weblogic.nodemanager.client.NMServerClient.done(NMServerClient.java:138)
at weblogic.nodemanager.mbean.NodeManagerRuntime.getState(NodeManagerRuntime.java:423)
at weblogic.nodemanager.mbean.NodeManagerRuntime.getState(NodeManagerRuntime.java:440)
at weblogic.server.ServerLifeCycleRuntime.getStateNodeManager(ServerLifeCycleRuntime.java:752)
at weblogic.server.ServerLifeCycleRuntime.getState(ServerLifeCycleRuntime.java:584)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.management.jmx.modelmbean.WLSModelMBean.getAttribute(WLSModelMBean.java:525)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getAttribute(DefaultMBeanServerInterceptor.java:666)
at com.sun.jmx.mbeanserver.JmxMBeanServer.getAttribute(JmxMBeanServer.java:638)
at weblogic.management.mbeanservers.domainruntime.internal.FederatedMBeanServerInterceptor.getAttribute(FederatedMBeanServerInterceptor.java:308)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$12.run(WLSMBeanServerInterceptorBase.java:326)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.getAttribute(WLSMBeanServerInterceptorBase.java:324)
at weblogic.management.mbeanservers.internal.JMXContextInterceptor.getAttribute(JMXContextInterceptor.java:157)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$12.run(WLSMBeanServerInterceptorBase.java:326)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.getAttribute(WLSMBeanServerInterceptorBase.java:324)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$12.run(WLSMBeanServerInterceptorBase.java:326)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.getAttribute(WLSMBeanServerInterceptorBase.java:324)
at weblogic.management.mbeanservers.internal.SecurityInterceptor.getAttribute(SecurityInterceptor.java:299)
at weblogic.management.jmx.mbeanserver.WLSMBeanServer.getAttribute(WLSMBeanServer.java:279)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$5$1.run(JMXConnectorSubjectForwarder.java:326)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$5.run(JMXConnectorSubjectForwarder.java:324)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.getAttribute(JMXConnectorSubjectForwarder.java:319)
at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1404)
at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1265)
at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1367)
at javax.management.remote.rmi.RMIConnectionImpl.getAttribute(RMIConnectionImpl.java:600)
at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222)
at javax.management.remote.rmi.RMIConnectionImpl_1035_WLStub.getAttribute(Unknown Source)
at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.getAttribute(RMIConnector.java:878)
at javax.management.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:263)
at weblogic.management.jmx.MBeanServerInvocationHandler.doInvoke(MBeanServerInvocationHandler.java:504)
at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:380)
at $Proxy138.getState(Unknown Source)
at com.bea.console.actions.core.server.ServerTableAction.populateServerRuntimeTableBean(ServerTableAction.java:365)
at com.bea.console.actions.core.server.ServerTableAction$ServerTableWork.run(ServerTableAction.java:498)
at weblogic.work.commonj.CommonjWorkManagerImpl$WorkWithListener.run(CommonjWorkManagerImpl.java:203)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 316565651>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 316588026>
error in bpel process:
summary=<summary xmlns:def="http://www.w3.org/2001/XMLSchema" xsi:type="def:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Error on AIASessionPoolManager.bpel when attempting Get operation</summary>
,detail=<detail xmlns:def="http://www.w3.org/2001/XMLSchema" xsi:type="def:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Error on AIASessionPoolManager.bpel: Operation=Get.
SessionPoolHost.getSession(Siebel,190001): SessionPoolHost.create() thread[weblogic.work.j2ee.J2EEWorkManager$WorkWithListener@16670d1d]: Failed to obtain a session after 3 attempts. SPM cannot successfully connect to web server Login credentials [endpoint: https://<host>:443/eai_enu/start.swe?SWEExtSource=SecureWebService&SWEExtCmd=Execute&WSSOAP=1 ].
java.lang.Throwable: SOAPException occured when requesting : javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: Received fatal alert: handshake_failure
javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: Received fatal alert: handshake_failure</detail>
,code=<code xmlns:def="http://www.w3.org/2001/XMLSchema" xsi:type="def:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Error</code>}
</summary>
TIA,
Vivek
Edited by: 909283 on Apr 15, 2013 12:08 AM

Issue in simple Iview creation

Hi Friends,
I am going to develop IView, Page, workset, Role, and assigning the Role to the user.
I created all these four and User, just I added one by one like Iview to page, page to workset, workset to Role and assigned Role to User.
Now If I open the portal with user, It is showing page not found.
Could you please help me in this.
Regards,
Lakshmi Prasad.

