Configuring Oc4j 9.0.2 for SSL
Hi,
I'm trying to enable oc4j 9.0.2 for SSL communication. I have created the certificate request using the Oracle Wallet Manager and received a signed certificate from CA. I refer my .der file created by OWM in the ssl-config tag-keystore attribute.
When i start my oc4j server, i receive the following error.
Error starting HTTP-Server: Unable to intialize SSLServerSocketFactory 'com.evermind.ssl.JSSESSLServerSocketFactory': Invalid keystore format
If i create a self-signed certificate with keytool, it works fine.
Can someone help me in this.
Thanks in advance.
Hi,
I found that Oracle Wallet Manager cannot be used with Oc4J-SO. KeyTool should be used instead. However certificates for HTTP server could be configured using the Wallet. It could then be configured to proxy the request to the oc4j using mod ssl. As my requirements are different, i did not try the latter. Hope this info is useful to someone working on a similar issue.
Thanks.
Similar Messages
-
How to configure OC4J using RMI/IIOP with SSL
Any help?
I just mange configure the OC4J using RMI/IIOP but base on
But when I follow further to use RMI/IIOP with SSL I face the problem with: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
p/s: I use self generate keystore which should be ok as I can use it for https connection.
Any one can help?
Below is the OC4J log:
D:\oc4j\j2ee\home>java -Djavax.net.debug=all -DGenerateIIOP=true -Diiop.runtime.debug=true -jar oc4j.jar
05/02/23 16:43:16 ================ IIOPServerExtensionProvider.preInitApplicationServer
05/02/23 16:43:38 ================= IIOPServerExtensionProvider.postInitApplicationServer
05/02/23 16:43:38 ================== config = {SEPS={IIOP={ssl-port=5556, port=5555, ssl=true, trusted-clients=*, ssl-client-server-auth-port=5557, keystore=D:\\oc4j\\j2ee\\home\\server.keystore, keystore-password=123456, truststore=D:\\oc4j\\j2ee\\home\\server.keystore, truststore-password=123456, ClassName=com.oracle.iiop.server.IIOPServerExtensionProvider, host=localhost}}}
05/02/23 16:43:38 ================== server.getAttributes() = {threadPool=com.evermind.server.ApplicationServerThreadPool@968fda}
05/02/23 16:43:38 ================== pool: null
05/02/23 16:43:38 ====================== In startServer ...
05/02/23 16:43:38 ==================== Creating an IIOPServer ...
05/02/23 16:43:38 ========= IIOP server being initialized
05/02/23 16:43:38 SSL port: 5556
05/02/23 16:43:38 SSL port 2: 5557
05/02/23 16:43:43 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): getEndpoint(IIOP_CLEAR_TEXT, 5555, null)
05/02/23 16:43:43 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): createListener( socketType = IIOP_CLEAR_TEXT port = 5555 )
05/02/23 16:43:44 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): getEndpoint(SSL, 5556, null)
05/02/23 16:43:44 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): createListener( socketType = SSL port = 5556 )
05/02/23 16:43:45 ***
05/02/23 16:43:45 found key for : mykey
05/02/23 16:43:45 chain [0] = [
Version: V1
Subject: CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
b1239fff 2ae5d31d b01a0cfb 1186bae0 bbc7ac41 94f24464 e92a7e33 6a5b0844
109e30fb d24ad770 99b3ff86 bd96c705 56bf2e7a b3bb9d03 40fdcc0a c9bea9a1
c21395a4 37d8b2ce ff00eb64 e22a6dd6 97578f92 29627229 462ebfee 061c99a4
1c69b3a0 aea6a95b 7ed3fd89 f829f17e a9362efe ccf8034a 0910989a a8573305
Validity: [From: Wed Feb 23 15:57:28 SGT 2005,
To: Tue May 24 15:57:28 SGT 2005]
Issuer: CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
SerialNumber: [ 421c3768]
Algorithm: [MD5withRSA]
Signature:
0000: 34 F4 FA D4 6F 23 7B 84 30 42 F3 5C 4B 5E 18 17 4...o#..0B.\K^..
