Auto Restart for SSL-enabled Servers
Hi all,
I was just wondering if there is a way to automate the restart of servers that are running SSL without putting the password in plain text in the start script? We're running SUNOne Web Server 6.1 on Linux.
Thanks!
password.conf is to be used precisely for this scenario.....
Having passwords in plain text is not bad as long as the file having the passwords is properly protected by file system permissions.
Check out http://docs.sun.com/source/819-0130/agcert.html
Similar Messages
-
Can port 25 be used for SSL-enable SMTP server ?
Hi,
Our customer is using port 25 for a SSL-enabled SMTP server without certificate. When our email client tried to connect to it, the following exception thrown:
DEBUG SMTP: exception reading response: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
Since we don't want to ask our customer to change their port configuration unless absolutely necessary, we did some tests with our own SSL-enabled SMTP server that uses certificate. Here is what I got:
1) with port 25, got the same exception as above;
2) with port 465, worked fine;
3) with any other randomly pick up valid port, worked fine.
This made me wonder if 25 is for non SSL SMTP server ONLY. By the way, I'm using Javamail 1.3.4 and JSDK 1.4.2_02. My question is whether we can configure javamail so that port 25 can be used by SSL-enabled SMTP server?
Your help will be appreciated.Yes, port 25 is intended for non-SSL servers only, although that doesn't
prevent a client from making a plain text connection and then using the
STARTTLS command to switch the connection to SSL/TLS. JavaMail 1.4
supports that usage.
You can configure JavaMail to use port 25 for SSL connections if you
really want to. JavaMail 1.3.x requires you configure an appropriate
socket factory to get SSL connections; you can configure whatever port
you want for use with that socket factory. -
Auto Restart in IBM MCS Servers.
Hi,
we are using the below servers in implementing the Cisco Contact Center.
how can we check whether these servers supports auto restart in temporary power failure. For instance, the servers should be able to automatically restart following a power failure.
MCS-7845-I3-CCE1
MCS-7825-I4-CCX1
MCS7825I4-K9-CMC2
MCS7825I4-K9-UCB1
Also, do we need any separate software to support this feature.
Regards,
NS...Hi, NS.
I'm sorry to see you were not able to find the information or assistance you were looking for here in the Contact Center community forum.
May I suggest that you re-post your question on the IP Telephony forum? General MCS hardware questions are often posted and answered there.
Thank you, and good luck.
-Paulo -
How to set value for Next Auto Restart for components
Hi All
When I checked my SPS13 portal in component monitoring area, I found that one of file server repository etc is not running. To get rid of the problem, we had to restart the portal.
On the same page there is a column for Next Auto Restart which was empty. Any idea where do we set it so that we do not have to restart entire portal for such kind of error.
Any help will be appreciated.
Regards
Prabhakar LalQuoting a mail by Akhilesh:
"Until EP6 SP2 you could have done this via
System Administration -> System Configuration -> Monitoring Configuration,
but this iView was deleted in SP3 and now this configuration needs to be done using the VA
In the VA navigate to Server -> Services -> Monitoring
In the Monitor Tree navigate to Root -> Applications -> KMC - > Repository Framework -> Components -> Repository Manager
You can set the "next auto restart" parameter for managers individually."
Regards, Karsten -
Import Endeca View Graph Error Out ( for SSL enable Endeca Server)
Hi All
I have almost 6+ views in my data domain , and I am trying to Import the View definition ( as we need to Reset the data domain) , But my Import view graphs Error out with below Error
ERROR [WatchDog_0] - Component [Prepare View Stream:PREPARE_VIEW_STREAM] finished with status ERROR.
Message: Transform failed!
Interpreter runtime exception in function substring on line 7 column 19
String index out of range: -1
ERROR [WatchDog_0] - Error details:
org.jetel.exception.JetelRuntimeException: Component [Prepare View Stream:PREPARE_VIEW_STREAM] finished with status ERROR
Any help to resolve this error will be great
thanks
SrHi Patrick
Thanks for update . You are right , this issue is related to Index of arry rather than SSL . Now I have another issue and in case you have any solution do share .
As workaround , I just replace
validatedSemanticEntity with semanticEntity
and listEntitiesResponse with putEntities ,in the file generated by my Export view Graph .