I have enable all Entry point for iview, workset, roles, etc. However still nothings works.
The tab of the respective role did not display at all. Standard SAP role is working. Only custom ones are not.
I have no much idea after trying to fine what's the issue.
Hoping someone could help me out.
Thanks.

Performance issue of simple mapping

Hi All,
We cretated one simple mapping the details are as follows:
01. We had created on public dblink in Oracle 11g pointing to sqlserver
02. By using the publicdblink we create one view at Oracle 11g. This view acts as a source in my mapping.
03. We imported the above view just pointed to target table. We not used any transformations in between.
SOURCE ----->TARGET TABLE A
If we generate the code of mapping select statement and try to execute it will retrievewing results with in 7 minutes approximately. If we take insert code generation and try to execute it is continuosly running.
We tried by change the configuration for Default mode from Set based fail over to rowbased and set based and we checked Analyze table statement. But not succeeded.
Can you please suggest how we resolve this issue.
Let us what kind of hints we can use to reduce the execution time of mappings.
Regards,
Ava

Hello Oleg,
Please find the scripts as follows:
01. Creation of view in my source schema:
CREATE OR REPLACE FORCE VIEW SOURCE_SCHEMA.SOURCE_A_VW (
"DocID",
"License",
"SiteCode",
"ActivationCode",
"TimesChanged",
"HostName",
"Quantity",
"DiskVolSN",
"OriginalOrderNo",
"HouseOrderNo",
"LicenseID",
"LicenseNotes",
"LicenseSNs",
"Comments",
"Created_Date"
AS
SELECT "DocID",
"License",
"SiteCode",
"ActivationCode",
"TimesChanged",
"HostName",
"Quantity",
"DiskVolSN",
"OriginalOrderNo",
"HouseOrderNo",
"LicenseID",
"LicenseNotes",
"LicenseSNs",
"Comments",
"Created_Date"
FROM A.SOURCEA@DBLINK;
GRANT SELECT ON SOURCE_SCHEMA.SOURCE_A_VW TO TARGET_SCHEMA;
02. We tested with the following select query from Mapping code and we are able to retrieve in 7 Minutes.
SELECT
"SOURCE_A_VW"."DocID" "DOCID",
"SOURCE_A_VW"."License" "LICENSE",
"SOURCE_A_VW"."SiteCode" "SITECODE",
"SOURCE_A_VW"."ActivationCode" "ACTIVATIONCODE",
"SOURCE_A_VW"."TimesChanged" "TIMESCHANGED",
"SOURCE_A_VW"."HostName" "HOSTNAME",
"SOURCE_A_VW"."Quantity" "QUANTITY",
"SOURCE_A_VW"."DiskVolSN" "DISKVOLSN",
"SOURCE_A_VW"."OriginalOrderNo" "ORIGINALORDERNO",
"SOURCE_A_VW"."HouseOrderNo" "HOUSEORDERNO",
"SOURCE_A_VW"."LicenseID" "LICENSEID",
"SOURCE_A_VW"."LicenseNotes" "LICENSENOTES",
"SOURCE_A_VW"."LicenseSNs" "LICENSESNS",
"SOURCE_A_VW"."Comments" "COMMENTS",
"SOURCE_A_VW"."Created_Date" "CREATED_DATE"
FROM
"SOURCE_SCHEMA"."SOURCE_A_VW" "SOURCE_A_VW"
03. We tested with the following Insert query from Mapping code and continuosly running.
INSERT
INTO
"TARGET_A" "TARGET_A"
("DOCID",
"LICENSE",
"SITECODE",
"ACTIVATIONCODE",
"TIMESCHANGED",
"HOSTNAME",
"QUANTITY",
"DISKVOLSN",
"ORIGINALORDERNO",
"HOUSEORDERNO",
"LICENSEID",
"LICENSENOTES",
"LICENSESNS",
"COMMENTS",
"CREATED_DATE")
(SELECT
"SOURCE_A_VW"."DocID" "DOCID",
"SOURCE_A_VW"."License" "LICENSE",
"SOURCE_A_VW"."SiteCode" "SITECODE",
"SOURCE_A_VW"."ActivationCode" "ACTIVATIONCODE",
"SOURCE_A_VW"."TimesChanged" "TIMESCHANGED",
"SOURCE_A_VW"."HostName" "HOSTNAME",
"SOURCE_A_VW"."Quantity" "QUANTITY",
"SOURCE_A_VW"."DiskVolSN" "DISKVOLSN",
"SOURCE_A_VW"."OriginalOrderNo" "ORIGINALORDERNO",
"SOURCE_A_VW"."HouseOrderNo" "HOUSEORDERNO",
"SOURCE_A_VW"."LicenseID" "LICENSEID",
"SOURCE_A_VW"."LicenseNotes" "LICENSENOTES",
"SOURCE_A_VW"."LicenseSNs" "LICENSESNS",
"SOURCE_A_VW"."Comments" "COMMENTS",
"SOURCE_A_VW"."Created_Date" "CREATED_DATE"
FROM
"SOURCE_SCHEMA"."SOURCE_A_VW" "SOURCE_A_VW"
Please let me know if you have any concerns on the above scripts.
Regards,
Ava