0010: 73 69 73 A6 BF 9A 5D C0 67 8D C3 56 DF A9 4A AC sis...].g..V..J.
0020: 88 AF 24 28 C9 39 16 22 29 81 01 93 86 AA 1A 5D ..$(.9.")......]
0030: 07 89 26 22 91 F0 8F DE E1 4A CF 17 9A 02 51 7D ..&".....J....Q.
0040: 92 D3 6D 9B EF 5E C1 C6 66 F9 11 D4 EB 13 8F 17 ..m..^..f.......
0050: E7 66 58 9F 6C B0 60 7C 39 B4 E0 B7 04 A7 7F A6 .fX.l.`.9.......
0060: 4D A5 89 E7 F4 8A DC 59 B4 E7 A5 D4 0A 35 9A F1 M......Y.....5..
0070: A2 CD 3A 04 D6 8F 16 B1 9E 6F 34 40 E8 C0 47 03 ..:[email protected].
05/02/23 16:43:45 ***
05/02/23 16:43:45 adding as trusted cert:
05/02/23 16:43:45 Subject: CN=Client, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
05/02/23 16:43:45 Issuer: CN=Client, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
05/02/23 16:43:45 Algorithm: RSA; Serial number: 0x421c3779
05/02/23 16:43:45 Valid from Wed Feb 23 15:57:45 SGT 2005 until Tue May 24 15:57:45 SGT 2005
05/02/23 16:43:45 adding as trusted cert:
05/02/23 16:43:45 Subject: CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
05/02/23 16:43:45 Issuer: CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
05/02/23 16:43:45 Algorithm: RSA; Serial number: 0x421c3768
05/02/23 16:43:45 Valid from Wed Feb 23 15:57:28 SGT 2005 until Tue May 24 15:57:28 SGT 2005
05/02/23 16:43:45 trigger seeding of SecureRandom
05/02/23 16:43:45 done seeding SecureRandom
05/02/23 16:43:45 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): getEndpoint(SSL_MUTUALAUTH, 5557, null)
05/02/23 16:43:45 com.sun.corba.ee.internal.iiop.GIOPImpl(Thread[Orion Launcher,5,main]): createListener( socketType = SSL_MUTUALAUTH port = 5557 )
05/02/23 16:43:45 matching alias: mykey
matching alias: mykey
05/02/23 16:43:46 ORB created ..com.oracle.iiop.server.OC4JORB@65b738
05/02/23 16:43:47 com.sun.corba.ee.internal.corba.ClientDelegate(Thread[Orion Launcher,5,main]): invoke(ClientRequest) called
05/02/23 16:43:47 com.oracle.iiop.server.OC4JORB(Thread[Orion Launcher,5,main]): process: dispatching to scid 2
05/02/23 16:43:47 com.oracle.iiop.server.OC4JORB(Thread[Orion Launcher,5,main]): dispatching to sc [email protected]7
05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ClientDelegate(Thread[Orion Launcher,5,main]): invoke(ClientRequest) called
05/02/23 16:43:48 com.oracle.iiop.server.OC4JORB(Thread[Orion Launcher,5,main]): process: dispatching to scid 2
05/02/23 16:43:48 com.oracle.iiop.server.OC4JORB(Thread[Orion Launcher,5,main]): dispatching to sc com.sun.corba.ee.internal.corba.ServerDelegate@9300cc
05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ServerDelegate(Thread[Orion Launcher,5,main]): Entering dispatch method
05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ServerDelegate(Thread[Orion Launcher,5,main]): Consuming service contexts, GIOP version: 1.2
05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ServerDelegate(Thread[Orion Launcher,5,main]): Has code set context? false
05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ServerDelegate(Thread[Orion Launcher,5,main]): Dispatching to servant
05/02/23 16:43:48 com.sun.corba.ee.internal.corba.ServerDelegate(Thread[Orion Launcher,5,main]): Handling invoke handler type servant
05/02/23 16:43:48 NS service created and started ..org.omg.CosNaming._NamingContextExtStub:IOR:000000000000002b49444c3a6f6d672e6f72672f436f734e616d696e672f4e616d696e67436f6e746578744578743a312e30000000000001000000000000007c000102000000000c31302e312e3231342e31310015b3000000000031afabcb0000000020d309e06a0000000100000000000000010000000c4e616d65536572766963650000000004000000000a0000000000000100000001000000200000000000010001000000020501000100010020000101090000000100010100
