Configuring SSL/SSF on MiniWAS
Has anyone successfully configured SSL/SSF on the MiniWAS system? I have downloaded both the SAP security and cryptographic libraries and placed the files in my root directory. In transaction STRUST my system PSE is in a red status, when I try to view the certuficate is prompts for a password but I have no idea what this is. If I recreate the PSE I get the same issue.
Thanks,
Pete
Hi Craig,
did you succeed on activating SSF? I tried the whole weekend to establish a correct installation of the SSF (SAPSYS.pse). In transaction strust there is always an error(error during test signature), and the system ist asking for a password?
SM21: SSF_KRN_SIGN_BY_AS: Function Returned 5
1) I searched a lot of notes
2) downloaded the newest secu-libs, installed them
3) Recreated the .pse, deleted it, ...
4) tried to import a manual generated SAPSYS.pse (sapsecin, also sapgenpse (try - crypto - not necessary)
5) searched all dev_* o.k. SSF ist correcty initialized
6) tried to set the W2K environment variables USER/SECUDIR
I patched my SAPDB to 7.3.0.54, my kernel is 1609, Service Packs SAPKB62046, SAPKA62046.
PS: What i really want to do is to connect to a Content Server 6.30 (signed http request)
Regards,
Christian
Similar Messages
-
Configuring SSL to make a HTTPS web Service call from XI
Hi All,
We are making a <b>https web service call</b> using soap adapter from XI. Looking at the various posts and SAP help links, we are configuring SSL for the same.
The procedure given in SAP help has been followed to configure SSL but with no luck. If someone had done this could you please give a <b>step by step procedure</b> to configure SSL, we might have missed out on something.
Also are there are <b>any other settings apart from SSL</b> to be done to make a https web service call using soap adapter from XI.
Cheers,
Chandrauser13046122 wrote:
I have an old pl/sql "helper" package, originally written to make SOAP Web Service calls from the database - it uses UTL_HTTP to invoke the target services.
I now need to make SOAP Web Service calls - from an 8.1.7.4 database
But the version of UTL_HTTP inside 8.1.7.4 does not contain the functions needed in the helper package
Can anybody suggest a means of making SOAP Web Service calls from an 8.1.7.4 database ?I think you'll be very lucky to find anyone here who still has access to a version of Oracle that is that old.... I mean... that's like what? 15 years old at least? I'm surprised you've still got hardware that can run that.
It would probably help if you could post what code you've got and explain which function(s) it's complaining about, as I doubt people will want to guess. -
Configure SSL in J2SE Plain adapter
I tryed to configure SSL in J2SE Plain adapter. (7.0)
I've generated a certificate file "certif_file.cer" and
while I put in GUIBrowserEngine Property File the following
line:
HTTP.SSLcertificate=F:\tech_adapter_70\certif_file.cer
I've got the following error message:
16:19:10 : Error(s) in GUIBrowserEngine configuration
parameters found:
ERROR: Certificate file 'F: ech_adapter_70certif_file.cer' not
found, must quit!
It seems that something wrong with my definition of full path
to this file. But I do not find from SAP Library any solution
about this problem.
Could you help me?Hi Boris,
Please try to give the full path using backslash '/' :
e.g. F:/tech_adapter_70/certif_file.cer
I hope it will work.
The J2SE Adapter Engine uses SSL only for communication line encryption, not for client and server authentications. Since this is a drawback with respect to security, you should use the J2EE Adapter Engine in insecure environments.
All configuration data for the Plain J2SE Adapter Engine is maintained in flat property files.The file for the engine administration data itself is located in the following directory:
<installation directory>/tech_adapter/BaseConfiguration
The file for the adapter configuration data is located in the following directory:
<installation directory>/tech_adapter/Configuration
The adapters of the Plain J2SE Adapter Engine are configured locally and not in the Integration Directory. Exchanged messages are also stored directly in the file system.
Therefore, ensure that only the operating system user, who has started and therefore owns the adapter engine process, can read the property files and has access to the directories used for message exchange.
*Pls: Reward points if helpful*
Regards,
Jyoti
Edited by: Jyoti Acharya on Dec 19, 2007 5:05 PM -
Error while configuring SSL in OID 11g - LDAP 50 Insufficient Access rights
HI,
I am trying to configure SSL in OID 11g.As per the doc http://download.oracle.com/docs/cd/E12839_01/oid.1111/e10029/ssl.htm#CBHGBGAF ,i tried creating a Self-Signed Wallte using Fusion Middleware control,But i am getting an error LDAP 50: Insufficient access rights".I logged into Fusion Middle Ware control as Weblogic user.Is anybody faced this issue?.Thanks in advance.I am not sure how you tried, but I would recommend to do the following...
