Configure SSL for Tomcat 6x with clientAuth="true"

Similar Messages

• Configure SSL for Tomcat 6x

  Hi,
  I have configured my tomcat server with SSL. The certificate I am using is created by keytool.
  Its working fine when clientAuth="false".
  But now I want to check client certificate too. So I changed clientAuth="true" and provided a client certificate too.
  Now this is not working.
  Please some body help me solve it.
  Thnx in advnc.

  Try a forum/mailinglist devoted to Tomcat. There's one at its own homepage.
  This is just the JSP/JSTL forum.

• How Do I Configure SSL for RAC Installation.

  Experts,
  Requesting your inputs on configuring SSL for my RAC environment.
  - Oracle DB version is 11.2.0.2
  - RAC is with two nodes.
  - Two nodes are : rac1.oracle.com and rac2.oracle.com
  - RAC setup has SCAN feature configured. SCAN FQDN : racscan.oracle.com
  - All clients talk to RAC DB using SCAN feature as shown below.
  client applications -> racscan.oracle.com ---> rac1.oracle.com
  ---> rac2.oracle.com
  - tnsnames.ora file on both RAC instances has hostname as "racscan.oracle.com" instead of their individual phyiscal host names.
  How do I configure SSL for RAC:
  1. Do I need to generate certificate request for individual hostnames or only for SCAN hostname ?.
  2. If I generate a certificate based on SCAN hostname, how does SSL work since SCAN hostname is not a phyiscal host name ?
  3. What is recommended strategy for configuring SSL for RAC environment ?
  Thanks

  The documentation on the creation of Oracle Wallets is not specific to RAC, and the RAC SCAN instructions for TCPS are very vague on the specific requirements for the certificates required in the wallets for proper operation. I too am struggling to get it to work. Does anyone have a more technical guide to the specific configuration of the certificates needed and what specific configuration file changes need to be made?
  Also, the self signed documentation is getting REALLY old. Oracle, please stop giving instructions that demonstrate irresponsibility and show the proper method of certificate requesting and importing to wallets.
  Edited by: user11338513 on Mar 21, 2012 2:23 PM

• Need info to configure SSL for Portal Server in EP6SP2

  Hello,
  We need to configure SSL for Portal Server. We are using J2EE 6.20 Patch 25 and EP6SP2P4. The ITS is already using https and it creats lots of Session issues since Portal is not in https.
  Is there any OSS Note or How to guide to configure Portal to use SSL.
  Thanks.
  - PK

  Hi Marcel,
  Thanx for your Post, I have a Question, we will use CISCO for load balancing and SSL termination but I have a big issue, the URL in the portal applciation is always the same ant the URL in the borwser, I guess al the other URL´s are in the Frames, how will we configure the SSL termination for the login page in example if the URL in the Browser appears always the same?
  Thanx in Advanced!!!

• Configuring SSL for Real-Time Collaboration

  Hi,
  We installed OCS10gR1 because we want to use Real-Time collaboration for delivering support. At this moment we are trying to configure SSL. We already worked through the following guides :
  - Real-time collaboration admin guide
  - OCS admin guide
  - OCS Security guide
  - OPMN admin guide
  but it's still very fuzzy. It's hard to get a clear overview about the steps to follow to get SSL working for RTC. Is there some kind of "cookbook" or simple guide which describes all the steps in a clear way.
  Thank you