RMI/SSL Java 5: simple answer for simple app?

I have a very simple RMI application (no dynamic class loader, no security manager, no rmiregistry), which I'd like to run with SSL. I'm using Java 5 and want to use the standard socket factories but haven't found a clear example of how to do it; I've run into what's probably a trivial problem.
My current code looks something like
public class X extends UnicastRemoteObject {
    public void startServer(String url, int port) {
        System.setProperty("java.rmi.server.ignoreStubClasses", "true");
         LocateRegistry.createRegistry(port);
         Naming.rebind(url,server);
}This works properly.
To use SSL, I changed the createRegistry call to
    LocateRegistry.createRegistry(port,
                    new SslRMIClientSocketFactory(),
                    new SslRMIServerSocketFactory());However, with this change, the rebind call throws an exception:
startServer: java.rmi.ConnectIOException: non-JRMP server at remote endpoint
java.rmi.ConnectIOException: non-JRMP server at remote endpoint
     at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:217)
     at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171)
     at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:306)
     at sun.rmi.registry.RegistryImpl_Stub.rebind(Unknown Source)
     at java.rmi.Naming.rebind(Naming.java:160)
        ...Any idea of what I'm doing wrong?
Thanks

This should be in a new thread.
java.rmi.server.RMISocketFactory.setSocketFactory(new
RmiSecureSocketFactory());Delete this line. It calls a deprecated method which is 6 years out of date, and you are only calling it at the server, so of courseyour client is speaking JRMP, not JRMP/SSL, to the server, as the exception says. You should be using RMIServerSocketFactory and RMIClientSocketFactory, as follows (and as per the samples that come with your JDK):
this.rmiProcessor = new SamlProcessorImpl();Make sure that SamIProcessorImpl() calls
super(port, new RmiSSHClientSocketFactory(), new RmiSSHClientSocketFactory());
LocateRegistry.createRegistry(port);
LocateRegistry.getRegistry(port).bind(bindName, rmiProcessor);Now you're creating a JRMP registry, but your client expects a JRMP/SSL registry. Change this to
Registry reg = LocateRegistry.createRegistry(port, new RmiSSHClientSocketFactory(), new RmiSSHClientSocketFactory());
reg.bind(bindName, rmiProcessor);
the RmiSecureSocketFactory returns sslsockets and
when running the server i pass these options
-Djavax.net.ssl.trustStore=pdp.keystore
-Djavax.net.ssl.keyStore=pdp.keystore
-Djavax.net.ssl.keyStorePassword=*******This won't do at the server. The server socket factory must initialize an SSLContext with a non-null KeyManagerFactory which uses these keystore attributes, and create the SSLServerSocket from the context's SSLServerSocketFactory. This seems to be an error in the JDK javadoc.
rmiServer = (RmiProcessor)
miProcessor) LocateRegistry.getRegistry(hostName,
port,
new RmiSSHClientSocketFactory()).lookup(serverBindName);This is OK.
good luck