1. Add the 'user1' to "OU=Franchisees,ou=People,dc=company,dc=com"
2. Delete the 'user1' from 'OU=Internal,ou=People,dc=company,dc=com' -
Do i have to configure ssl on cisco unified provisioning manager for it to work
Here is the code
#include <userint.h>
#include "iface.h"
#define DAQmxErrChk(functionCall) if( DAQmxFailed(error=(functionCall)) ) goto Error; else
int write_onoff(uInt8 HL, const char linename[])
int error=0; // error code (initialized to zero i.e. no error)
TaskHandle taskHandle=0; // task ID for DAQmx
char errBuff[2048]={'\0'}; // error message
// DAQmx Configure Code
SetWaitCursor(1);
DAQmxErrChk(DAQmxCreateTask("", &taskHandle));
DAQmxErrChk(DAQmxCreateDOChan(taskHandle, linename, "", DAQmx_Val_ChanPerLine ));
// DAQmx Start Code
DAQmxErrChk(DAQmxStartTask(taskHandle));
// DAQmx Write Code
DAQmxErrChk(DAQmxWriteDigitalU8(taskHandle, 1, 1, 10.0, DAQmx_Val_GroupByChannel, &HL, NULL, NULL));
Error:
SetWaitCursor(0);
if (DAQmxFailed(error)) DAQmxGetExtendedErrorInfo(errBuff, 2048);
if (taskHandle!=0)
// DAQmx Stop Code
DAQmxStopTask(taskHandle);
DAQmxClearTask(taskHandle);
if (DAQmxFailed(error)) MessagePopup("DAQmx Error", errBuff);
return error;
} // end write_digital_line
int CVICALLBACK test (int panel, int control, int event, void *callbackData, int eventData1, int eventData2)
uInt8 onoff=0;
if (event==EVENT_COMMIT)
GetCtrlVal(panel, control, &onoff);
write_onoff(onoff, "Dev1/port0/line0");
return 0; // return 0 to tell the system the message has been handled -
Configuring SSL in Oracle Apps 11.5.10.2
Hi,
I am in the process of configuring SSL in oracle apps 11.5.10.2.
I am a bit confused with the Note ID: 123718.1. Could you please clarify me on the below things?
1. SSL can be implemented at three levels,
(a) Oracle Web/Apache Server Level
(b) Oracle Form Server Level
(c) Oracle Database Level
Can Implement SSL on any one or any two component levels? As per Note:123718.1, we MUST configure SSL for both the Oracle HTTP Server and Oracle Forms Level and these cannot be configured independently.
2. As per the Note ID: 123718.1, Option 2.1. Certificate Provisioning for Oracle HTTP Server
Point b in point 2 says to execute "$OPENSSL_TOP/bin/openssl sha1 or* > $HOME/.rnd"
But which will be the OPENSSL_TOP?
Please advise on these above two queries.
Thanks in advance
Regards,
SravanThanks Hussien,
I have completed SSL configuration at all level including database. Forms are not getting launched. I am getting below error in the Java Console.
Java Plug-in 1.6.0_23
Using JRE version 1.6.0_23-b05 Java HotSpot(TM) Client VM
User home directory = C:\Documents and Settings\sdalav
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
proxyHost=null
proxyPort=0
connectMode=HTTPS
Exception in thread "thread applet-oracle.forms.engine.Main-2" java.lang.NoClassDefFoundError: oracle/security/ssl/OracleSSLSocketFactory
at oracle.forms.net.HTTPSStream.<init>(Unknown Source)
at oracle.forms.net.HTTPConnection.connect(Unknown Source)
at oracle.forms.engine.Runform.initConnection(Unknown Source)
at oracle.forms.engine.Runform.startRunform(Unknown Source)
at oracle.forms.engine.Main.createRunform(Unknown Source)
at oracle.forms.engine.Main.start(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.ClassNotFoundException: oracle.security.ssl.OracleSSLSocketFactory
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
... 8 more
Caused by: java.io.IOException: open HTTP connection failed:https://sandispa.bp.com:8443/OA_JAVA/oracle/security/ssl/OracleSSLSocketFactory.class
at sun.plugin2.applet.Applet2ClassLoader.getBytes(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.access$000(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
... 13 more
Thanks,
Sravan -
NPE when configuring SSL in 9.2
Hi all,
I'm trying to configure SSL on WLS 9.2 mp4 but am getting a NullPointerException with no additional helpful information.
I'm using "Custom Identity and Java Standard Trust." I think the location, type, and password of my identity keystore are correct.
