BOE ssl configuration
Hello,
I'm working on migrating our BOE XI R2 to BOE 3.1 SP2 on a new server (windows).
Before we were using iis and ssl setting was easy. Now on tomcat I'm having problems.
I'm not creating a new certificate I want to use a special one created for our domain from a 3rd party cert authority.
I don't know much about certificates.
so I have domain.cer domain.der domain.key domain.pem domain.pfx password.txt trustedcer.crt (root ceritiificate) files in d:\ssl folder.
From CCM I check the "enable the ssl"
and I try to fill below
SSL certificates folder=d:\ssl
server ssl certificate file=domain.cer
SSL trusted certificates file=trustedcer.crt
SSL private key file=domain.key
SSL private key passphrase file=password.txt
in tomcat configuration I use the same pattern.
Do I have to convert cer files to der.
Why this combination is not working how can I set the ssl.
Thank you
If yoour users are using the browser and no thick clients then it is all about configuring Tomcat for SSL. You can find plenty information about this in Internet or here https://css.wdf.sap.corp/sap/support/notes/1299147.
Regards,
Stratos
Similar Messages
-
Need some hel in SSL Configuration in R12
Hi All,
I am facing challenges in configuring SSL in R12. I am not able to get bigger picture of the SSL Configuration. If any body does this before please share you knowledge
Thanks in Advance.
ReddyHi Hussein
The below are the steps I am trying to implement.
Section 3 : Middle Tier Setup
The default location for the wallet in Release 12 is $INST_TOP/certs/Apache. This directory contains a wallet with demo certificates. If you wish to use these certificates for testing start with Step 8 below to configure SSL
Decided to test the application with demo certificates.
Step 8: Update the Context File.
Updated the context file as per the recommendations.
Step 9 - Run Autoconfig
Finished
Section 4: Database Tier Setup
Here I got confused. Whether to proceed or not ?
Thanks
Reddy -
PI 7.31 Dual Stack SSL configuration
HI Gurus,
I have a quick query, I am configuring SSL on my PI 7.31 systems.
I have checked all the standard guides and forums but I have one doubt.
Q1 - Is it necessary to configure SSL both in ABAP and JAVA side ?
Q2 - If I just configure SSL in STRUSTSSO2 in ABAP , will it be more than enough ?
Q3 - In what cases do we need to configure SSL in JAVA side ? And does configuring SSL in JAVA mandatory require sapcryptolib files ?
Please share your views.
Cheers, SGI want to understand is it necessary to configure SSL in both ABAP and JAVA in case of dual stack PI ?
>>> Please refer to Huseyin's comments in the below thread..
PI 7.3 Dual Stack SSL configuration
In what cases do we use JAVA SSL in Dual stack system ?
>>> AFAIK - when you use http_aae adapter/soap with https then you should configure the SSL on java stack. -
Syclo Work Manager 6.1 SSL Configurations
Hello Experts,
We have an "Communicaiton Error 14" on Device and ATE. I have worked on WM 5.2 and 6.0 and aware of the SSL configurations. I have Generated a Self Signed Certificate and a PFX file using OpenSSL. Now, with SMP 3.0 SP03 we are not able to find how to configure the Agentry.ini and where to copy the .sst file.
Can someone help us understand on how to make this work??? Is there a workaround for HTTP communication without SSL and any document on this which can help.
Is SSL/pfx mandatory to have in 6.1 while testing with ATE?
Regards,
SarikaHi Stephen,
Yes, I have to change the FDQN name to IP to work with Management console, only I will get logon screen. Similarly I have tried to do the same in ATE & WPF client.
in Management Console, while have FDQN in URL,
https://jilan.wirelessap:8083/Admin/
the error is below. But when I change to IP it works.
This page can't be displayed
Make sure the web address https://jilan.wirelessap:8083 is correct.
Look for the page with your search engine.
Refresh the page in a few minutes.
Make sure TLS and SSL protocols are enabled. Go to Tools > Internet Options > Advanced > Settings > Security
Similarly, in WPF/ATE, if FDQN is in URL, I get the Communication Error(14).
Requesting Public Key from Server
Communications error (14)
Connection failed
Ending transmission
Is any mapping needed in my laptop between FDQN to IP address?