05/02/23 16:43:48 NS ior = ..IOR:000000000000002b49444c3a6f6d672e6f72672f436f734e616d696e672f4e616d696e67436f6e746578744578743a312e30000000000001000000000000007c000102000000000c31302e312e3231342e31310015b3000000000031afabcb0000000020d309e06a0000000100000000000000010000000c4e616d65536572766963650000000004000000000a0000000000000100000001000000200000000000010001000000020501000100010020000101090000000100010100
05/02/23 16:43:48 Oracle Application Server Containers for J2EE 10g (9.0.4.0.0) initialized
05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.ConnectionTable(Thread[JavaIDL Listener,5,main]): Server getConnection(119e583[Unknown 0x0:0x0: Socket[addr=/127.0.0.1,port=1281,localport=5556]], SSL)
05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.ConnectionTable(Thread[JavaIDL Listener,5,main]): host = 127.0.0.1 port = 1281
05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.ConnectionTable(Thread[JavaIDL Listener,5,main]): Created connection Connection[type=SSL remote_host=127.0.0.1 remote_port=1281 state=ESTABLISHED]
com.sun.corba.ee.internal.iiop.MessageMediator(Thread[JavaIDL Reader for 127.0.0.1:1281,5,main]): Creating message from stream
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, handling exception: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, SEND TLSv1 ALERT: fatal, description = unexpected_message
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, WRITE: TLSv1 Alert, length = 2
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called closeSocket()
05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.ReaderThread(Thread[JavaIDL Reader for 127.0.0.1:1281,5,main]): IOException in createInputStream: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
05/02/23 16:45:14 javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.d(DashoA12275)
05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA12275)
05/02/23 16:45:14 at com.sun.corba.ee.internal.iiop.messages.MessageBase.readFully(MessageBase.java:520)
05/02/23 16:45:14 at com.sun.corba.ee.internal.iiop.messages.MessageBase.createFromStream(MessageBase.java:58)
05/02/23 16:45:14 at com.sun.corba.ee.internal.iiop.MessageMediator.processRequest(MessageMediator.java:110)
05/02/23 16:45:14 at com.sun.corba.ee.internal.iiop.IIOPConnection.processInput(IIOPConnection.java:339)
05/02/23 16:45:14 at com.sun.corba.ee.internal.iiop.ReaderThread.run(ReaderThread.java:63)
05/02/23 16:45:14 Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.InputRecord.b(DashoA12275)
05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA12275)
05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
05/02/23 16:45:14 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
05/02/23 16:45:14 ... 6 more
05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.IIOPConnection(Thread[JavaIDL Reader for 127.0.0.1:1281,5,main]): purge_calls: starting: code = 1398079696 die = true
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called close()
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called closeInternal(true)
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called close()
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called closeInternal(true)
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called close()
05/02/23 16:45:14 JavaIDL Reader for 127.0.0.1:1281, called closeInternal(true)
05/02/23 16:45:14 com.sun.corba.ee.internal.iiop.ConnectionTable(Thread[JavaIDL Reader for 127.0.0.1:1281,5,main]): DeleteConn called: host = 127.0.0.1 port = 1281Good point, I do belive what you are referring to is this:
Any client, whether running inside a server or not, has EJB security properties. Table 15-2 lists the EJB client security properties controlled by the ejb_sec.properties file. By default, OC4J searches for this file in the current directory when running as a client, or in ORACLE_HOME/j2ee/home/config when running in the server. You can specify the location of this file explicitly with the system property setting -Dejb_sec_properties_location=pathname.
