Changing SSL configuration on MedRec

Hi,
We are developing a custom Auditing Provider for WLS. Our provider needs to communicate via https to a remote system, and thus we need to configure SSL in order to use the correct client certificate and trust the remote server's.
We are using the sample MedRec application bundled with WLS for testing purposes, but no matter what, we do not seem to be able to change the SSL configuration. We went to Home -> Servers -> MedRecServer(Admin) -> Configuration in the console, and then
* Keystores
* Custom Identity and Custom Trust + configure all the keystores pointing to our jks files
* SSL: point to our alias
But, when restarting the server, we see the following:
<Mar 6, 2007 11:45:21 AM CET> <Notice> <Security> <BEA-090169> <Loading trusted
certificates from the jks keystore file C:\dev\bea\WEBLOG~1\server\lib\DemoTrust
.jks.>Which seems to indicate that somehow MedRecServer is not acknowledging our configuration changes.
Our WL_HOME\samples\domains\medrec\config\config.xml looks like this:
<?xml version='1.0' encoding='UTF-8'?>
<domain xmlns="http://www.bea.com/ns/weblogic/920/domain" xmlns:sec="http://www.bea.com/ns/weblogic/90/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wls="http://www.bea.com/ns/weblogic/90/security/wls" xsi:schemaLocation="http://www.bea.com/ns/weblogic/90/security/extension http://www.bea.com/ns/weblogic/90/security.xsd http://www.bea.com/ns/weblogic/90/security/xacml http://www.bea.com/ns/weblogic/90/security/xacml.xsd http://www.bea.com/ns/weblogic/90/security http://www.bea.com/ns/weblogic/90/security.xsd http://www.bea.com/ns/weblogic/920/domain http://www.bea.com/ns/weblogic/920/domain.xsd http://www.bea.com/ns/weblogic/90/security/wls http://www.bea.com/ns/weblogic/90/security/wls.xsd">
  <name>medrec</name>
  <domain-version>9.2.0.0</domain-version>
  <security-configuration>
    <name>medrec</name>
    <realm>
      <sec:auditor xmlns:ext="http://www.bea.com/ns/weblogic/90/security/extension" xsi:type="ext:secure-auditorType">
        <sec:name>Foo</sec:name>
        <ext:identifier>Test</ext:identifier>
        <ext:bea-audit-log-service-uri>hessian:https://it-sdm-nb:8443/ksuite/remoting/BEAAuditLogService-hessian</ext:bea-audit-log-service-uri>
      </sec:auditor>
      <sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
      <sec:authentication-provider xsi:type="wls:default-identity-asserterType">
        <sec:active-type>AuthenticatedUser</sec:active-type>
      </sec:authentication-provider>
      <sec:role-mapper xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
      <sec:authorizer xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
      <sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
      <sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
      <sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
      <sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
      <sec:name>myrealm</sec:name>
    </realm>
    <default-realm>myrealm</default-realm>
    <credential-encrypted>{3DES}I/3L8IhJVe+jq1vzXAXHODsFazm8NGROsfPVAaunGasgxJ6u41gpHbMAqA4pZSr2u1CWgoxiHR6z895y9Or+CDwkCmqAxJBq</credential-encrypted>
    <node-manager-username>weblogic</node-manager-username>
    <node-manager-password-encrypted>{3DES}HMxdWFl3juTr6BufJFg6WQ==</node-manager-password-encrypted>
  </security-configuration>
  <server>
    <name>MedRecServer</name>
    <ssl>
      <name>MedRecServer</name>
      <enabled>true</enabled>
      <listen-port>7012</listen-port>
      <server-private-key-alias>auditor</server-private-key-alias>
      <server-private-key-pass-phrase-encrypted>{3DES}tPlZGhoSkfnu0h93w1MeKw==</server-private-key-pass-phrase-encrypted>
    </ssl>
    <listen-port>7011</listen-port>
    <listen-address></listen-address>
    <key-stores>CustomIdentityAndCustomTrust</key-stores>
    <custom-identity-key-store-file-name>C:\dev\bea\weblogic92\server\lib\tomcat.keystore</custom-identity-key-store-file-name>
    <custom-identity-key-store-type>jks</custom-identity-key-store-type>
    <custom-identity-key-store-pass-phrase-encrypted>{3DES}tPlZGhoSkfnu0h93w1MeKw==</custom-identity-key-store-pass-phrase-encrypted>
    <custom-trust-key-store-file-name>C:\dev\bea\weblogic92\server\lib\tomcat.keystore</custom-trust-key-store-file-name>
    <custom-trust-key-store-type>jks</custom-trust-key-store-type>
    <custom-trust-key-store-pass-phrase-encrypted>{3DES}tPlZGhoSkfnu0h93w1MeKw==</custom-trust-key-store-pass-phrase-encrypted>
  </server>
  <embedded-ldap>
    <name>medrec</name>
    <credential-encrypted>{3DES}W+XDJAixeMZcbdmRm/jIF8u8ZMzBMLyGQpcjb1lWzlM=</credential-encrypted>
  </embedded-ldap>
  <configuration-version>9.2.0.0</configuration-version>
  <admin-server-name>MedRecServer</admin-server-name>
</domain>You can see our Auditor provider configuration and the custom identity and trust sections, which look right.
I'm wondering if somehow the demo application is special in any way, or if we are missing some step to change the identity and trust configuration. Any ideas? Any further investigation clues?
Kind regards,
Alex