  Hi,
  I ran the SSLconfigTool.sh script on the Infrastructure with success but the midtierSSLConfigTool.sh script didn't come to an end. Probably, I ran the script with the wrong options. I used the following options :
  <oid hostname> gary.woerden.centric (hostname on which ocs resides)
  <oid port> 389 (default)
  <oid admin dn> I filled in orcladmin, but maybe dn=woerden,dn=centric would be better ???
  <http server SSL port> 8250 (from portlist.ini)
  <https> internet_appserver_registry (I really didn't know what value this must be)
  <hostname of the computer> gary.woerden.centric
  <True | False> False
  The output of the script midtierSSLConfigTool.sh with the options mentioned above:
  Modifying Collaboration Suite service registry
  Exception in thread "main" javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
  at oracle.ldap.util.jndi.ConnectionUtil.returnInitialLdapContext(ConnectionUtil.java:492)
  at oracle.ldap.util.jndi.ConnectionUtil.getDefaultDirCtx(ConnectionUtil.java:135)
  at oracle.ldap.util.jndi.ConnectionUtil.getDefaultDirCtx(ConnectionUtil.java:157)
  at URLUpdate.main(URLUpdate.java:32)
  Done. Please go to /opt/oracle/product/10.1.1/ocs/apps/imeeting/logs/rtcctl directory to check the log file.
  Starting the SSL Configuration Tool...
  Log file recording the current execution is '/home/oracle/SSLConfigTool_20051104_091126.log'.
  Below is the command line you have entered:
  SSLConfigTool -config_w_default -opwd ******** -ptl_dad portal -ptl_inv_pwd ********
  Executing command:
  /opt/oracle/product/10.1.1/ocs/apps/bin/ldapbind -h gary.woerden.centric -p 636 -U 1
  Querying password for Portal from OID.
  Executing command:
  /opt/oracle/product/10.1.1/ocs/apps/bin/ldapsearch -h gary.woerden.centric -p 636 -D cn=orcladmin -w ******** -U 1 -b "OrclResourceName=Portal,orclReferenceName=ocs.woerden.centric,cn=IAS Infrastructure Databases,cn=IAS,cn=Products,cn=OracleContext" -s sub "objectclass=*" orclpasswordattribute
  Exit code: 0
  Executing command:
  /opt/oracle/product/10.1.1/ocs/apps/dcm/bin/dcmctl updateConfig
  Executing command:
  /opt/oracle/product/10.1.1/ocs/apps/opmn/bin/opmnctl stopproc ias-component=dcm-daemon
  Configuring HTTPS for your ORACLE_HOME at:
  /opt/oracle/product/10.1.1/ocs/apps
  Backing up file '/opt/oracle/product/10.1.1/ocs/apps/opmn/conf/opmn.xml' to file '/opt/oracle/product/10.1.1/ocs/apps/opmn/conf/opmn.xml.orig_SSLConfigTool'.
  Backing up file '/opt/oracle/product/10.1.1/ocs/apps/Apache/Apache/conf/ssl.conf' to file '/opt/oracle/product/10.1.1/ocs/apps/Apache/Apache/conf/ssl.conf.orig_SSLConfigTool'.
  Backing up file '/opt/oracle/product/10.1.1/ocs/apps/webcache/webcache.xml' to file '/opt/oracle/product/10.1.1/ocs/apps/webcache/webcache.xml.orig_SSLConfigTool'.
  Backing up file '/opt/oracle/product/10.1.1/ocs/apps/webcache/webcache.xml' to file '/opt/oracle/product/10.1.1/ocs/apps/webcache/webcache.xml.tmp'.
  Executing command:
  /opt/oracle/product/10.1.1/ocs/apps/sso/bin/ssoreg.sh -oracle_home_path /opt/oracle/product/10.1.1/ocs/apps -site_name SSLConfigTool_ssl_ocsapps.gary.woerden.centric -config_mod_osso TRUE -mod_osso_url https://gary.woerden.centric:8250 -u root
  Backing up file '/opt/oracle/product/10.1.1/ocs/apps/j2ee/OC4J_Portal/applications/portal/portal/WEB-INF/web.xml' to file '/opt/oracle/product/10.1.1/ocs/apps/j2ee/OC4J_Portal/applications/portal/portal/WEB-INF/web.xml.orig_SSLConfigTool'.
  Backing up file '/opt/oracle/product/10.1.1/ocs/apps/portal/conf/iasconfig.xml' to file '/opt/oracle/product/10.1.1/ocs/apps/portal/conf/iasconfig.xml.orig_SSLConfigTool'.
  Executing command:
  /opt/oracle/product/10.1.1/ocs/apps/portal/conf/ptlconfig -encrypt
  Executing command:
  /opt/oracle/product/10.1.1/ocs/apps/portal/conf/ptlconfig -dad portal -pw ********
  Backing up file '/opt/oracle/product/10.1.1/ocs/apps/sysman/emd/targets.xml' to file '/opt/oracle/product/10.1.1/ocs/apps/sysman/emd/targets.xml.orig_SSLConfigTool'.
  Executing command:
  /opt/oracle/product/10.1.1/ocs/apps/dcm/bin/dcmctl updateConfig
  This last command didn't come to an end.
  Can you tell me what options are wrong and can I run the script again or should I first backup the backupped files ?
  Thanx in advance!

• Configuring SSL for SOA Server

  Hi All,
  I wrkin on SOA suite 11g. I am tryin to implement transport level security. Firstly 1-way authentication and than 2-way mutual authentication. For that I need to enable the SSL for SOA server which is managed by the WLS admin server. As per my knowledge the WLS comes with demoidentity and demotrust keystores. If I need to configure the SSL for SOA server do i need to create new keystores and CA,s or I can use the demo keystores.
  Now, in case i need to create new keystores than can i do the same using keytool utility. Additionally, is it possible to make CA using keytool utility? If yes, kindly provide me some links about how to do the same.
  Thanks in advance.