Mod_osso and ssl issue

running Oracle AS 10g (10.1.2).
I have protected a directory with mod_osso (in mod_osso.conf).
<Location /directory/*>
require valid-user
AuthType Basic
</Location>
I navigate to https://mydomain/directory, and it redirects to the SSO asking for my password as it should. I enter my details and submit... it then hangs and eventually reports "No response from web server....".
I notice the URL is :
http://domain/osso_login_success?urlc=v1.4~8DE....
If I change it to https it works fine... so I need to configure the sso server to redirect to the ssl URL ....any ideas how ???
thanks.

I know this thread is over a year old, but I am having this very same issue, so I'd like to revive it and get an answer after all....

Web Service Using SSL issue

I have a web service that has been working fine using http. Just switched over to SSL using the <WLHttpsTransport> tag on the jwsc ant command. Now I get the following error at runtime: Any ideas/suggestions? Thanks in advance - Craig
16:22:27,953 INFO [STDOUT] Caused by: java.lang.NoClassDefFoundError: org/apache/tools/ant/BuildException
16:22:27,953 INFO [STDOUT] at weblogic.wsee.bind.buildtime.internal.TylarJ2SBindingsBuilderImpl.<init>(TylarJ2SBindingsBuilderImpl.java:87)
16:22:27,953 INFO [STDOUT] at weblogic.wsee.bind.buildtime.J2SBindingsBuilder$Factory.newInstance(J2SBindingsBuilder.java:30)
16:22:27,953 INFO [STDOUT] at weblogic.wsee.util.ExceptionUtil.<clinit>(ExceptionUtil.java:48)
16:22:27,953 INFO [STDOUT] at weblogic.wsee.util.FaultUtil.exception2Fault(FaultUtil.java:230)
16:22:27,953 INFO [STDOUT] at weblogic.wsee.message.soap.SoapMessageContext.setFault(SoapMessageContext.java:102)

I thought I would post an update since I found a solution. The problem was a ClassCast exception in a part of the SSL stack, that wanted to use the ant BuildException class. This has the effect of hiding the real issue which was that the SSL connection was not successfully occuring. The real problem was that the SSL connection started with a WSDL retrieved via SSL, but the connection for the port was through a username/password. When a username/password is used to create a port, the WL stack falls back to http and causes a ClassCast exception on weblogic.wsee.connection.transport.http.HttpTransportInfo. The solution is to create an https transport object when the service impl is created:
HttpsTransportInfo transport = new HttpsTransportInfo ();
transport.setUsername (user.getBytes ());
transport.setPassword (pass.getBytes ());
gServiceImpl = new PersistenceManagerService_Impl (url, transport);
and to create the port without parameters:
port = getServiceImpl ().getPersistenceManagerServicePort ();
This allows one-way SSL with username/password for the connection.

SOA Suite - " usermessagingdriver-email " & SSL issue.