Thanks,
Jilan -
Changing SSL configuration on MedRec
Hi,
We are developing a custom Auditing Provider for WLS. Our provider needs to communicate via https to a remote system, and thus we need to configure SSL in order to use the correct client certificate and trust the remote server's.
We are using the sample MedRec application bundled with WLS for testing purposes, but no matter what, we do not seem to be able to change the SSL configuration. We went to Home -> Servers -> MedRecServer(Admin) -> Configuration in the console, and then
* Keystores
* Custom Identity and Custom Trust + configure all the keystores pointing to our jks files
* SSL: point to our alias
But, when restarting the server, we see the following:
<Mar 6, 2007 11:45:21 AM CET> <Notice> <Security> <BEA-090169> <Loading trusted
certificates from the jks keystore file C:\dev\bea\WEBLOG~1\server\lib\DemoTrust
.jks.>Which seems to indicate that somehow MedRecServer is not acknowledging our configuration changes.
Our WL_HOME\samples\domains\medrec\config\config.xml looks like this:
<?xml version='1.0' encoding='UTF-8'?>
<domain xmlns="http://www.bea.com/ns/weblogic/920/domain" xmlns:sec="http://www.bea.com/ns/weblogic/90/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wls="http://www.bea.com/ns/weblogic/90/security/wls" xsi:schemaLocation="http://www.bea.com/ns/weblogic/90/security/extension http://www.bea.com/ns/weblogic/90/security.xsd http://www.bea.com/ns/weblogic/90/security/xacml http://www.bea.com/ns/weblogic/90/security/xacml.xsd http://www.bea.com/ns/weblogic/90/security http://www.bea.com/ns/weblogic/90/security.xsd http://www.bea.com/ns/weblogic/920/domain http://www.bea.com/ns/weblogic/920/domain.xsd http://www.bea.com/ns/weblogic/90/security/wls http://www.bea.com/ns/weblogic/90/security/wls.xsd">
<name>medrec</name>
<domain-version>9.2.0.0</domain-version>
<security-configuration>
<name>medrec</name>
<realm>
<sec:auditor xmlns:ext="http://www.bea.com/ns/weblogic/90/security/extension" xsi:type="ext:secure-auditorType">
<sec:name>Foo</sec:name>
<ext:identifier>Test</ext:identifier>
<ext:bea-audit-log-service-uri>hessian:https://it-sdm-nb:8443/ksuite/remoting/BEAAuditLogService-hessian</ext:bea-audit-log-service-uri>
</sec:auditor>
<sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>{3DES}I/3L8IhJVe+jq1vzXAXHODsFazm8NGROsfPVAaunGasgxJ6u41gpHbMAqA4pZSr2u1CWgoxiHR6z895y9Or+CDwkCmqAxJBq</credential-encrypted>
<node-manager-username>weblogic</node-manager-username>
<node-manager-password-encrypted>{3DES}HMxdWFl3juTr6BufJFg6WQ==</node-manager-password-encrypted>
</security-configuration>
<server>
<name>MedRecServer</name>
<ssl>
<name>MedRecServer</name>
<enabled>true</enabled>
<listen-port>7012</listen-port>
<server-private-key-alias>auditor</server-private-key-alias>
<server-private-key-pass-phrase-encrypted>{3DES}tPlZGhoSkfnu0h93w1MeKw==</server-private-key-pass-phrase-encrypted>
</ssl>
<listen-port>7011</listen-port>
<listen-address></listen-address>
<key-stores>CustomIdentityAndCustomTrust</key-stores>
<custom-identity-key-store-file-name>C:\dev\bea\weblogic92\server\lib\tomcat.keystore</custom-identity-key-store-file-name>
<custom-identity-key-store-type>jks</custom-identity-key-store-type>
<custom-identity-key-store-pass-phrase-encrypted>{3DES}tPlZGhoSkfnu0h93w1MeKw==</custom-identity-key-store-pass-phrase-encrypted>
<custom-trust-key-store-file-name>C:\dev\bea\weblogic92\server\lib\tomcat.keystore</custom-trust-key-store-file-name>
<custom-trust-key-store-type>jks</custom-trust-key-store-type>
<custom-trust-key-store-pass-phrase-encrypted>{3DES}tPlZGhoSkfnu0h93w1MeKw==</custom-trust-key-store-pass-phrase-encrypted>
</server>
<embedded-ldap>
<name>medrec</name>
<credential-encrypted>{3DES}W+XDJAixeMZcbdmRm/jIF8u8ZMzBMLyGQpcjb1lWzlM=</credential-encrypted>
</embedded-ldap>
<configuration-version>9.2.0.0</configuration-version>
<admin-server-name>MedRecServer</admin-server-name>
</domain>You can see our Auditor provider configuration and the custom identity and trust sections, which look right.