Table 15-2 EJB Client Security Properties
Property Meaning
# oc4j.iiop.keyStoreLoc
The path and name of the keystore. An absolute path is recommended.
# oc4j.iiop.keyStorePass
The password for the keystore.
# oc4j.iiop.trustStoreLoc
The path name and name of the truststore. An absolute path is recommended.
# oc4j.iiop.trustStorePass
The password for the truststore.
# oc4j.iiop.enable.clientauth
Whether the client supports client-side authentication. If this property is set to true, you must specify a keystore location and password.
# oc4j.iiop.ciphersuites
Which cipher suites are to be enabled. The valid cipher suites are:
TLS_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_MD5
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
SSL_RSA_EXPORT_WITH_RC4_40_MD5
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
nameservice.useSSL
Whether to use SSL when making the initial connection to the server.
client.sendpassword
Whether to send user name and password in clear form (unencrypted) in the service context when not using SSL. If this property is set to true, the user name and password are sent only to servers listed in the trustedServer list.
oc4j.iiop.trustedServers
A list of servers that can be trusted to receive passwords sent in clear form. This has no effect if client.sendpassword is set to false. The list is comma-delimited. Each entry in the list can be an IP address, a host name, a host name pattern (for example, *.example.com), or * (where "*" alone means that all servers are trusted. -
How to configure apache for ssl in windows platform
hi all,
can anyone help me expalin how to configure apache for ssl in windows platform.George,
I would take the following 'first steps'
1)Install Apache20 on your Windows machine following the Apache online documentation
http://httpd.apache.org/docs-2.0/misc/tutorials.html
2)Make sure you can 'serve up' static HTML content from your Apache Server
3)Install Weblogic Server per our online documentation
http://edocs.bea.com/wls/docs61/install/index.html
4)Also, make sure you can 'serve up' both static and dynamic (e.g., JSP) content
directly from WLS server
5)Once you have both of the above 'sanity' checks attempt to configure a simple
proxy by ppath or mime type via our online documentation
http://edocs.bea.com/wls/docs61/adminguide/apache.html#103803
Chuck Nelson
DRE
BEA Technical Support -
I am following the instructions (help.sap.com) for applying SSL but they are slightly confusing.
1. You apply the SSL to J2EE
2. You have to have the Key Storage Server running - but how do you ensure that it is? Is it by default when the J2EE is running
3. I want to use Verisign Certificates so I suppose that I generate a certificate signing request - do I have to create an entry first under the service_ssl view of the Visual Adminstrator or is this only if I am using a test CA.
4. I then get the certicate back from Verisign and import it into the J2EE.
I assume I can them call my portal on the secure port:
https://myportal.com:500003/irj
Where do I find the secure ports and do I have to do anything in the portal?
Thanks
PatrickHi,
I have gone through this document but still i am not able to achieve SSL. These are the steps that i have performed. Do let me know if i have missed out something.
Creating the Server's Key Pair to Use for SSL:
1) Visual Administrator -> KeyStore -> Views (service_ssl) -> 2 Enteries (ssl-credentials, ssl-credentials-cert). I would like to use ssl-credentials for testing purpose. So if i am not wrong, i don't need to do anything here.
2) Assigning the Key Pair to Use for a Specific SSL Port:
I have configured as described in the document.
3)Managing the Credentials and Trusted Certificates to Use SSL:
Is it necessary to select one of these:
Request client certificate
Require client certificate
Can't i use the default, Do not request client certificate ?
I have used Request client certificate and added, SAPServerCA and SAPPassportCA.
4) Configuring the Use of Client Certificates for Authentication
Here the pre-requisite says "The SAP J2EE Engine is configured to support SSL", what does that mean? How do i cross check this ?
The rest of the steps are performed.
Is there anything else that has to be taken care of ?
Thanks in advance.
Regards,
Sunil -
Hi Guys,
My scenario is SOAP-Proxy and i need to send the data to a remote system using SSL. I am using the XI adapter on the receiver side.
I have installed the sap crpto lib on the ABAP stack, I am confused whether i need to do it on ABAP or Java ?
any help would be appreciated
Thanks,
RajHi Raj,
You need to install crypto lib for both ABAP and Java stack.