Hi All,
We are about to install SSL certificate on Weblogic 10.3.6 server ( built in windows ). We have followed the below steps to install and configure the SSL certificate.
1. Created a Keystore
2. Generated a Certificate Signing Request (CSR)
3. Sent the CSR to a Certificate Authority (CA)
4. Imported the Trusted CA Certificate(s) - 3
5. Imported the Server Certificate - 1
6. Configured WebLogic Server for SSL ( filled required values under Keystore and SSL tab , Als enabled the SSL port as 443 ).
7. As a final step,We have restarted the managed server where SSL requires to install. However we have been thrown with below error in managed server.log ( Server is started to run with the protocols iiop, t3, ldap, snmp, http not with https ).
Error
####<Nov 11, 2013 8:37:52 PM CET> <Error> <Security> <XXXXX> <soa_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <1384198672574> <BEA-090132> <Could not open the keystore file D:\oracle\Middleware\Keystores for read access. Exception: java.io.FileNotFoundException: D:\oracle\Middleware\Keystores (Access is denied)>
####<Nov 11, 2013 8:37:52 PM CET> <Alert> <Security> <DNSAPPCPH601> <soa_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <1384198672574> <BEA-090166> <Failed to load identity keystore of type JKS from file D:\oracle\Middleware\Keystores on server soa_server1>
####<Nov 11, 2013 8:37:52 PM CET> <Error> <WebLogicServer> <XXXXXX> <soa_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <1384198672574> <BEA-000297> <Inconsistent security configuration, weblogic.management.configuration.ConfigurationException: Failed to load identity keystore of type JKS from file D:\oracle\Middleware\Keystores on server soa_server1>
Deployment status ( We installed SOA server under weblogic )
After the restart of managed server , We could see one of the application (usermessagingdriver-email ) moved to prepared status. This was in good health status before the restart.
When we are starting the application.It throws below error in the top of the admin console.
The run-as security principal, 'OracleSystemUser', chosen for the EJB 'DriverDispatcherBean(Application: usermessagingdriver-email, EJBComponent: sdpmessagingdriver-dispatcher-ejb.jar)' is not a valid user principal in the current security realm. Please specify a valid user principal for the EJB to use
Can anyone please suggest how shall we go further.

Hi All,
I have sorted the above Access denied issue by navigating the proper path in Admin Console. Have configured the SSL certificate now..( but request is to install two way SSL ). However have installed server certificate alone with the root and intermediate certs. After executing the below steps...
1. Created a Keystore
2. Generated a Certificate Signing Request (CSR)
3. Sent the CSR to a Certificate Authority (CA)
4. Imported the Trusted CA Certificate(s) - 3
5. Imported the Server Certificate - 1
6. Configured WebLogic Server for SSL ( filled required values under Keystore and SSL tab , Also enabled the SSL port as 443 ).
7. We have restarted the managed server where SSL requires to install.
8. Modified the SSL > Two way Client cert Behaviour > Client Certs Requested But Not Enforced , this option was enabled ( PS ! We are not yet install client certificate ).
Could see the log entries like below
<Nov 14, 2013 3:44:12 PM > <Notice> <Security> <BEA-090169> <Loading trusted certificates from the JKS keystore file D:\oracle\Middleware\Keystores\keystore.jks.>
<Nov 14, 2013 3:44:12 PM > <Notice> <Server> <BEA-002613> <Channel "DefaultSecure" is now listening on 10.123.1.141:443 for protocols iiops, t3s, CLUSTER-BROADCAST-SECURE, ldaps, https.>
<Nov 14, 2013 3:44:12 PM > <Notice> <Server> <BEA-002613> <Channel "DefaultSecure[1]" is now listening on 0:0:0:0:0:0:0:1:443 for protocols iiops, t3s, CLUSTER-BROADCAST-SECURE, ldaps, https.>
<Nov 14, 2013 3:44:12 PM > <Notice> <Server> <BEA-002613> <Channel "DefaultSecure[2]" is now listening on 127.0.0.1:443 for protocols iiops, t3s, CLUSTER-BROADCAST-SECURE, ldaps, https.>
Even though when we tried to access the URL ( https://hostname.local:443/benefits) we got the below error.
There is a problem with this website's security certificate.
We recommend that you close this webpage and do not continue to this website.
> Click here to close this webpage.
> Continue to this website (not recommended).
> More information
If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting.
When going to a website with an address such as https://example.com, try adding the 'www' to the address, https://www.example.com.
If you choose to ignore this error and continue, do not enter private information into the website.
For more information, see "Certificate Errors" in Internet Explorer Help.
Can anyone please suggest me the flow to install two way ssl certificate in weblogic 10.3.6 ?
Thanks
Lakshmanan

Xcelsius 2008 : BO XI SSL ISSUE

Post Author: FLugand
CA Forum: Xcelsius and Live Office
BO XI R2 SP2 with SSL certificate.
We have an issue with IE and the URL button. The URL doesn't load.
https://server:8443/businessobjects/enterprise115/desktoplaunch/opendoc/openDocument.jsp?sDocName=aTest2008
And it works with Firefox. It also works with IE without SSL on our BOXI server.