I'm wondering if somehow the demo application is special in any way, or if we are missing some step to change the identity and trust configuration. Any ideas? Any further investigation clues?
Kind regards,
AlexOK, we have been reading this:
http://e-docs.bea.com/wls/docs81/security/SSL_client.html
, so I think I need to make a few clarifications.
Our Auditing Provider communicates remotely with another system using remoting libraries (in this case, the Hessian library), which open SSL connections in the "usual JDK manner". In fact, when handshaking, we see a failure that has a stack trace like the following:
<Mar 6, 2007 3:59:36 PM CET> <Debug> <SecuritySSL> <000000> <Exception during ha
ndshake, stack trace follows
java.net.SocketException: socket write error: Connection aborted by peer
at jrockit.net.SocketNativeIO.socketWrite(Ljava.io.FileDescriptor;[BII)V
(Unknown Source)
at java.net.SocketOutputStream.socketWrite0(Ljava.io.FileDescriptor;[BII
)V(SocketOutputStream.java:???)
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92)
at java.net.SocketOutputStream.write(SocketOutputStream.java:136)
at com.certicom.io.OutputSSLIOStream.write([BII)I(Unknown Source)
at com.certicom.tls.record.WriteHandler.flushOutput()I(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.flush()V(Unknown S
ource)
at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.hand
le(Lcom.certicom.tls.record.handshake.HandshakeMessage;)V(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Lcom.certicom.tls.record.handshake.HandshakeMessage;)V(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages([BILcom.certicom.tls.interfaceimpl.ProtocolVersion;)V(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent([BIILcom.
certicom.tls.interfaceimpl.ProtocolVersion;)V(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(II[BIILcom.
certicom.tls.interfaceimpl.ProtocolVersion;)V(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord()I(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord()I(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete()V(Unk
nown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake()V
(Unknown Source)
at com.certicom.tls.record.WriteHandler.write([BII)I(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write([BII)V(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.j
ava:142)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.
java:344)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLC
onnection.java:32)
at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection
.java:935)
at com.caucho.hessian.client.HessianProxy.invoke(Ljava.lang.Object;Ljava
.lang.reflect.Method;[Ljava.lang.Object;)Ljava.lang.Object;(HessianProxy.java:??
at $Proxy0.startup(JLjava.lang.String;Ljava.lang.String;)V(Unknown Sourc
e)
at com.kroopier.bea.sap.utils.BeaAuditLogServiceSSLWrapper.startup(BeaAu
ditLogServiceSSLWrapper.java:43)
[/pre]
I guess that the Hessian library opens up a connection, actually using these certicom classes and not the usual https ssl client classes and then I should configure client certificates accordingly in the Certicom thing, but I'm unsure how to do that.
Any ideas?
Alex -
Analyze link generated by Portal not working after SSL Configuration
Hi,
We've installed OracleAS Portal 10.1.4 and Oracle Discoverer Version 10.1.2.48.18 on the same machine. We recently configured SSL on OracleAS Portal for SSO server only. Discoverer was not SSO enabled.
Now after successful SSL configuration we are facing one problem. The Analyze link that is generated by Portal to analyze the worksheet in Single Worksheet Viewer is no longer working. when we click on the analyze link we get the "HTTP 500 Internal Server Error" and a message that Page cannot be displayed.
Please advise...Hi Andrew
It sounds like you need to enable SSO for Discoverer too.
