Configure EP6 SP11 for SSL

Similar Messages

• Error when configuring Web Dispatcher for SSL with Enterprise Portal

  We are in the process of configuring the Web Dispatcher using SSL to connect to our Enterprise Portal (the Web Dispatcher will be in the DMZ).  We have followed all of the help.sap.com guides and now have SSL listening on the EP side (port 8103).  We are now receiving this strange certificate error when we start the Web Dispatcher:
  [Thr 5332] Tue Mar 20 00:36:23 2007
  [Thr 5332]   MatchTargetName("<FULLY QUALIFIED HOSTNAME>", "CN=XXX, OU=XXX, O=XXXX, C=XX") FAILS
  [Thr 5332]   SSL socket: local=<IPADDRESS>:4742  peer=<IPADDRESS>:8103
  [Thr 5332] <<- ERROR: SapSSLSessionStart(sssl_hdl=009D7670)==SSSLERR_SERVER_CERT_MISMATCH
  [Thr 5332] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH [icxxconn.c 2005]
  [Thr 5332] *** ERROR => IcmConnClientRqCreate() failed (rc=-14) [icrxx.c      4919]
  [Thr 5332] *** ERROR => Could not connect to SAP Message Server at <FULLY QUALIFIED HOST NAME>. URL=/msgserver/text/logon?version=1.2 [icrxx.c      2301]
  [Thr 5332] *** ERROR => rc=-1, HTTP response code: 0 [icrxx.c      2302]
  [Thr 5332] *** ERROR => see also OSS note 552286 [icrxx.c      2303]
  We have gone through the trouble shooting note 552286 as listed in the error above.  Any assistance is appreciated.

  Hello, did you receive any resolution for this problem?  We are receiving a similar error and I am unsure of how to resolve.

• Configure HFM environment with SSL

  Hi all
  I am in the middle of process to install HFM environment
  For the first time I need to configure HFM environment with SSL
  Before I started to install the HFM environment with SSL
  I read the SSL CONFIGUATION GUIDE to understand what I need to configure
  My environment based on web logic web server version Bea WebLogic_9.1_Express
  As I started I read the part of information on configuring your web server for SSL
  The next step was creating CA. The Company created for me CA ( file *.cer ) that I can continue with the issue, and this is what I do:
  I configure the HSS for SSL Using a text editor, open Hub.properties. Create the following entry in Hub.properties. sslEnabled=true
  And. Saved the file Hub.properties.
  The next step was configure the HSS Server on WebLogic
  I Log on to the Web Logic Administration Console.
  Select Servers > Shared Services (admin).
  From General tab, I select SSL Listen Port Enabled.
  Specify the port (for example, 58082) on which Shared Services will listen for SSL communication
  At last I Navigate to Keystore tab and set up the identity and trust keystore
  And fill the parameters
  At the end I restarted HSS services and Log on to User Management Console as Shared Services Administrator. Connect using the secure
  URLhttps://<host>:<SSL-port>/interop; for example, https://myServer:58082/
  interop.
  The things doesn’t seems that they work, I don’t know how can I be sure that all the parameter's that I fill is right?
  Nothing writes on Hyperion SSL PDF
  The web logic doesn't notify any error, all I can is just to get to the standard port 58080
  Thank
  Renan

  Hi Renan,
  One thing to realize is you don't need to have Shared Services in SSL mode to have HFM in SSL mode.
  The main reason you would want Shared Services in SSL mode was if IT/Info security mandated that your directory service (active directory, ldap, ...) be encrypted. If the corporate directory service is not encrypted you should skip making Shared Services encrypted which will simplify things some.
  Also once you had gotten shared services up on 58082 you would need to unregister/register all the installs to use 58082 and check the SSL box on the Shared Services install.
  Good Luck,
  -John

• Using the HTML collection for EP6 SP11

  I am trying to configure a custom interface using the HTML Collection.
  My problem is that the "How to " guide is for EP6 SP6 and I'm using EP6 SP11 which does not seem to have a place to attach the HTML file I have created to the layout set.
  Can anyone tell me how to do this?

  See How do you create a HTML collection rendered in EP6 SP11

• How to configure apache for ssl in windows platform

  hi all,
  can anyone help me expalin how to configure apache for ssl in windows platform.