OK, we have been reading this:
http://e-docs.bea.com/wls/docs81/security/SSL_client.html
, so I think I need to make a few clarifications.
Our Auditing Provider communicates remotely with another system using remoting libraries (in this case, the Hessian library), which open SSL connections in the "usual JDK manner". In fact, when handshaking, we see a failure that has a stack trace like the following:
<Mar 6, 2007 3:59:36 PM CET> <Debug> <SecuritySSL> <000000> <Exception during ha
ndshake, stack trace follows
java.net.SocketException: socket write error: Connection aborted by peer
        at jrockit.net.SocketNativeIO.socketWrite(Ljava.io.FileDescriptor;[BII)V
(Unknown Source)
        at java.net.SocketOutputStream.socketWrite0(Ljava.io.FileDescriptor;[BII
)V(SocketOutputStream.java:???)
        at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92)
        at java.net.SocketOutputStream.write(SocketOutputStream.java:136)
        at com.certicom.io.OutputSSLIOStream.write([BII)I(Unknown Source)
        at com.certicom.tls.record.WriteHandler.flushOutput()I(Unknown Source)
        at com.certicom.tls.record.handshake.HandshakeHandler.flush()V(Unknown S
ource)
        at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.hand
le(Lcom.certicom.tls.record.handshake.HandshakeMessage;)V(Unknown Source)
        at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Lcom.certicom.tls.record.handshake.HandshakeMessage;)V(Unknown Source)
        at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages([BILcom.certicom.tls.interfaceimpl.ProtocolVersion;)V(Unknown Source)
        at com.certicom.tls.record.MessageInterpreter.interpretContent([BIILcom.
certicom.tls.interfaceimpl.ProtocolVersion;)V(Unknown Source)
        at com.certicom.tls.record.MessageInterpreter.decryptMessage(II[BIILcom.
certicom.tls.interfaceimpl.ProtocolVersion;)V(Unknown Source)
        at com.certicom.tls.record.ReadHandler.processRecord()I(Unknown Source)
        at com.certicom.tls.record.ReadHandler.readRecord()I(Unknown Source)
        at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete()V(Unk
nown Source)
        at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake()V
(Unknown Source)
        at com.certicom.tls.record.WriteHandler.write([BII)I(Unknown Source)
        at com.certicom.io.OutputSSLIOStreamWrapper.write([BII)V(Unknown Source)
        at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65
        at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
        at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
        at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.j
ava:142)
        at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.
java:344)
        at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLC
onnection.java:32)
        at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection
.java:935)
        at com.caucho.hessian.client.HessianProxy.invoke(Ljava.lang.Object;Ljava
.lang.reflect.Method;[Ljava.lang.Object;)Ljava.lang.Object;(HessianProxy.java:??
        at $Proxy0.startup(JLjava.lang.String;Ljava.lang.String;)V(Unknown Sourc
e)
        at com.kroopier.bea.sap.utils.BeaAuditLogServiceSSLWrapper.startup(BeaAu
ditLogServiceSSLWrapper.java:43)
[/pre]
I guess that the Hessian library opens up a connection, actually using these certicom classes and not the usual https ssl client classes and then I should configure client certificates accordingly in the Certicom thing, but I'm unsure how to do that.
Any ideas?
Alex                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