Best wishes
Michael -
Minimal 9iASR2 SSL configuration to encrypt password
I have been asked to research SSL configuration for a client. The environment is 9iAS Release 2 (one Linux infrastructure server and one Linux mid-tier server). The client wants to determine and implement the minimal solution for the following requirement: for a custom JSP login page for Portal (same flavor as explained in the SSO Admin Guide), encrypt the password when a user logs in. They would prefer not to have to alter communication channels between 9iAS components unless it is absolutely necessary. I have found an assortment of how-to documents which explain an assortment of configuration options. Unfortunately, I still do not understand which security goals the configurations meet. Can any 9iAS configuration gurus provide some guidance about meeting this requirement?
Here are some of the reference docs I referred to:
http://portalcenter.oracle.com/pls/ops/docs/FOLDER/COMMUNITY/INTERNALPRODDEVFOLDER/TECHREADINESS/ARCHIINFRA/SECURITY/SETUPSSL/HOW%20TO%20SET%20UP%20SSL%20(9.0.2).HTML
MetaLink note 216126.1
MetaLink note 223120.1One option maybe the following :
- Create a file holding the encrpyted username/password on the application server side (in the working directory of your oracle forms application)
- As a parameter, pass the name of your file to the form
- when the form is getting called, read the name file in (TEXT_IO) and use the logon built-in with the value from the password file
How to create an encrpyted file :
- use the obfuscation toolkit to encrypt username/password@instance into a varchar2
- write this value to a file using oracle forms (TEXT_IO)
FUNCTION f_encrypt_string(p_key IN VARCHAR2)
RETURN VARCHAR2 IS v_encrypt_string VARCHAR2(2000) := 'N/A';
l_data VARCHAR2(2000);
BEGIN
-- if neccessary create a text where the length of the string
-- is diviteable by 8 (which is a requirement of dbms_obfuscation_toolkit)
l_data := RPAD(p_key, (TRUNC(LENGTH(p_key)/8)+1)*8, CHR(0));
DBMS_OBFUSCATION_TOOLKIT.DESEncrypt(input_string => l_data,
key_string => 'MagicKey',
encrypted_string=> v_encrypt_string);
RETURN (v_encrypt_string);
END;
Edited by: user434854 on Apr 8, 2009 5:17 AM -
OIM11gR2 AD Connector SSL Configuration
Hi,
Can anyone provide me the steps to configure SSL between OIM - Connector Server - Active Directory ?
We followed the steps provided in the AD Connector guide, but that does not seem to work. In the connector server logs, we see "SystemNotSupportedException: The certificate should be associated with private key". The steps we did were:
1. Exported root certificate from AD Server
2. Create sslstore on Conector server and updated connectorserver.exe.config file
3. Enabled SSL in Connector Server ITResource.
If you were succesfull configuring SSL, Please provide us the steps for the same.
Thanks,
HrushiHi GP/PK,
Does that mean the trust certificate of AD is used for SSL configuration between OIM and Connector Server ?? I am not sure how this is gonna work. However, I have followed the steps in sections 2.3.2.2 to 2.3.2.4 in the link provided by you, but still I get the error posted earlier.
Could you please list the steps for SSL configuration ???
Also, Could you point me to the document which says Connector Server uses internal SSL to communicate to AD.
Also, In our environment, connector server is installed on seperate machine and not on machine where AD is running.
Thanks,
Hrushi
Edited by: 920194 on Sep 10, 2012 11:57 PM
Edited by: 920194 on Sep 10, 2012 11:59 PM -
SSL configuration on oracle 10g realease 3 web server
what all are the changes should i do
in ssl.conf,httpd.conf,opmn.xml
to enable ssl.
i have clustered one web server and one application server
i have the authorized trusted certificate from CA.SSL configuration on oracle 10g webserver release 3
-
ZCM 11.2 Second Primary - SSL Configuration
Primary Server 11.2.4MU1 on OES 11SP2 - Running ZCM11.2.4MU1 / DSFW / DNS
I am attempting to bring up a Second Primary Server. Maybe I am miss reading the documentation, however Each time I attempt the setup and bring the second primary into the "Existing" zone I give it the DNS / IP of the server, the correct Port - 444 In this case, and user / password. It authenticates fine, asks me to import the CA / MGMT Zone Cert. I click yes. Then I am taken to the SSL Configuration page.
From my reading I believe I should not be taken to this page.... I believe this should only be done if its a new server as the secondary should import and use the primary?