I have created another New graph with 2 compoenets
1.Read File - that will read my modified file
2. Web Service Client - input to this Web Service Client is Read file compoment (#1) and in this Web Service Client I am calling {http://www.endeca.com/endeca-server/sconfig/3}SConfig#SConfigPort#putEntities.
On execution graph is not throwing any Error , but I still not able to see my views. Expectation are , one execution this graph will created custom views .
Do I need to Reboot the Endeca Server ?.
whole idea is to Import view definition and Export those into another domain .
Regards
Sr -
Non-ACC client for WSIT enabled services
Hallo All,
Can anyone tell me how I could develop a non-ACC java client for SSL enabled web service/Reliable Messaging enabled web services.
As of now, I am able to access these services with clients deployed in ACC containers of Glassfish V2UR1.
I read some thing about glassfish connectors, but did not get a clear picture. I don't believe that Glassfish doesn't have support for non-ACC clients.
Thanks a lot in advance.Hallo All,
Can anyone tell me how I could develop a non-ACC java client for SSL enabled web service/Reliable Messaging enabled web services.
As of now, I am able to access these services with clients deployed in ACC containers of Glassfish V2UR1.
I read some thing about glassfish connectors, but did not get a clear picture. I don't believe that Glassfish doesn't have support for non-ACC clients.
Thanks a lot in advance. -
How do i restart slapd with SSL enabled?
I am running 5.2 with patch 3 for solaris 8. I want to restart slapd using the restart-slapd command. However the problem is, with SSL enabled, I need to manually intervene and enter in the token password. Is there any way to get around this?
This wouldnt be an issue if i didnt have to automate the slapd restarts.
Thanks.
-SowserIf you haven't already, create a file as <serverRoot>/alias/slapd-<instance>-pin.txt and add the following to it
Internal (Software) Token:yourcertdbpasswd
Once done you will be able to avoid any manual intervention. This procedure is documented in the Admin guide -
How to Enable Auto-Complete for All users on Terminal Server
Hello,
I have 4 Microsoft 2003 Terminal Servers, and I want to enable Auto-Complete for all users, and I am unable to find a way to do this. I have tried creating a custom install of Adobe Reader, and installing that, but it isn't working. Ideas anyone?
Thanks in advanced
DougAcrobat is not permitted to run as a server process.
Licenses are assigned to individual users, each of whom must have their own serialized copy. -
ASA 5505
ASA Version 9.0.(2)
Suddently on the webvpn Interface when i click on my web bookmarks (and java launches in browser) i get this fail in Chrome and FF 'It has take a while for SSL VPN Relay til load. You need to verify Java is enabled in your browser' and nothing happens...
Java IS enabled and running. Tried this in both 7.45 and 7.51
No problem in IE 11 and java 7.45 and 7.51
I've googled alot but have not been able to find any suggetions
Hope you have a solution
Best Regards.Any resolution on this? Firefox/Chrome my cifs work but smart tunnel RDP doesn't, and in IE my shares don't work but RDP smart tunnel does....
Cisco, if you're not going to do something good, just don't do it. The SSL VPN is a hack job. -
To support certficate based client authentication using 2-way SSL from a standalone java application which uses JNDI and JSSE1.0.2 to connect to an SSL enabled LDAP Server how do we configure the certmap.conf?Is there any additional setup required at the LDAP Server side apart from enablinf SSL with the option"Required Client Authentication" enabled.The 2 way SSL handshake goes through but the access log file (After configuring the certmap.conf for the issuer DN of the client certficate etc..)shows SSL failed to LDAP DN?But inspite of this access log error the Java client does get an SSL Connection object with which it is able to connect to the LDAP.IS the certmap.conf file being looked up by the LDAP Server at all?
have you out.flush() and out.close() before you call connection.getInputStream()?
-
My auto install for Premiere Elements failed and told me i needed to do a restart and try installing again. Having restarted my laptop, how do I install the software? There are two .exe files in the folder - oem and start-up. Which should i run?
thanksfor windows you should have an exe and a 7z file. put both in the same directory and double click the exe.