Similar Messages

  • Syclo Work Manager 6.1 SSL Configurations

    Hello Experts,
    We have an "Communicaiton Error 14" on Device and ATE. I have worked on WM 5.2 and 6.0 and aware of the SSL configurations. I have Generated a Self Signed Certificate and a PFX file using OpenSSL. Now, with SMP 3.0 SP03 we are not able to find how to configure the Agentry.ini and where to copy the .sst file.
    Can someone help us understand on how to make this work??? Is there a workaround for HTTP communication without SSL and any document on this which can help.
    Is SSL/pfx mandatory to have in 6.1 while testing with ATE?
    Regards,
    Sarika

    Hi Stephen,
    Yes, I have to change the FDQN name to IP to work with Management console, only I will get logon screen.  Similarly I have tried to do the same in ATE & WPF client.
    in Management Console, while have FDQN in URL,
    https://jilan.wirelessap:8083/Admin/
    the error is below. But when I change to IP it works.
    This page can't be displayed
    Make sure the web address https://jilan.wirelessap:8083 is correct.
    Look for the page with your search engine.
    Refresh the page in a few minutes.
    Make sure TLS and SSL protocols are enabled. Go to Tools > Internet Options > Advanced > Settings > Security
    Similarly, in WPF/ATE, if FDQN is in URL, I get the Communication Error(14).
    Requesting Public Key from Server
    Communications error (14)
    Connection failed
    Ending transmission
    Is any mapping needed in my laptop between FDQN to IP address?
    Thanks,
    Jilan

  • SSL configuration on oracle 10g realease 3 web server

    what all are the changes should i do
    in ssl.conf,httpd.conf,opmn.xml
    to enable ssl.
    i have clustered one web server and one application server
    i have the authorized trusted certificate from CA.

    SSL configuration on oracle 10g webserver release 3

  • I am using a work laptop and have the same problem. When I try to change the "configure proxy", they only available option is "use this proxy server for all protocols". Could it be that my system administrator blocked me from changing it since they don'

    I am using a work laptop and have the same problem. When I try to change the "configure proxy", they only available option is "use this proxy server for all protocols". Could it be that my system administrator blocked me from changing it since they don't want us to use Firefox.
    == User Agent ==
    Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.4; FNGP_SYS)

    Start Firefox in [[Safe Mode]] to check if one of your add-ons is causing your problem (switch to the DEFAULT theme: Tools > Add-ons > Themes).
    See [[Troubleshooting extensions and themes]] and [[Troubleshooting plugins]]
    If it does work in Safe-mode then disable all your extensions and then try to find which is causing it by enabling one at a time until the problem reappears.
    You can use "Disable all add-ons" on the ''Safe mode'' start window.
    You have to close and restart Firefox after each change via "File > Exit" (on Mac: "Firefox > Quit")

  • Need some hel in SSL Configuration in R12

    Hi All,
    I am facing challenges in configuring SSL in R12. I am not able to get bigger picture of the SSL Configuration. If any body does this before please share you knowledge
    Thanks in Advance.
    Reddy