  Hi Shomit,
  If I need to configure the SSL for SOA server do i need to create new keystores and CA,s or I can use the demo keystores.You can use the Demo keystores for dev purpose but it is NOT recommended to use demo keystores for production use.
  in case i need to create new keystores than can i do the same using keytool utilityYes, you can do it using Keytool utility.
  is it possible to make CA using keytool utility?Actually you can generate a self-signed cert and use that as a CA for signing CSR's.
  kindly provide me some links about how to do the sameYou should get everything here -
  http://download.oracle.com/docs/cd/E14571_01/web.1111/e13707/ssl.htm#i1200848
  Regards,
  Anuj

• Configure SSL for virtual web

  Is it possible to achive the following:
  -myhost is a web server.
  -myweb1 is a virtual web located on myhost, so, it is an DNS alias of myhost. it's SSL runs on the server myhost.
  -myhost2 is another virtual web located on myhost and it is an DNS alias of myhost also. it has another key/cert and run SSL on the server myhost also.
  I have been asked to configure SSL termination on my CSS11506 to offload the SSLs trafic.
  Could anyone advice me for a VIP, (myhost), can I use two key/CA? if so, how do I configure them?
  Any comments will be appreciated
  Thanks in advance.

  ssl-proxy-list ssl-slot3
  ssl-server 31
  ............. -> the one which working fine.
  ssl-server 14
  ssl-server 14 vip address 10.1.31.14
  ssl-server 14 cipher rsa-with-rc4-128-sha 10.11.31.14 81
  ssl-server 14 rsakey Myweb1Rkey
  ssl-server 14 rsacert Myweb1Scert
  ssl-server 15
  ssl-server 15 vip address 10.1.31.15
  ssl-server 15 rsakey Myweb2Rkey
  ssl-server 15 rsacert Myweb2Scert
  ssl-server 15 cipher rsa-with-rc4-128-sha 10.11.31.15 81
  active
  service ssl-slot3-srv
  type ssl-accel
  keepalive type none
  slot 3
  add ssl-proxy-list ssl-slot3
  active
  service myhost
  ip address 10.4.31.14
  keepalive type tcp
  keepalive port 80
  active
  owner mytest
  content myweb2-rule
  add service ssl-slot3-srv
  vip address 10.1.31.15
  protocol tcp
  port 443
  content myweb2-rule2
  vip address 10.4.31.15
  protocol tcp
  port 81
  balance leastconn
  add service myhost
  active
  content myweb1-rule
  protocol tcp
  port 443
  add service ssl-slot3-srv
  vip address 10.1.31.14
  active
  Do I miss anything?

• SAPGUI (for Java) using with wan=true

  Hi all,
    I use java version of SAPGUI for linux. I've found a way how to integrate logon items into my system menu including client and username settings on logon screen: run guistart with conection string, e.g.
  path/to/gui/guistart '/H/192.168.1.1/S/3200&clnt=111&user=pvavra&wan=true'
    I use this way from SAPGUI version 6.30. With newer versions of SAPGUI I've found that some systems accept parameters to wrong position (I have to fill username to parameter clnt: clnt=pvavra to fill username). Later I've noted that no logon parameters are accepted when I use connect string with parameter wan=true.  Version 7.10 brings new feature: It write error mesage "Can't fill in logon data when using a wan connection".  Knows anybody why this way is imposible now? Is it an official policy of SAP or a bug? I usually need to connect over thin internet line to SAP systems and pre-filled logon screen is really comfortable feature. Does anybody know a workaround for such situation?

  So I fixed the problem.  In the VPN (PPTP) configuration, I had to:
  - Set the encryption from "Automatic" to "Maximum"
  - Click "Advanced" and check the box for "Send all traffic over VPN connection".
  Both of these selections were required.  You'd think "Automatic" would have been "automatic" about selecting the encryption level, but apparently it wasn't.
  It's unfortunate I have to send all traffic through the VPN as this slows or even prevents other internet-using applications to operate properly while I'm connected to the VPN.
  I think there's a way to edit a routing file and set it up in such a way to only have SAP use the VPN while the other applications bypass it, but I don't know how to do it and I don't really have time to learn it myself.
  Anyway, hope this helps people out there.  Thanks guys for weighing in with advice.
  Chris

• How to configure SSL for SOA BPM/Webcenter 11.1.1.3

  Hi,
  I have installed BPM 11.1.1.3 and Webcenter 11.1.1.3 in the same HOME. First installed BPM and then extended the domain for webcenter. During the installation I selected the SSL check-box also. Now how do I disable the HTTP and enable only HTTPS. I need to configure SSL can someone please provide some steps or a link to some document around SSL configuration of BPM/Webcenter 11.1.1.3.
  Thanks