Downloadable installation files available:
Suites and Programs: CC 2014 | CC | CS6 | CS5.5 | CS5 | CS4, CS4 Web Standard | CS3
Acrobat: XI, X | 9,8 | 9 standard
Premiere Elements: 13 | 12 | 11, 10 | 9, 8, 7 win | 8 mac | 7 mac
Photoshop Elements: 13 |12 | 11, 10 | 9,8,7 win | 8 mac | 7 mac
Lightroom: 5.7.1| 5 | 4 | 3
Captivate: 8 | 7 | 6 | 5.5, 5
Contribute: CS5 | CS4, CS3
Download and installation help for Adobe links
Download and installation help for Prodesigntools links are listed on most linked pages. They are critical; especially steps 1, 2 and 3. If you click a link that does not have those steps listed, open a second window using the Lightroom 3 link to see those 'Important Instructions'. -
Facing issue when LDAPSync is enabled for OIM-AD integration with SSL enabled
Hi
We are performing LDAPSync for OIM AD real time sync.We have done all configuration as per oracle documentation on LDAPSync for OIM 11gR2 : http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/oid_oim.htm The OIM environment we tested is the latest OIM version OIM 11gR2 PS1 (11.1.2.1.0).
WE have performed LDAPSync enablement on postinstallation of OIM .So we dont have OVD , we have configured libOVD as mentioned in this doc.
We have performed following steps mentioned in this document in our OIM environment.
3.1 Enabling Post installation LDAP Synchronization
3.3 Creating Identity Virtualization Library (libOVD) Adapters and Integrating With Oracle Identity Manager
As attribute like password might be not getting updated in AD from OIM , we have configured SSL enabled integration in LDAP sync as mentioned in above document.
We implemented this step 3.4.1 Enabling SSL Between Identity Virtualization Library (libOVD) and Microsoft Active Directory,
but here it is not properly mentioned that about how to import public key certificate of AD into OIM envirioment for SSL.
We are getting following error message in logs : Looking at logs it looks like the import of AD SSL certificate did not happen properly in OIM environment. But ,we have imported it using keytool and OVD keystore ...please let us know if we are missing any configuration in this process.Above oracle document is not pretty clear on this.
<Dec 7, 2013 12:22:53 AM IST> <Warning> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.BackendJNDI> <OVD-40118> <Could not automatically detect binary attribute list: simple bind failed: 10.88.164.231:636.>
<Dec 7, 2013 12:22:53 AM IST> <Warning> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.JNDIConnectionPool> <OVD-60024> <Connection error: simple bind failed: 10.88.164.231:636.>
<Dec 7, 2013 12:22:53 AM IST> <Error> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.BackendJNDI> <OVD-60143> <[#LDAP2] Unable to create connection to ldap://[10.88.164.231]:636 as null.
javax.naming.CommunicationException: simple bind failed: 10.88.164.231:636 [Root exception is javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.createCtx(JNDIConnectionPool.java:463)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.create(JNDIConnectionPool.java:494)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.<init>(JNDIConnectionPool.java:156)
at oracle.ods.virtualization.engine.backend.jndi.RemoteServer.getJNDIConnectionPool(RemoteServer.java:163)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:984)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:927)
at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.getHolder(ConnectionHandle.java:415)
at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.search(ConnectionHandle.java:250)
at oracle.ods.virtualization.engine.backend.jndi.JNDIEntrySet.initialize(JNDIEntrySet.java:219)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.get(BackendJNDI.java:728)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:303)
at oracle.ods.virtualization.engine.chain.BasePlugin.get(BasePlugin.java:89)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
at oracle.ods.virtualization.engine.chain.BasePlugin.get(BasePlugin.java:89)
at oracle.ods.virtualization.engine.chain.plugins.usermanagement.UserManagement.get(UserManagement.java:742)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
at oracle.ods.virtualization.engine.chain.PluginChain.runGet(PluginChain.java:211)
at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:351)
at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:316)
...more
Caused By: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1731)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1692)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1675)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1601)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:94)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:414)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:387)
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.createCtx(JNDIConnectionPool.java:463)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.create(JNDIConnectionPool.java:494)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.<init>(JNDIConnectionPool.java:156)
at oracle.ods.virtualization.engine.backend.jndi.RemoteServer.getJNDIConnectionPool(RemoteServer.java:163)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:984)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:927)
...more
Caused By: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:57)
at sun.security.validator.Validator.getInstance(Validator.java:161)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:108)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:204)
at oracle.ods.virtualization.engine.util.OVDTrustManager.checkServerTrusted(OVDTrustManager.java:99)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1198)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:89)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
Let us know for any helpful pointers on this
Thanks in advance,
RPB25Use the steps given below to perform import public key certificate of AD into OIM envirioment for SSL
Obtain the AD Certificates from the AD Administrator.