Currently my Plan was to bring up a secondary Primary and look at doing a DB / Content Migration, as I can not upgrade the current 11.2.4MU1 to 11.3 as install on OES is not supported (any longer).
I could be a bit discombobulated....
Thanks
PatrickNever mind.....I forgot about the CSR / Cert generation part of the Zenworks setup...
-
I am using Lion os on a Mac Book Pro. I have installed MySQL and I use the default mac Apache server. I have tried to config SSL in Apache. I have read many posts on the internet and tried many of them and followed their instructions step by step, but the SSL doesn't work on Lion.
Any idea how to config Apache SSL?Hua,
make sure that the entry under the alias is a key entry, not the trusted CA certificate
entry.
Pavel.
"Hua Cao" <[email protected]> wrote:
>
Hi, Wajid,
I have similar problems but it is with 8.1
The bea server says 'no key/identity found in the key store file'. I
checked the
keystore using keytool. The specified alias is there for sure.
If you find a solution, please share it with me ([email protected]).
Thanks.
Hua
"Wajid" <[email protected]> wrote:
While doing ssl configuration in importprivatekey utility iam gettin
following
error
D:\bea\user_projects\mydomain>java utils.ImportPrivateKey d:\bea\users_projects\
mydomain\mykeystore.jks null myalias myphrase myCert.pem upendra-key.pem
Keystore file not found, creating it
java.security.KeyManagementException: ASN.1: Lengths longer than 32bits
are not
supported
at com.certicom.security.cert.internal.x509.SSLPlusSupport.getLocalIdent
ityPartial(Unknown Source)
at com.certicom.net.ssl.CerticomContextWrapper.inputPrivateKey(Unknown
S
ource)
at utils.ImportPrivateKey.importKey(ImportPrivateKey.java:57)
at utils.ImportPrivateKey.main(ImportPrivateKey.java:24)
Please help -
OBIEE 11g SSL Configuration Issue : Unable to import the Server certs
Hello All,
We are trying to configure OBIEE 11.1.1.6.0 with SSL using Windows server 2003 (IIS) and facing some issues with that.
Followed the document : OBIEE11g SSL Setup and Configuration [1326781.1]
http://obieedue.blogspot.sg/2012/08/obiee11g-ssl-setup-and-configuration.html
and also completed generating the required certificate signing request and keystores for SSL communication and sent it to the CA (IT Admin team) to to have the certificate signed by CA. The issue comes when I am trying to import the CA certificate (Root certificate) and Server Certificate into the Java Keystore.
I am importing the Root CA Certificate first which is successfully added to the keystore.
keytool -import -trustcacerts -alias mycacert -file cacert.pem -keystore mykeystore.jks -storepass Welcome1
Trust this certificate? [no]: yes
Certificate was added to keystore.
But when trying to add the Server Certificate to the keystore using the command below :
keytool -import -v -alias testserver -file server.cer -keystore mykeystore.jks -keypass Welcome1 -storepass Welcome1
Certificate reply was installed in keystore
I get the following error:
keytool error: java.lang.Exception: Failed to establish chain from reply
java.lang.Exception: Failed to establish chain from reply
at sun.security.tools.KeyTool.establishCertChain(KeyTool.java:2662)
at sun.security.tools.KeyTool.installReply(KeyTool.java:1870)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:807)
at sun.security.tools.KeyTool.run(KeyTool.java:172)
at sun.security.tools.KeyTool.main(KeyTool.java:166)
Read many forums and tried to convert it to the PKCS#7 format and import the cert to the identity keystore, but was not successful in that either. I have also checked with the IT Admin team and found there is only one RootCA and no other intermediate CA's.
Please advice if any one has similar issues or suggestions.
Thanks in advance,
SVSHi,
One obvious reason would be that you did not specify -trustcacerts, and the root CA is not included in the present server keystore. In that case, using the -trustcacerts option would solve the problem, if the root CA is indeed in the JDK cacerts.
To print out the certificates present in the JDK cacerts, use the following command:
keytool -list -keystore <JAVA_HOME>/jre/lib/security/cacerts -storepass changeit -v
Then check if the root CA that signed your server certificate is present, and has not expired (in which case,you would need to re-import a newer one into cacerts).