    Hi Hussein
    The below are the steps I am trying to implement.
    Section 3 : Middle Tier Setup
    The default location for the wallet in Release 12 is $INST_TOP/certs/Apache. This directory contains a wallet with demo certificates. If you wish to use these certificates for testing start with Step 8 below to configure SSL
    Decided to test the application with demo certificates.
    Step 8: Update the Context File.
    Updated the context file as per the recommendations.
    Step 9 - Run Autoconfig
    Finished
    Section 4: Database Tier Setup
    Here I got confused. Whether to proceed or not ?
    Thanks
    Reddy

  • How to restrict the authorization to change backgroud configuration

    hello , I copy some users from my admin user which contain the sap_all profile. so these uses can change background configuration.     now,  I want to restrict the authorization that they can only view the background configuration but can not change it .        how can I set this authorization?     Can I change the sap_all profile? how to set it?
    thanks.

    Hi,
    You can copy the SAP_ALL profile to a new name say Z_SAP_ALL and provide display access to all the authorization object and make sure you remove all the critical tcodes in the Z_SAP_ALL profile.
    Once you are done with testing the role assign it to the user.
    Also search the threads in the forum...
    Rakesh

  • I updated my Iphone 3gs to last version of iOS and now I can't change my configurations of Mail, Contacts, Calendars.

    I updated my Iphone 3gs to last version of iOS and now I can't change my configurations of Mail, Contacts, Calendars.

    Generally that is a sign that the iPhone had previously been jailbroken
    or hacked to work with other than the original wireless provider. The update
    has relocked the iPhone to the original wireless provider. You must
    contact them to see if they provide unlocking and if you qualify.
    If you can get that far, what does it say when you look at
    Settings=>General=>About=>Carrier?

  • I have changed the configuration of the firefox and I want to change it back

    some days ago I have changed the configuration of the my Firefox to have a Firefox with higher speed. But after changing I found that the speed has became slower. I want to change the configuration back to its original setting. Please let me know if there is any way to do it.
    may tanks for your helps.
    MIMLINUX

    Start Firefox in [[Safe Mode]]. When you get to the [https://support.mozilla.com/en-US/kb/Safe+Mode#Safe_Mode_window Safe Mode window] , select '''Reset all user preferences to Firefox defaults''' and then '''Make Changes and Restart'''. You have to be very careful when a site tells you to change Firefox's settings. It may harm your Firefox.

  • PI 7.31 Dual Stack SSL configuration

    HI Gurus,
    I have a quick query, I am configuring SSL on my PI 7.31 systems.
    I have checked all the standard guides and forums but I have one doubt.
    Q1 - Is it necessary to configure SSL both in ABAP and JAVA side ?
    Q2 - If I just configure SSL in STRUSTSSO2 in ABAP , will it be more than enough ?
    Q3 - In what cases do we need to configure SSL in JAVA side ? And does configuring SSL in JAVA mandatory require sapcryptolib files ?
    Please share your views.
    Cheers, SG

    I want to understand is it necessary to configure SSL in both ABAP and JAVA in case of dual stack PI ?
    >>> Please refer to Huseyin's comments in the below thread..
    PI 7.3 Dual Stack SSL configuration
    In what cases do we use JAVA SSL in Dual stack system ?
    >>> AFAIK - when you use http_aae adapter/soap with https then you should configure the SSL on java stack.

  • Analyze link generated by Portal not working after SSL Configuration

    Hi,
    We've installed OracleAS Portal 10.1.4 and Oracle Discoverer Version 10.1.2.48.18 on the same machine. We recently configured SSL on OracleAS Portal for SSO server only. Discoverer was not SSO enabled.
    Now after successful SSL configuration we are facing one problem. The Analyze link that is generated by Portal to analyze the worksheet in Single Worksheet Viewer is no longer working. when we click on the analyze link we get the "HTTP 500 Internal Server Error" and a message that Page cannot be displayed.
    Please advise...

    Hi Andrew
    It sounds like you need to enable SSO for Discoverer too.
    Best wishes
    Michael

  • Safari was very slow in opening up Google sites.  I found a discussion thread that suggested changing the "Configure IPv6" setting to "Off" in the System Preferences, Network, Advanced, TCP/IP section.  That seems to work well.  Are there any risks?