Copy the AD Certificates to the directory /jrockit-jdk1.6.0_20/jre/lib/security
Run the following command to import all the certificates
/jrockit-jdk1.6.0_20/bin/keytool -import -alias <provide_alias> -file <file-name> -keystorecacerts -storepasschangeit
4. The CA certificates are now present in the trust store. -
SSL Enabling Shared Services and Active Directory
The SSL config guidfe suggests that a valid certificate (CA) must be issue for User directories (MSAD/LDAP), Web and application servers. Is it essential to obtain a CA for for MSAD as well? Can we do without MSAD cert? We have the certs for our Web and App layers ready. We are not sure if the IT department has SSL configured MSAD. If MSAD/LDAP is not SSL configured - can we still go about SSL-Enabling Hyperion? Thanks.
-- SriniIf your MSAD is set for SSL, you can import their certificates through your Java Application Server. Since you are unsure, I would set up MSAD and if you are able to browse for users on the AD domain in Shared Services, you are good to go.
I must say that SSL is a big pain from my point of view. Unless you are required to encrypt because of the data you have stored, I would pass it up. The certificates often expire on a yearly basis and there are many different certificates to keep track of. Multiply that by Development, Prod, BCP or Recovery server, and you're looking at lots of maintenance.
The big pain comes when the signer certificate for your server expires because after the next reboot or restart of your JVMs, Shared Services starts up but none of the other applications can talk to it which means your whole application is down until you get that certificate fixed. My organization is fairly strict on their controls, so that means that I either make a federal case out of my system being down or I get to wait three days for a change request. Big pain in the rear. -
Auto restart node manager connection
Hi,
when we try to restart all server with auto restart scripts way.following error come:-
[oracle@acldlu01oam bin]$ cd /home/oracle/scripts/AutoRestart/
[oracle@acldlu01oam AutoRestart]$ ls
AdminServer.py config ServerStatus.py startManualNode.sh startupOAM.sh
bin security ServerStop.py startScripts.sh
[oracle@acldlu01oam AutoRestart]$ ./startScripts.sh status
CLASSPATH=/u01/oracle/Middleware/patch_wls1036/profiles/default/sys_manifest_cla sspath/weblogic_patch.jar:/u01/oracle/Middleware/patch_ocp371/profiles/default/s ys_manifest_classpath/weblogic_patch.jar:/u01/oracle/jdk1.7.0_67/lib/tools.jar:/ u01/oracle/Middleware/wlserver_10.3/server/lib/weblogic_sp.jar:/u01/oracle/Middl eware/wlserver_10.3/server/lib/weblogic.jar:/u01/oracle/Middleware/modules/featu res/weblogic.server.modules_10.3.6.0.jar:/u01/oracle/Middleware/wlserver_10.3/se rver/lib/webservices.jar:/u01/oracle/Middleware/modules/org.apache.ant_1.7.1/lib /ant-all.jar:/u01/oracle/Middleware/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ ant-contrib.jar::/u01/oracle/Middleware/utils/config/10.3/config-launch.jar::/u0 1/oracle/Middleware/wlserver_10.3/common/derby/lib/derbynet.jar:/u01/oracle/Midd leware/wlserver_10.3/common/derby/lib/derbyclient.jar:/u01/oracle/Middleware/wls erver_10.3/common/derby/lib/derbytools.jar::
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Connecting to Node Manager ...