Reason for this is that all ABAP adapters (IDoc, HTTP etc.) all depends on the crypto lib installed on ABAP stack, and all JAVA adapters (SOAP, FILE/FTP etc.) all depends on the crypto lib installed on JAVA stack.
Configuring the SAP Web AS for Supporting SSL - ABAP
http://help.sap.com/saphelp_nw70/helpdata/en/65/6a563cef658a06e10000000a11405a/frameset.htm
Installing the SAP Cryptographic Library on the AS Java
http://help.sap.com/saphelp_nw70/helpdata/en/9b/29f63def83c452e10000000a114084/frameset.htm
SAP NetWeaver Process Integration Security Guide
http://help.sap.com/saphelp_nw70/helpdata/en/f7/c2953fc405330ee10000000a114084/frameset.htm
SAP NetWeaver Security Guide
http://help.sap.com/saphelp_nw70/helpdata/en/8c/2ec59131d7f84ea514a67d628925a9/frameset.htm
Best regards,
Jacob -
How to get certificates "signed" for SSL configuration
I have configured EID 3.1 to use SSL, The generate_ssl_keys utility was used to generate the SSL certificates, but when we login to studio we get the "The site's security certificate is not trusted!" message. Has anyone got any advise on how to get the certificates generated signed by a CA?
In EID 3.1, the generate_ssl_keys utility is used to create a local CA and certificates for securing access to Endeca Server. Studio uses these certificates/keys internally to access the secured Endeca Server. These certificates are normally only used to internally secure Studio and Endeca Server (and Provisioning Service) communications.
Securing Studio with SSL/TLS from the client browser to Studio is a separate task. The documentation topic is http://docs.oracle.com/cd/E40518_01/studio.310/studio_security/toc.htm#Configuring%20SSL%20on%20the%20Studio%20application%20server which contains links to the application server topics. This is primarily an application-server task - you would follow the instructions for the application-server and/or your certificate/CA supplier, so you end-up with trusted certificates.
One common configuration is to secure Studio SSL/TLS terminated on a reverse-proxy such as OHS, so you may want to consider this option. -
Can port 25 be used for SSL-enable SMTP server ?
Hi,
Our customer is using port 25 for a SSL-enabled SMTP server without certificate. When our email client tried to connect to it, the following exception thrown:
DEBUG SMTP: exception reading response: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
Since we don't want to ask our customer to change their port configuration unless absolutely necessary, we did some tests with our own SSL-enabled SMTP server that uses certificate. Here is what I got:
1) with port 25, got the same exception as above;
2) with port 465, worked fine;
3) with any other randomly pick up valid port, worked fine.
This made me wonder if 25 is for non SSL SMTP server ONLY. By the way, I'm using Javamail 1.3.4 and JSDK 1.4.2_02. My question is whether we can configure javamail so that port 25 can be used by SSL-enabled SMTP server?
Your help will be appreciated.Yes, port 25 is intended for non-SSL servers only, although that doesn't
prevent a client from making a plain text connection and then using the
STARTTLS command to switch the connection to SSL/TLS. JavaMail 1.4
supports that usage.
You can configure JavaMail to use port 25 for SSL connections if you
really want to. JavaMail 1.3.x requires you configure an appropriate
socket factory to get SSL connections; you can configure whatever port
you want for use with that socket factory. -
How to set the Certifcate to use for SSL when more than one available?
I apologise for bad wording of question.
We have a 11g Directory Server and when we created the directory instance it generated a self-signed certificate. very nice.
We have recently requested and installed a CA signed certifcate, so we now have TWO certificates in the directory certificate store. Default Certificate and the new Server-Cert (the CA signed one)
LDAP clients STILL seem to be presented with the self-sgned certificate though.
Simple question... how do I make my Server-Cert the 'default' certificate presented to LDAP clients ???
I would rather not delete the self-signed cert if possible.