  George,
  I would take the following 'first steps'
  1)Install Apache20 on your Windows machine following the Apache online documentation
  http://httpd.apache.org/docs-2.0/misc/tutorials.html
  2)Make sure you can 'serve up' static HTML content from your Apache Server
  3)Install Weblogic Server per our online documentation
  http://edocs.bea.com/wls/docs61/install/index.html
  4)Also, make sure you can 'serve up' both static and dynamic (e.g., JSP) content
  directly from WLS server
  5)Once you have both of the above 'sanity' checks attempt to configure a simple
  proxy by ppath or mime type via our online documentation
  http://edocs.bea.com/wls/docs61/adminguide/apache.html#103803
  Chuck Nelson
  DRE
  BEA Technical Support

• Configuring Oc4j 9.0.2 for SSL

  Hi,
  I'm trying to enable oc4j 9.0.2 for SSL communication. I have created the certificate request using the Oracle Wallet Manager and received a signed certificate from CA. I refer my .der file created by OWM in the ssl-config tag-keystore attribute.
  When i start my oc4j server, i receive the following error.
  Error starting HTTP-Server: Unable to intialize SSLServerSocketFactory 'com.evermind.ssl.JSSESSLServerSocketFactory': Invalid keystore format
  If i create a self-signed certificate with keytool, it works fine.
  Can someone help me in this.
  Thanks in advance.

  Hi,
  I found that Oracle Wallet Manager cannot be used with Oc4J-SO. KeyTool should be used instead. However certificates for HTTP server could be configured using the Wallet. It could then be configured to proxy the request to the oc4j using mod ssl. As my requirements are different, i did not try the latter. Hope this info is useful to someone working on a similar issue.
  Thanks.

• Can port 25 be used for SSL-enable SMTP server ?

  Hi,
  Our customer is using port 25 for a SSL-enabled SMTP server without certificate. When our email client tried to connect to it, the following exception thrown:
  DEBUG SMTP: exception reading response: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
  Since we don't want to ask our customer to change their port configuration unless absolutely necessary, we did some tests with our own SSL-enabled SMTP server that uses certificate. Here is what I got:
  1) with port 25, got the same exception as above;
  2) with port 465, worked fine;
  3) with any other randomly pick up valid port, worked fine.
  This made me wonder if 25 is for non SSL SMTP server ONLY. By the way, I'm using Javamail 1.3.4 and JSDK 1.4.2_02. My question is whether we can configure javamail so that port 25 can be used by SSL-enabled SMTP server?
  Your help will be appreciated.

  Yes, port 25 is intended for non-SSL servers only, although that doesn't
  prevent a client from making a plain text connection and then using the
  STARTTLS command to switch the connection to SSL/TLS. JavaMail 1.4
  supports that usage.
  You can configure JavaMail to use port 25 for SSL connections if you
  really want to. JavaMail 1.3.x requires you configure an appropriate
  socket factory to get SSL connections; you can configure whatever port
  you want for use with that socket factory.

• How to set the Certifcate to use for SSL when more than one available?

  I apologise for bad wording of question.
  We have a 11g Directory Server and when we created the directory instance it generated a self-signed certificate. very nice.
  We have recently requested and installed a CA signed certifcate, so we now have TWO certificates in the directory certificate store. Default Certificate and the new Server-Cert (the CA signed one)
  LDAP clients STILL seem to be presented with the self-sgned certificate though.
  Simple question... how do I make my Server-Cert the 'default' certificate presented to LDAP clients ???
  I would rather not delete the self-signed cert if possible.
  I cant find any documented method to achieve this.

  # Listing Certificate
  $ /certutil -L -d <path>/slapd-abc/alias -P slapd-
  # Add Trust by adding CT
  $ certutil -M -n "GeoTrust DV SSL CA" -t CT,, -d <path>/slapd-abc/alias -P slapd-
  # Verify the setup.
  $ certutil -L -d <path>/slapd-abc/alias -P slapd-
  ( You should see the CT beside the relevant cerficate, making it default for SSL communication )
  GeoTrust DV SSL CA CT,,
  Link : http://docs.oracle.com/cd/E19656-01/821-1504/6nmg10b6g/index.html ( Look around for different steps for configuring SSL )
  JPrince

• Using Java keystores with SAP Netweaver for SSL

  Hi all,
  I'm configuring Netweaver to use SSL and trying to reuse our client and server sertificates from the Tomcat, which are stored in java keystore files. What I've tried is to import the keystore file using the Import Keystore View function in NWA/KeyStorage GUI. I'm getting an error, when trying to do so. Is such a function supported by the Netweaver at all, so could I use standard java keystores somehow? What could I do alternatively?
  regards,