<Feb 24, 2015 11:16:12 PM CST> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable thi s check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
<Feb 24, 2015 11:16:12 PM CST> <Info> <Security> <BEA-090906> <Changing the defa ult Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disabl e this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
<Feb 24, 2015 11:16:12 PM CST> <Notice> <Security> <BEA-090898> <Ignoring the tr usted CA certificate "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 E ntrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Ent rust\, Inc.,C=US". The loading of the trusted certificate list raised a certific ate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1 .2.840.113549.1.1.11.>
<Feb 24, 2015 11:16:12 PM CST> <Notice> <Security> <BEA-090898> <Ignoring the tr usted CA certificate "CN=thawte Primary Root CA - G3,OU=(c) 2008 thawte\, Inc. - For authorized use only,OU=Certification Services Division,O=thawte\, Inc.,C=US ". The loading of the trusted certificate list raised a certificate parsing exce ption PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1. 1.11.>
<Feb 24, 2015 11:16:12 PM CST> <Notice> <Security> <BEA-090898> <Ignoring the tr usted CA certificate "CN=thawte Primary Root CA - G2,OU=(c) 2007 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US". The loading of the trusted certi ficate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.10045.4.3.3.>
<Feb 24, 2015 11:16:12 PM CST> <Notice> <Security> <BEA-090898> <Ignoring the tr usted CA certificate "CN=Buypass Class 3 Root CA,O=Buypass AS-983163327,C=NO". T he loading of the trusted certificate list raised a certificate parsing exceptio n PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11 .>
<Feb 24, 2015 11:16:12 PM CST> <Notice> <Security> <BEA-090898> <Ignoring the tr usted CA certificate "CN=Buypass Class 2 Root CA,O=Buypass AS-983163327,C=NO". T he loading of the trusted certificate list raised a certificate parsing exceptio n PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11 .>
<Feb 24, 2015 11:16:12 PM CST> <Notice> <Security> <BEA-090898> <Ignoring the tr usted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certifica te list raised a certificate parsing exception PKIX: Unsupported OID in the Algo rithmIdentifier object: 1.2.840.113549.1.1.11.>
<Feb 24, 2015 11:16:12 PM CST> <Notice> <Security> <BEA-090898> <Ignoring the tr usted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certifica te list raised a certificate parsing exception PKIX: Unsupported OID in the Algo rithmIdentifier object: 1.2.840.113549.1.1.11.>
<Feb 24, 2015 11:16:12 PM CST> <Notice> <Security> <BEA-090898> <Ignoring the tr usted CA certificate "CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU=(c) 2007 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Ne twork,O=VeriSign\, Inc.,C=US". The loading of the trusted certificate list raise d a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifi er object: 1.2.840.10045.4.3.3.>
<Feb 24, 2015 11:16:12 PM CST> <Notice> <Security> <BEA-090898> <Ignoring the tr usted CA certificate "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3". Th e loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11. >
<Feb 24, 2015 11:16:12 PM CST> <Notice> <Security> <BEA-090898> <Ignoring the tr usted CA certificate "OU=Security Communication RootCA2,O=SECOM Trust Systems CO .\,LTD.,C=JP". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.8 40.113549.1.1.11.>
<Feb 24, 2015 11:16:12 PM CST> <Notice> <Security> <BEA-090898> <Ignoring the tr usted CA certificate "CN=AffirmTrust Commercial,O=AffirmTrust,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Un supported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Feb 24, 2015 11:16:12 PM CST> <Notice> <Security> <BEA-090898> <Ignoring the tr usted CA certificate "CN=VeriSign Universal Root Certification Authority,OU=(c) 2008 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriS ign\, Inc.,C=US". The loading of the trusted certificate list raised a certifica te parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1. 2.840.113549.1.1.11.>
<Feb 24, 2015 11:16:12 PM CST> <Notice> <Security> <BEA-090898> <Ignoring the tr usted CA certificate "CN=AffirmTrust Premium ECC,O=AffirmTrust,C=US". The loadin g of the trusted certificate list raised a certificate parsing exception PKIX: U nsupported OID in the AlgorithmIdentifier object: 1.2.840.10045.4.3.3.>
<Feb 24, 2015 11:16:12 PM CST> <Notice> <Security> <BEA-090898> <Ignoring the tr usted CA certificate "CN=KEYNECTIS ROOT CA,OU=ROOT,O=KEYNECTIS,C=FR". The loadin g of the trusted certificate list raised a certificate parsing exception PKIX: U nsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Feb 24, 2015 11:16:12 PM CST> <Notice> <Security> <BEA-090898> <Ignoring the tr usted CA certificate "CN=GeoTrust Primary Certification Authority - G3,OU=(c) 20 08 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsup ported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Feb 24, 2015 11:16:12 PM CST> <Notice> <Security> <BEA-090898> <Ignoring the tr usted CA certificate "CN=GeoTrust Primary Certification Authority - G2,OU=(c) 20 07 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsup ported OID in the AlgorithmIdentifier object: 1.2.840.10045.4.3.3.>
<Feb 24, 2015 11:16:12 PM CST> <Notice> <Security> <BEA-090898> <Ignoring the tr usted CA certificate "CN=AffirmTrust Premium,O=AffirmTrust,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsup ported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.12.>
This Exception occurred at Tue Feb 24 23:16:12 CST 2015.