I cant find any documented method to achieve this.# Listing Certificate
$ /certutil -L -d <path>/slapd-abc/alias -P slapd-
# Add Trust by adding CT
$ certutil -M -n "GeoTrust DV SSL CA" -t CT,, -d <path>/slapd-abc/alias -P slapd-
# Verify the setup.
$ certutil -L -d <path>/slapd-abc/alias -P slapd-
( You should see the CT beside the relevant cerficate, making it default for SSL communication )
GeoTrust DV SSL CA CT,,
Link : http://docs.oracle.com/cd/E19656-01/821-1504/6nmg10b6g/index.html ( Look around for different steps for configuring SSL )
JPrince -
How to configure CoSign Electronic Digital Signatures for UCM 11g
Hi everyone,
current I am doing a UCM poc with CoSign Electronic Digital Signature for a customer, this case is that when user approve a check-in PDF document in workflow, the user can use "sign and approve" to invoke the electronic digital signature action.
since ECM 11g is based on weblogic, I configured the keystore for the weblogic as the below steps:
1) use keytool to import a keystrore file just as cosigncert.jks from the cert file which provided by the vendor CoSign.
2) Security Realms->myRealm->Providers->Credential Mapping, create a new provider using "PKI Credential Mapping Provider" and configure the storekey cosigncert.jks for this provider.
3) Security Realms->myRealm->Providers->Authentication, select DefaultIdentityAsserter and add x509
4) configure storekey for AdminServer and UCM managerServer using cosigncert.jks
5) configure SSL for AdminServer and UCM managerServer.
after finishing this steps, access the UCM console to do the approve with siginature. but it always throw "can not find the validate certification path"
does any one know which step missing?
Thanks & Regards
shifengTake a look at this chapter in the manual http://docs.oracle.com/cd/E23943_01/doc.1111/e10978/c03_repository.htm#CSMRC1611
(Electronic Signature is now a feature of WebCenter Content; if you are looking for a 3rd party solution for signatures, but perhaps also timestamps, check what partners can do for you) -
Using HttpSupport library for SSL with User Id/Password
Does anybody know how to use UDS HttpSupport library for SSL connection which requires user id and password?
Got no problem so far in getting pages using https and HttpBaseRequest but can't figure out how to setup user id and password for logging in to server. Have tried https://userid:password@server/... but UDS treated password@server as the port!
Any help is appreciated.I assume you mean that you need to provide the password needed for a certificate for SSL authentication.
For both client and server, these are configuration items.
If you want to do HTTP authorization, which is not related to SSL, you should use the Authorization and WWW-Authenticate (in a 401 response) to get a user name and password to the server. -
Up gradation Issues from 11.1.2.1 to 11.1.2.2 especially for SSL envrionmen
Hi All,
We are going for an up gradation from Hyperion 11.1.2.1 to Hyperion 11.1.2.2. All the products configured with SSL. I would like to know whether is there an impact in SSL configuration or not.
Products Installed in Hyperion 11.1.2.1 in Distributed Environment
Hyperion Planning
HFM
FR
ThanksIf you are configuring EPM System products for SSL, the configuration sequence and selections that you make during configuration depend on the type of SSL implementation you choose.
http://docs.oracle.com/cd/E17236_01/epm.1112/epm_security_1112200.pdf -
Problem to configure Blink Pro (App). Error SSL certificate verification error (PJSIP_TLS_ECERTVERIF) (503)
Hi, William
My question is if you can help me and support me to configure the Blink Pro App, I have a Mac Book Air, OS X 10.9.1.
hope for your answer -
How to install a root certificate of private CA for SSL initiation in ACE 4710 ?
Hello ACE Gurus,
We have to deploy end-to-end SSL for one of our application, but of course we won't be buying Entrust or other big name certificates for each web server : we want to use self-issued certs signed by our private CA.The topology looks like this :
Internet Client ----HTTPs_Entrust_Cert----> ACE ------HTTPs_Private_Cert------> WebServers
Maybe my search skills are soft, but I haven't found how to import a private CA certificate in the ACE, so that when the ACE initiates an SSL session with the webserver (as a client), it will recognize the Web Server's SSL Cert as valid, because he already has it in it's root store.