  Hi,
  Anyone I too am looking for the same info.
  Thanks

• How configure SSL for Oracle Lite

  Hi all,
  I'm trying to configure SSL but I've many doubts.
  I already have one SSL certificate, I read in the documentation that is necessary to use the keytool.
  Someone can help me for use this tool?
  tks,
  Everson

  this should help
  http://weblogic-wonders.com/weblogic/2010/05/19/configuring-ssl-on-weblogic-server-custom-identity-custom-trust/

• Configure SSL for Soap to poa

  Currently do not have SSL for soap enabled on my poas.
  Looking to turn it on and I cannot find any documentation or TIDs in reference to Webaccess.
  I know where to turn it on in the POA agent, but what do I need to do on the Webaccess server? Looked at the webacc.cfg file for a switch, but had no luck.
  Any help much appreciated!
  Christa

  In article <[email protected]>, Ochschr wrote:
  > I know where to turn it on in the POA agent, but what do I need to do on
  > the Webaccess server? Looked at the webacc.cfg file for a switch, but
  > had no luck.
  >
  SOAP is a classic client/server relationship, where the POA is the server
  and Webaccess is the client. We put the certs just at the server for this
  bit.
  Not to be confused with the SSL encryption of the HTTPS that apache serves
  up as web server to the end user browser sessions for content that happens
  to be GW Webaccess.
  Andy of
  KonecnyConsulting.ca in Toronto
  Knowledge Partner
  http://forums.novell.com/member.php/75037-konecnya
  If you find a post helpful and are logged in the Web interface, please
  show your appreciation by clicking on the star below. Thanks!

• Configuration Profile for Apple Devices with ISE

  Hi,
  is there any possibility to put configuration profiles on apple device with the ise? I need to disable the dataroaming function in forgein countries for ipads.
  Best regards
  Felix

  Nice. Only trouble there seems to be multiple entry for same mac address there for same resource id.
  So when I try to get them as substring i get multiple copies of same mac address.
  But looks like this will work as solution to this problem.
  So far I was doing it this way (And i am sure there is clearer way to do it.)
  SUBSTRING((SELECT ',' + CAST(t2.MACAddress0 AS VARCHAR(40))
              FROM (SELECT DISTINCT ResourceID, MACAddress0 FROM  v_GS_NETWORK_ADAPTER) t2
              WHERE t2.ResourceID = ResourceID
              ORDER BY t2.ResourceID, t2.MACAddress0
              FOR XML PATH ('')
          ), 2, 100) [MACAddresses]

• How to configure sudo for particular command with arugment

  Hi All,
  I need to configure sudo for a below activity, Its working fine
  User_Alias NOC_L1_USER = baj33, edg246
  Host_Alias NOC_L1_HST = ch02520
  Cmnd_Alias NOC_L1_CMD = /bin/su - root -c /usr/bin/dsmc q backup "*"
  NOC_L1_USER NOC_L1_HST = NOPASSWD: NOC_L1_CMD
  But in that the danger thing is the user can able use restore argument also "/usr/bin/dsmc restore source target"
  Can someone help me how to use this particular command /usr/bin/dsmc q backup "*" alone ?
  Thanks,
  Senthilkumaran G

  I'm not sure I understand your question exactly. I think you want to run the TSM client command to view what's been backed up, but you don't want them to restore anything. If that's the case, I think you should quote the whole command.
  Cmnd_Alias NOC_L1_CMD = "/bin/su - root -c /usr/bin/dsmc q backup "*""
  I'm not sure how sudo is going to handle the quotes around the *.
  Brian

• How to configure SSL for Oracle Weblogic Server

  Hi,
  Please help me to configure SSL in oracle weblogic server.
  If possible, please provide step by step to configure SSL.

  this should help
  http://weblogic-wonders.com/weblogic/2010/05/19/configuring-ssl-on-weblogic-server-custom-identity-custom-trust/

• How to configure SSL in tomcat and transfer data through HTTPS.

  Hi all,
  I hav an urgent requirement for transfering data through HTTPS.But hav no idea how to achieve that,using SSL.
  For that i have to configure tomcat.What and all i hav to do
  download and which and all files i hav to alter for configuring the tomcat.
  seeking for ur help,
  thank you

  Multi-posted.
  http://forum.java.sun.com/thread.jspa?threadID=591116&messageID=3079266#3079266
  http://forum.java.sun.com/thread.jspa?threadID=591062&messageID=3078566#3078566
  http://forum.java.sun.com/thread.jspa?threadID=590987&messageID=3077736#3077736