weblogic.nodemanager.NMConnectException: Connection refused. Could not connect t o NodeManager. Check that it is running at localhost:5556.
Problem invoking WLST - Traceback (innermost last):
File "/home/oracle/scripts/AutoRestart/ServerStatus.py", line 1, in ?
File "<iostream>", line 123, in nmConnect
File "<iostream>", line 648, in raiseWLSTException
WLSTException: Error occured while performing nmConnect : Cannot connect to Node Manager. : Connection refused. Could not connect to NodeManager. Check that it is running at localhost:5556.
Use dumpStack() to view the full stacktrace
could you please help.
Thanks,
HireshHi Radu,
I write python scripts for getting server status and scripys is:
nmConnect(username='weblogic',password='welcome1',domainName='oam_domain')
#,host='acldlu01oam.corp.vha.com')
#nmConnect('weblogic','welcome1','acldlu01oam.corp.vha.com','5556','oam_domain','/u01/oracle/Middleware/user_projects/domains/oam_domain','ssl')
print "NodeManager connected.."
print " Admin Server is : "
nmServerStatus(serverName='AdminServer')
print " OAM Server is : "
nmServerStatus('oam_server1')
print "End of script"
but output we get:-
[oracle@acldlu01oam AutoRestart]$ ./startScripts.sh status
CLASSPATH=/u01/oracle/Middleware/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/u01/oracle/Middleware/patch_ocp371/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/u01/oracle/jdk1.7.0_67/lib/tools.jar:/u01/oracle/Middleware/wlserver_10.3/server/lib/weblogic_sp.jar:/u01/oracle/Middleware/wlserver_10.3/server/lib/weblogic.jar:/u01/oracle/Middleware/modules/features/weblogic.server.modules_10.3.6.0.jar:/u01/oracle/Middleware/wlserver_10.3/server/lib/webservices.jar:/u01/oracle/Middleware/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/u01/oracle/Middleware/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar::/u01/oracle/Middleware/utils/config/10.3/config-launch.jar::/u01/oracle/Middleware/wlserver_10.3/common/derby/lib/derbynet.jar:/u01/oracle/Middleware/wlserver_10.3/common/derby/lib/derbyclient.jar:/u01/oracle/Middleware/wlserver_10.3/common/derby/lib/derbytools.jar::
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Connecting to Node Manager ...