The only thing I've found, is how to configure the ACE to ignore the SSL authentification/validation errors, like this :
host1/Admin(config)# parameter-map type ssl SSL_PARAMMAP_SSL
host1/Admin(config-parammap-ssl)# authentication-failure ignore
Thanks for the help!
Alex.Hi Alex,
From ACE perspective, it doesn't make differences if you are using certificates issued by your local or a "well known" CA. Moreover, if not mistaken, you have to configure authentication group whatever you are doing client or server authentication.
http://www.cisco.com/en/US/partner/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA4_1_0/configuration/ssl/guide/certkeys.html#wp1043643
Thanks,
Olivier -
Configuring OC4J with webcache
Hi All,
I have requirement of configuring OC4J with webcache.
I got an OC4J903 standalone server and webcache is seperately installed.
I am able to get the webchacheadmin screen and i am now stuck with how to go ahead.
looking forward for help.
thanks in advance,
SudhaI assume the Web Cache you have is the 9.0.2.0 standalone. First of all, patch your Web Cache 9.0.2.0 standalone to the latest level you can find on Metalink. This is currently 9.0.2.2bp1 (on Solaris).
(You can use Web Cache 9.0.2.x with OC4J 9.0.3.x.)
Next, follow the steps in the Oracle9iAS Web Cache Administration and Deployment Guide, accessible from OTN. Chapter 6 of this guide is a good place to start, although Parts I and II are useful in their entirety.
Your basic steps are going to be:
- access the Web Cache Manager admin UI (hostname:4000 is the default); default uname/pwd is administrator/administrator
- make sure Web Cache is listening on the desired port(s)
- define a site
- configure application web server settings (in this case, your OC4J standalone) from which to fetch fresh content
- configure site-to-server mappings; you can map more than one application server to a site (enables load balancing)
- configure caching, compression and expiration rules and/or modify your application to use ESI
- don't forget to apply changes and restart
Still, I would really advise using the manual and online help to get started. It's easy once you grasp the concepts described in the manual. -
hi dear to all
i am new to http tunneling.
i want to know how should i confignure the SSL between the webserver to database server. because i want to send/receiver the data from database. i want to know how should i configure the ssl in sever? is there any options for that? what r the softwares required for that? if it is not possible manually if write the code for SSL ; is it possible to keep between server and database. if u have the code please provide me.
thank u
regards
krishnahi, that error got solved, the SessID i was receiving in that code had some leading or trailing white spaces. so SessID = SessID.trim() did the job.
But i have a question. This program workd fine when i compile and run from my local system. But when i port this on to the oracle server (JAVA_TOP) and access this from a JSP, then the program performs very un-reliably.
The first data transfer works fine, i get the SessID, when i pass that SessID along with the DTSSessionID to the server, the server says that i doesn't recognise my SessID, and throws a client.Authentication Error.
So there goes the parsing out of the window for the data in the second iteration.
Maybe you are looking for
-
Help me keep unlimited data. reps being extremely rude and not helping...
So I don't want to make this long and boring so I'm going straight to the point. I am grandfathered in and I know there are many discussions on here about this but I need serious help. I don't know what to do. Long story short, I went to my local nor
-
Hi Experts.. We currently installed SAP in the Cleint PC. Upon log in, the system was nos able to open SAP. Error message is " [Miscrosoft SQL NAtive Client] Unable to lcomplete og in due to delay in opening server connection. Can someone help me wh
-
When I attempt to sign out of Hot Mail by clicking "Sign Out," I get the "Sign In" instruction as I always have, however, the green Firefox navigation button remains on bright green (not going to gray) and my MSN home page will not close automaticall
-
Why does "\n" become a solid black rectangle
The problem happens when i put a string named "myString" into a file, which is produced by my program as a text file. "myString", which holds something like this "abcd" + "\n" + "efg". But after the program ran and i opened the produced file, the for
-
How do I record myself singing and playing and still be able to manipulate the volume of either the voice or the guitar? Or is that possible? I have a single mic.