  I have only "NegativeArraySizeException" displayed on the top of the NWA screen without any further details. I've also tried both .jks file extension or left it blank, the same error. The only workaround I've found at the moment is to export certificates to separate files one by one from my JKS (using JDK's keytool -export command) and then import them to the ICM_SSL_<instance> keystore view (using Import Entry button). Of course, it's only a workaround, because the amount of client certificates could grow significally for the productive system. So, I'm still looking for some solution to use standard Java Keystores (JKS) in NWA/KeyStorage

• Using HttpSupport library for SSL with User Id/Password

  Does anybody know how to use UDS HttpSupport library for SSL connection which requires user id and password?
  Got no problem so far in getting pages using https and HttpBaseRequest but can't figure out how to setup user id and password for logging in to server. Have tried https://userid:password@server/... but UDS treated password@server as the port!
  Any help is appreciated.

  I assume you mean that you need to provide the password needed for a certificate for SSL authentication.
  For both client and server, these are configuration items.
  If you want to do HTTP authorization, which is not related to SSL, you should use the Authorization and WWW-Authenticate (in a 401 response) to get a user name and password to the server.

• Configure an Environment for Apps for SharePoint 2013

  hH,
  We are building QA environment for Sharepoint 2013. For this my management asked me to configure the APPS store. But when i referred the MSDN article, they are suggesting
  " You must purchase a domain name from a domain name provider for your apps, for example, ContosoApps.com."
  Which is not possible in my case as purchasing a new domain requires lot of approvals also this is an QA environment.
  So please suggest on the below points
  1) whats wrong to build a sub domain like APPS.XXXX.COM instead of XXXXAPPS.COM
  2) since it is in a QA environment, is it necessary to have a SSL  ??
  3) is it need to have a different APPS stores for QA & PROD environments.
  Thanks,
  Praveen
  Sharepoint HELP

  Hi Praveen,
  you don't need to buy a domain use your internal DNS
  no need for SSL since it is QA
  i think you mean app catalog, each environment will be having it app catalog
  some other links
  http://blogs.technet.com/b/mspfe/archive/2013/01/31/configuring-sharepoint-on-premise-deployments-for-apps.aspx
  http://www.nothingbutsharepoint.com/2013/02/13/configure-an-environment-for-apps-for-sharepoint-2013-aspx/
  Kind Regards,
  John Naguib
  Senior Consultant
  John Naguib Blog John Naguib Twitter
  Please remember to mark this as answered if it helped you

• Glassfish 3.1.2 configuration Client Certificate for Mutual Authentication

  Hi
  I need help in configuring GF3.1.2 i have done following changes, please do let me know if i am missing anything important as after changes it is not working.
  my id is [email protected]
  I could not found any particular thread or answers in forum if any link is there will be helpful.
  if you have any document for this please forward.
  please do the needful
  App Web.xml
  <login-config>
  <auth-method>CLIENT-CERT</auth-method>
  </login-config>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>Entire Application</web-resource-name>
  <url-pattern>/faces/*</url-pattern>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
  <http-method>HEAD</http-method>
  <http-method>PUT</http-method>
  <http-method>OPTIONS</http-method>
  <http-method>TRACE</http-method>
  <http-method>DELETE</http-method>
  </web-resource-collection>
  <auth-constraint>
  <description/>
  <role-name>authorized</role-name>
  </auth-constraint>
  <user-data-constraint>
  <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  <security-role>
  <description/>
  <role-name>authorized</role-name>
  </security-role>
  sun-web.xml
  <security-role-mapping>
  <role-name>authorized</role-name>
  <principal-name>admin</principal-name>     
  <group-name>authorized</group-name>
  </security-role-mapping>
  Domain.xml
  <security-service>
  <auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="admin-realm">
  <property name="file" value="${com.sun.aas.instanceRoot}/config/admin-keyfile"></property>
  <property name="jaas-context" value="fileRealm"></property>
  </auth-realm>
  <auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="file">
  <property name="file" value="${com.sun.aas.instanceRoot}/config/keyfile"></property>
  <property name="jaas-context" value="fileRealm"></property>
  </auth-realm>
  <auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate">
  <property name="assign-groups" value="authorized"></property>
  </auth-realm>