<Feb 25, 2015 4:37:57 AM CST> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
<Feb 25, 2015 4:37:57 AM CST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
<Feb 25, 2015 4:37:57 AM CST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Feb 25, 2015 4:37:57 AM CST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=thawte Primary Root CA - G3,OU=(c) 2008 thawte\, Inc. - For authorized use only,OU=Certification Services Division,O=thawte\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Feb 25, 2015 4:37:57 AM CST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=thawte Primary Root CA - G2,OU=(c) 2007 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.10045.4.3.3.>
<Feb 25, 2015 4:37:57 AM CST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=Buypass Class 3 Root CA,O=Buypass AS-983163327,C=NO". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Feb 25, 2015 4:37:57 AM CST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=Buypass Class 2 Root CA,O=Buypass AS-983163327,C=NO". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Feb 25, 2015 4:37:57 AM CST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Feb 25, 2015 4:37:57 AM CST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Feb 25, 2015 4:37:57 AM CST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU=(c) 2007 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.10045.4.3.3.>
<Feb 25, 2015 4:37:57 AM CST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Feb 25, 2015 4:37:57 AM CST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Feb 25, 2015 4:37:57 AM CST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=AffirmTrust Commercial,O=AffirmTrust,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Feb 25, 2015 4:37:57 AM CST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=VeriSign Universal Root Certification Authority,OU=(c) 2008 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Feb 25, 2015 4:37:57 AM CST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=AffirmTrust Premium ECC,O=AffirmTrust,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.10045.4.3.3.>
<Feb 25, 2015 4:37:57 AM CST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=KEYNECTIS ROOT CA,OU=ROOT,O=KEYNECTIS,C=FR". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Feb 25, 2015 4:37:57 AM CST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Feb 25, 2015 4:37:57 AM CST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.10045.4.3.3.>
<Feb 25, 2015 4:37:57 AM CST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=AffirmTrust Premium,O=AffirmTrust,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.12.>
This Exception occurred at Wed Feb 25 04:37:57 CST 2015.
weblogic.nodemanager.NMConnectException: Connection refused. Could not connect to NodeManager. Check that it is running at localhost:5556.
Problem invoking WLST - Traceback (innermost last):
File "/home/oracle/scripts/AutoRestart/ServerStatus.py", line 1, in ?
File "<iostream>", line 123, in nmConnect
File "<iostream>", line 648, in raiseWLSTException
WLSTException: Error occured while performing nmConnect : Cannot connect to Node Manager. : Connection refused. Could not connect to NodeManager. Check that it is running at localhost:5556.
Use dumpStack() to view the full stacktrace
Thanks,
Hiresh -
BPM Application requires auto claim for worklist instances
Hi All
Our BPM application (SOA 11g), requires that the BPM instances in the worklist be auto claim enabled for each instance. The reason for this is that each instance is an ADF form that has 2 very distinct outcomes. Having set the human task(based on which the ADF forms are built) in the BPM workflow, to auto-claim enabled, I still notice that the instances are not claimed when open. The forms can be open by multiple users concurrently which is not an acceptable solution by the client from a security point of view. We need to enable auto claim as part of our BPM administration for each instance.
Is there a way within the BPM Administration that this can be done?
Any suggestions programatically or via the tool?
Many Thanks
PreethiHi,
Are you using your own certificates for SSL? If yes,you must remove references to the demo certificates by removing the following line from the setDomainEnv file for your version of the operating system.
-Djavax.net.ssl.trustStore=${WL_HOME}/server/lib/DemoTrust.jks
Also check that the path for truststore are properly set in setDomainEnv.sh/Cmd file.
Maybe you are looking for
-
Sign tools disabled after applying extended features to document.
I have a form that I need to be able to save date typed into the fillable fields and I also need to sign this document. I need to sign the document using the sign tools panel, so that I can apply a ink signature and use the Signed. Proceed to Send f
-
Hi, In our SLD under Business Systems definitions all of our "Related integrated Server " fields have no values (No Intgration Server is defined"). I am trying to understand where I am missing an entry in SLD for the integration servers. Thanks
-
Error during Config of Essbase 11.1.2.2 in Aix
Hi All, R1/common/jlib/11.1.2.0/epm_j2se.jar referenced from /global/site/vendor/arbor/Oracle/Middleware/EPMSystem11R1/common/config/11.1.2.0/configtool.jar ERROR: /global/site/vendor/arbor/Oracle/Middleware/modules/org.apache.ant_1.7.1/lib/ant
-
Bdoc Structure X Idoc structure
Hi All, We are trying to map the Order data in CRM to an IDoc structure. The Bdoc BUS_TRANS_MSG has the related Data Type BAD_BUS_TRANSN_MESSAGE. In this Data type there is a component SHIPPING where there is a field TRANS_MOT wherein the MOde of Tra
-
Arch 64bit and 32bit games under wine
Hi there, I am using an x86_64bit version of arch linux and have tried to use Civilization IV and Warcraft III with wine. But i have no usable Framerates. I have tried a lot of issues from Google Searches and from this forum but i cannot handle this