    Safari was very slow in opening up Google sites.  I found a discussion thread that suggested changing the "Configure IPv6" setting to "Off" in the System Preferences, Network, Advanced, TCP/IP section.  That seems to work well.  Are there any risks to leaving the Configure IPv6 setting to Off?

    Nope. You can always reverse that if you choose.

  • Change Management Configuration for SolMan 4.0 SP13

    Hi SolMan Experts,
    Recently, we have build SolMan4.0. As of now, we have configured this for System monitoring and EWA reports.
    Now, we are planning to configure for Change Management.
    Could you please provide me the useful documents for CHANGE MANAGEMENT configuration on SolMan4.0.
    Thanks in advance!
    Regards,
    Hari.

    Hello
    Follow the same steps which mentioned for SP12, as per my understanding there is not much difference in basic configuration of solution manager 4.0.
    Create systems in SMSY, RFC connections, create logical system, create project, activate charm, these are the basic steps.
    You will get information on this on saphelp and also go through the solman rkt (service.sap.com/rkt),
    sap market place &#61664; sap support infrastructure &#61664; solution manager &#61664; media library (u will find all documents)
    Even they gave given the charm configuration guide for SP12, u will find that in technical papers.
    Hope this will help
    Regards,
    Sharmishtha

  • Change in configuration

    Hi Team,
    i have updated one parameter fewdays back which will require a restart of services to effect
    now services are restated and the parameter is in effect.
    Is there any way that i can know at wht time/date the change of configuration done?
    Auditing not enaled by default ;-)
    Thanks in advance,
    Regards,
    MadanMohan
    Edited by: MadanMohanB on Jul 7, 2010 9:54 PM
    Edited by: MadanMohanB on Jul 7, 2010 9:58 PM

    Hi Jitesh,
    I believe, that though there are several debit and credit line amounts pertaining to GR/IR Clearing account. System will do clear with transaction F.13 based on sort key information at GL Account.
    If the GL Account Sort Key gets changed, then to be cleared manually with T.Code F-03. Here you will not be in a position to clear if the debit and credit items are huge.
    Then go to FBL3N, match the both credit and debit with same information at Assignment field and do Clearing with F.13
    As we know, it is very big taks. You have to struggle for which the mistake was happend and ensure that the sortkey should not be changed where there are line items to be cleared.
    Regards
    VG

  • CUP/CUCM IP Address change - how to change the configuration of Jabber/CUPC in batch

    I have an implementation of CUCM / CUP with endpoints Cisco Jabber and CUPC.
    The CUCM/CUP IP address will change.
    Is there a way to change the configuration of Cisco Jabber / CUPC on all devices?
    Regards,
    Ronaldo

    CUPC:
    There is a registry setting that you can specify.
    HKEY_CURRENT_USER\Software\Cisco Systems, Inc.\Client Services Framework\AdminData\CUPServer
    CUPS
    You will also need to make changes to the CUPS config for the TFTP, CTI gateway and CCMCIP settings.
    Application -> Cisco Jabber/CUPC -> Setttings.
    You'll also need to change the truck settings to CUCM if you have this configured.
    Jabber:
    Not 100% sure on Jabber. Maybe someone else can comment on that.
    Thanks,
    - Colin

  • Changing the configurations of pre-configured BOM on a Sales Order

    Hello experts,
    Our client's business is similar to OEC Computers. However, I am not able to map the following business scenario:
    They sell servers to customers however, it is unusual that the client buys the pre-configured model as provided by the principal. therefore, as per the specific requirements of customer they change the configuration of the server.
    For e.g. the pre-configured model has 2GB of RAM however, the customer wants to replace the the 2GB RAM with a 4GB RAM.
    The replacement is important to track as Inventory will have an affect on it.
    Please advise the possible solutions.
    Regards

    Hi Adeel,
    At the time of Production order you chane the 4GB RAM Instead of 2GB.
    Traking of the Replacement item you use some Additional query report to be use.
    *Close the thread if issue solved.
    Regards
    Jambulingam.P

Maybe you are looking for