  Hi,
  May be below links will be helpful
  Check the following links.. you will get the information all about the securities...
  http://help.sap.com/saphelp_nw04/helpdata/en/f7/c2953fc405330ee10000000a114084/content.htm
  Also read thru this link for message level security - https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba681c51
  Also find soeminformation in these links
  http://help.sap.com/saphelp_nw2004s/helpdata/en/a8/882a40ce93185de10000000a1550b0/frameset.htm
  /people/aparna.chaganti2/blog/2007/01/23/how-xml-encryption-can-be-done-using-web-services-security-in-sap-netweaver-xi
  Step by step guide for SSL security
  step by step guide to implement SSL
  Please go through below link for referance (above information is from below link)
  http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/ff/7932e4e9c51c4fa596c69e21151c7d/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/13/4a3ad42ae78e4ca256861e078b4160/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/3a/7cddde33ff05cae10000000a128c20/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/0a/0a2e0fef6211d3a6510000e835363f/content.htm
  General guide
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a09f3d8e-d478-2910-9eb8-caa6516dd7d9
  Message level security
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba681c51
  Regarding message level you can encrypt the message using certificates.
  For both of this basis team has to deploy the releavant certificates in XI ABAP Stack or Java stack.
  Generally if the scenarios are intra company we dont use any transport level or message level security since the network is already secured.
  Thanks
  Swarup

• Up gradation Issues from 11.1.2.1 to 11.1.2.2 especially for SSL envrionmen

  Hi All,
  We are going for an up gradation from Hyperion 11.1.2.1 to Hyperion 11.1.2.2. All the products configured with SSL. I would like to know whether is there an impact in SSL configuration or not.
  Products Installed in Hyperion 11.1.2.1 in Distributed Environment
  Hyperion Planning
  HFM
  FR
  Thanks

  If you are configuring EPM System products for SSL, the configuration sequence and selections that you make during configuration depend on the type of SSL implementation you choose.
  http://docs.oracle.com/cd/E17236_01/epm.1112/epm_security_1112200.pdf

• Error running JCA code on EP6 SP11

  Has anybody solved this com/sap/util/monitor/jarm/TaskMonitor error with EP6 SP11. Portal can't find the class file.
  Portal Runtime Error
  An exception occurred while processing a request for :
  iView : pcd:portal_content/com.ust.iview.ExplodeBOM
  Component Name : com.ust.explodebom.display
  com/sap/util/monitor/jarm/TaskMonitor.
  Exception id: 05:30_13/05/05_0024_18713050
  See the details for the exception ID in the log file

  It works. I modified the class path of J2EE to point to where the JARM jars where stored. I would love to hear from anybody that has solved this issue any othe way.

• Configuring Weblogic Server for X.509 Smart Card Authentication

  0 down vote favorite
  share [g+] share [fb] share [tw]
  I am running Oracle Weblogic 11g (10.3.6) and attempting to configure two-way SSL (client certificate requested and enforced). The client certificate is on a smart card.
  I have enabled "basic" ssl in the weblogic server, and used keytool to import the relevant root CA certificates into the DemoTruststore.jks file. I have set the Two-way client cert behavior to Client Certs Requested and Enforced for the server.
  Unfortunately, attempting to access my application causes the following:
  <pre>
  <Certificate chain received from 127.0.0.1 - 127.0.0.1 was incomplete.>
  <NO_CERTIFICATE alert was received from 127.0.0.1 - 127.0.0.1. Verify the SSL configuration has a proper SSL certificate chain and private key specified.>
  <Certificate chain received from 127.0.0.1 - 127.0.0.1 was incomplete.>
  </pre>
  The ActivClient dialog never appears to select a certificate from the Smart Card, and a pin is never requested. Therefore, I think I misconfigured something.
  Help would be greatly appreciated.
  Jason

  Hello Mukunthan Damodharan,
  this means that the SSL Server Certificate has not his fully quallified name in the subject alternative name extension of the X.509 certificate.
  You can create a valid one or disbale that check in the Secure Login Client.
  How does the configuration gets to the clients?
  With the Policy Download you can disable that check over the Secure Login Server Administration console in the corresponding authentication profile.
  If manually you can change the following registry key:
  [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\SAP\SecureLogin\profiles\<profile name>
  "sslHostAlternativeNameCheck"=dword:00000000
  the value 0 disable that check on the client.
  best regards
  Alexander Gimbel