Post Author: FLugand
CA Forum: Xcelsius and Live Office
I've changed my response header to :
response.setHeader("Cache-Control","no-store");response.setHeader( "Pragma", "public" );
And it works fine.
My last issue with Xcelsius 2008 is the XML Data variable name resolution. It works with the position of the variable in the XML file but not with their names. In the "Connection Refresh - XML.xlf" from the user guides samples, I've changed the variable name from Range_0 to Dummy and it still works !
Do you know if it will be corrected in the july release ?

Possible Safari wildcard SSL issue

I really hope this is the right venue for this sort of thing. This is my first post here, so please forgive me if this is not the place.
That said, I think that I have run into an issue with the way that wildcard SSL is handled in Safari.
I have an SSL cert for *.sld.tld (a wildcard cert) I expect the cert to operated properly with 'www.some.sld.tld' under SSL but interestingly, that won't work under Safari.
I'm sorry to be dry and cite RFPs, but I think it best illustrates the problem and perhaps why both Firefox and Opera will allow for the above as valid in SSL with a wildcard cert.
The author for RFC2818 (which is the RFC I think that most folks will probably point to regarding this issue) says "Matching is performed using the matching rules specified by [RFC2459]." and then goes on to give some examples.
RFC2459 says, "For URIs, the constraint applies to the host part of the name. The constraint may specify a host or a domain. Examples would be "foo.bar.com"; and ".xyz.com". When the the constraint begins with a period, it may be expanded with one or more subdomains. That is, the constraint ".xyz.com" is satisfied by both abc.xyz.com and abc.def.xyz.com. However, the constraint ".xyz.com" is not satisfied by "xyz.com". When the constraint does not begin with a period, it specifies a host. " - Page 35 RFC 2459
and this:
"DNS name restrictions are expressed as foo.bar.com. Any subdomain satisfies the name constraint. For example, www.foo.bar.com would satisfy the constraint but bigfoo.bar.com would not." - Same page RFC 2459
Specifically, if you substitute 'abc' with 'www' in this phrase from above -".xyz.com" is satisfied by both abc.xyz.com and abc.def.xyz.com., you pretty much get what I want to have happen in Safari. Specifically, www.sld.tld and www.def.sld.tld would be both valid for HTTPS requests using the wildcard *.sld.tld SSL certificate.
If I have DNS control of a domain and I have a wildcard cert for that domain, then really based on logic and the RFC cites above, any valid DNS sub domain under the controlled domain should be available for SSL.
Tell me where I am going wrong here. Or, if I actually found a problem, please fix the bug when you can.
I don't wish to be accused of self promotion, so I won't list my real world URL example here, however if someone at Apple would like to have it, they are welcome to contact me and I will provide a direct example of the problem.
Thanks,
CommerceCompany

I have not independently researched the RFCs, but I am running into a similar problem and require a similar solution as you request. In my case, the issue arises in Mail.app instead of Safari.
I found the following reference in another forum, which would indicate that this person's interpretation of the RFC for wildcard domains in certificates is that an asterisk (*.foo.com) is only valid at one sub level (this interpretation is opposite yours, unfortunately). This behavior seems counter-intuitive, and I, like you, would hope that it would match all sub levels under foo.com.
http://www.dreamhoststatus.com/2007/06/17/ssl-certificate-renewal-for-most-custo mers/#comment-42283
In my case, I am trying to secure mail connections using SSL in Mail.app when connecting to a mail server hosted by a hosting company (MediaTemple.net). Their hosting domain is gridserver.com, and their SSL cert is for *.gridserver.com. Their hosted mail servers are provided via machine names similar to the following:
myhosteddomain.com.myaccountnumber.gridserver.com
Even after storing the *.gridserver.com cert in my keychain appropriately, this will not match in Mail.app.
Other forums (including the one above) seem to indicate that other mail clients honor the wildcard match for all manner of subdomains, regardless of whatever the 'correct' interpretation of the RFCs are. I hope that Apple will either set us straight on an appropriate way to achieve this, set us straight on why it is a dangerous thing to do, or consider modifying their certificate matching in Mail and Safari, etc., to support these subdomain issues.

SSL issues hopefully simple

Similar Messages

Maybe you are looking for