Another common reason for that error message is when you have used a proprietary CA to sign your server certificate. Then it would obviously not be in the JDK cacerts. The solution in that case is to import your proprietary root CA into the JDK cacerts, using the following command:
keytool -import -keystore <JAVA_HOME>/jre/lib/security/cacerts -file yourRootCA.pem -storepass changeit -alias youralias
A third reason for that error message is when your server was signed by an intermediate certificate. In that case, you would have received from your CA a chain of certificates. One way to solve this (not the only one, but this one works well): Prepend your intermediate CA file to your server cert file, and import the obtained concatenated file into the server keystore. Be careful, the intermediate CA must be BEFORE the server cert. Example:
copy rootca.cer certchain.p7b
type server.cer >> certchain.p7b
The file certchain.p7b will be the concatenation of the intermediate CA and the signed server cert. Then import the newly created file under the key alias as follows:
keytool -import -keystore serverks.jks -file certchain.p7b -alias yourkey -trustcacerts
If you only prepend the intermediate root CA, you must make sure the the final root CA is in cacerts. But you can also prepend your whole chain of trust inside the server keystore.
Regards,
Kal -
SSL Configuration on 4.5.1 not working with 6.0SP1
In WL 4.5.1, this was all that was needed to enable SSL
weblogic.security.key.server=wcid-srp-mvc.der
weblogic.security.key.certificate=certificate.pem
In 6.0 SP1, I used this
<SSL Enabled="true" ListenPort="443" Name="SrpTest"
ServerCertificateChainFileName=""
ServerCertificateFileName="certificate.pem"
ServerKeyFileName="wcid-srp-mvc.der" TrustedCAFileName=""/>
and I get this error
<Jul 30, 2001 8:18:45 AM EDT> <Info> <WebLogicServer> <License allows
low streng
th (export) SSL.>
<Jul 30, 2001 8:18:45 AM EDT> <Alert> <WebLogicServer> <Security
configuration p
roblem with certificate file wcid-srp-mvc.der, java.lang.Exception:
Required fil
e wcid-srp-mvc.der which is specified by ServerKeyFileName, was not
found>
java.lang.Exception: Required file wcid-srp-mvc.der which is specified
by Server
KeyFileName, was not found
at
weblogic.t3.srvr.SSLListenThread.resolvePropertyFromLocalFile(SSLList
enThread.java:152)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:382)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at
weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<Jul 30, 2001 8:18:45 AM EDT> <Info> <Security> <Not listening for SSL,
java.io.
IOException: Security configuration problem with wcid-srp-mvc.der,
java.lang.Exc
eption: Required file wcid-srp-mvc.der which is specified by
ServerKeyFileName,
was not found.>
Any clues to how to get this up and running would be much appreciated. I
am in a major time crunch here.
Is the fix different when I am using DST instead of Verisign? I need to
get both the DST and Verisign issued certificates configures.
Thanks a bunch
MadhuEarlier, it was a problem with the directory settings in the SSL properties.
Once I got that straightened, I get this error now.
<Jul 30, 2001 9:55:45 AM EDT> <Info> <WebLogicServer> <License allows low
streng
th (export) SSL.>
weblogic.security.CipherException: Incorrect block length 125 (modulus
length 12
8)
at weblogic.security.RSApkcs1.decrypt(RSApkcs1.java:167)
at weblogic.security.RSAMDSignature.verify(RSAMDSignature.java:89)
at weblogic.security.X509.verifySignature(X509.java:243)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<Jul 30, 2001 9:55:45 AM EDT> <Alert> <WebLogicServer> <Inconsistent
security co
nfiguration, weblogic.security.AuthenticationException: Incorrect block
length 1
25 (modulus length 128) possibly incorrect SSLServerCertificateChainFileName
set
for this server certificate>
weblogic.security.AuthenticationException: Incorrect block length 125
(modulus l
ength 128) possibly incorrect SSLServerCertificateChainFileName set for this
ser
ver certificate
at weblogic.security.X509.verifySignature(X509.java:251)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<Jul 30, 2001 9:55:45 AM EDT> <Info> <Security> <Not listening for SSL,
java.io.
IOException: Inconsistent security configuration,
weblogic.security.Authenticati
onException: Incorrect block length 125 (modulus length 128) possibly
incorrect
SSLServerCertificateChainFileName set for this server certificate.> -
SSL configuration for ABAP engine
Hi Experts,
Can you please tell me how to configure SSL on ABAP engine?
Can you please guide me in details of the first part i.e. installation of SAPCRYPTOLIB for ABAP part?
I am not getting the document properly.
I am telling you what I have done.
1. I have downloaded the SAP Cryptoghraphic library for my platform.Two files were there--one is CAR file and another is SAR file.
After that probably
1. I have to extarct the files ( which one SAR or CAR? and how (with which command?))
2. After extraction, I'll get a file libsapcrypto.so. I have to put this into $DIR_EXECUTABLE directory.
What should be the exact path for $DIR_EXECUTABLE?
I have checked that in my system $DIR_EXECUTABLE=home/<sidadm>
Please let me know the absolute path where I have to put libsapcrypto.so
3. I have to set the environment variable SECUDIR to the directory $DIR_INSTANCE/sec.
What should be the exact path for $DIR_EXECUTABLE?
I have checked that in my system $DIR_EXECUTABLE=home/<sidadm>
Please let me know the absolute path to be set for SECUDIR.
Thanks and Regards,
Moulinath Ray
Edited by: Moulinath Ray on Feb 2, 2009 12:41 PMHello,
pls see the very usefull Doku at:
http://help.sap.com/erp2005_ehp_04/helpdata/EN/65/6a563cef658a06e10000000a11405a/frameset.htm
The values of Dir Instance and so on you will find in TA AL11.
Good Luck
Volker -
XI 3.1 Infoview HTTPS/SSL configuration
How do I setup Infoview so I can access it via https from outside our LAN?
Our environment currently runs on Tomcat 5.5 and I have SSO configured with vintela and kerberos. Everything works great and can access InfoView and CMC from inside our network via http. I would like to set up our environment to access InfoView from the outside and was wondering if I just need to configure Tomcat for https.
-Our firewall is already configure to allow access to the server via https
-Looking at the Admin Guide, doesn't seem like I need WACS
-Looking at the Admin Guide chapter 6, I'm not sure if I need to implement this either.Thank you very much for the help.
I actually used the Tomcat keytool to create a cert for my dev environment ( http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html ) but followed your instructions for the rest. I now have a https connection for the server.
I currently have the default port set up for 80 and 433 for https. The problem I have now is that when I go to https://{server name}/InfoViewApp, it connects but then redirects to http://{server name}:8080/InfoViewApp.
Do you know where I change this redirect from 8080 to 80?
Current Settings in Business Objects\Tomcat55\conf\server.xml
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
<Connector URIEncoding="UTF-8" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="16384" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="80" redirectPort="443"/>
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<Connector port="443" maxHttpHeaderSize="8192"...
Maybe you are looking for
-
Dear All, In Country India Taxation I face one issue. Please Help. When I execute J1I7, the report displays cancelled Excise Invoices also. Without these cancelled Excise Invoices how to get a report. Is there any way. Request you to help on this. Be
-
Hi, I found this very handy liittle script for adding a print this page button to my pages. See below. I'd like to change the button though to a small image of a printer. Does anyone know how I can modify this script to achieve that. Thanks K <SCRIPT
-
Tablet & Phones - Optimizing Your Website For Them
Hey Everyone, So I recently decided to use the fairly new Muse settings allowing me to optimize my website for tablets and phones. I noticed once I activated these builders in Muse, it only gave me empty pages. Is there any way to take the content I'
-
New templates for newsletters?
I got iWork 08 and expected there to be way more new templates for the newsletter section. There are only 3 new templates for it.. Does anyone know any websites where i can download some newsletter templates? Dont care if you have to pay. Thanks!
-
Error while starting eneterprise manger 11 g
Error pls help me how to start it C:\Windows\system32>emctl start dbconsole Can't locate CompEMdbconsole.pm in @INC (@INC contains: %s_javapOracleHome%/sysman/admin/scripts %s_javapOracleHome%/bin H:\app\ajinkya\product\11.2.0\dbhome_ \ajinkya\produc