This is the output I'm getting:
####<Jun 7, 2011 11:02:05 AM CDT> <Debug> <SecuritySSL> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1307462525894> <000000> <SSLContextManager: initializing SSL context for channel DefaultSecure>
####<Jun 7, 2011 11:02:05 AM CDT> <Debug> <SecuritySSL> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1307462525894> <000000> <SSLContextManager: loading server SSL identity>
####<Jun 7, 2011 11:02:05 AM CDT> <Debug> <SecurityEncryptionService> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1307462525894> <000000> <1307462525894 : [ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)' : starting decrypt operation>
####<Jun 7, 2011 11:02:05 AM CDT> <Debug> <SecurityEncryptionService> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1307462525894> <000000> <1307462525894 : [ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)' : done with decrypt operation>
####<Jun 7, 2011 11:02:05 AM CDT> <Notice> <Security> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1307462525894> <BEA-090171> <Loading the identity certificate and private key stored under the alias weblogicssl from the JKS keystore file c:\projects\ssl\keystore.>
####<Jun 7, 2011 11:02:05 AM CDT> <Error> <WebLogicServer> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1307462525894> <BEA-000297> <Inconsistent security configuration, java.lang.NullPointerException>
####<Jun 7, 2011 11:02:05 AM CDT> <Error> <Server> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1307462525894> <BEA-002618> <An invalid attempt was made to configure a channel for unconfigured protocol "null".>
I've turned on all the debug output I can find.
I also wrote a little java program that reads the keystore and prints out its contents. Nothing looks wrong to me. I also tried using a known-good keystore from one of our other servers, both in my test app and in WL. Test app shows the same output for both stores with the exception of the things I expect to be different, like DN. WL also fails with the same error.
Any idea what the problem is or how to debug this further?
thanksThanks for the response.
That is the correct name. I should probably change it to keystore.jks but I was following the example of the common trust store named cacerts.
SSL is enabled with port 7002.
JVM versions are the same.
Keytool works fine with it. It shows 1 cert, which is what I expect. The alias is correct. I know the keystore password but I don't know the private key password. I might try generating a new pw and make sure to set and remember a pw on the key itself.
thanks -
Need info to configure SSL for Portal Server in EP6SP2
Hello,
We need to configure SSL for Portal Server. We are using J2EE 6.20 Patch 25 and EP6SP2P4. The ITS is already using https and it creats lots of Session issues since Portal is not in https.
Is there any OSS Note or How to guide to configure Portal to use SSL.
Thanks.
- PKHi Marcel,
Thanx for your Post, I have a Question, we will use CISCO for load balancing and SSL termination but I have a big issue, the URL in the portal applciation is always the same ant the URL in the borwser, I guess al the other URL´s are in the Frames, how will we configure the SSL termination for the login page in example if the URL in the Browser appears always the same?
Thanx in Advanced!!! -
Configure SSL Throughout Portal in 10.1.2.0.2
My installation is going to contain both the Infrastructure (IM, SSO) as well as the Middle-tier (Portal) and I want to later configure SSL. Oracle says in the documentation that the servername must be different for each home. I'm thinking that I will use the hosts file to alias the IP address but I'm not sure if the installer looks at the file or somewhere in the system to get the machine name. I don't want to change the machine name after the infrastructure installation has completed but I can change the hosts file and the order of the alias names. Has anyone successfully done this before that can point me in the right direction?
Thanks,
DeniseI've looked at the tool but my concern is having the infrastructure & midtier on the same box. I want to make sure that the initial installation is correct since each installation requires a different server name for ssl to work.
Has anyone done this and gotten it to work? Suggestions, or things to look out for?
Thanks,
Denise -
How to configure SSL for SOA BPM/Webcenter 11.1.1.3
Hi,
I have installed BPM 11.1.1.3 and Webcenter 11.1.1.3 in the same HOME. First installed BPM and then extended the domain for webcenter. During the installation I selected the SSL check-box also. Now how do I disable the HTTP and enable only HTTPS. I need to configure SSL can someone please provide some steps or a link to some document around SSL configuration of BPM/Webcenter 11.1.1.3.
ThanksHi,
Anyone I too am looking for the same info.
Thanks -
How configure SSL for Oracle Lite
Hi all,
I'm trying to configure SSL but I've many doubts.
I already have one SSL certificate, I read in the documentation that is necessary to use the keytool.
Someone can help me for use this tool?
tks,
Eversonthis should help
http://weblogic-wonders.com/weblogic/2010/05/19/configuring-ssl-on-weblogic-server-custom-identity-custom-trust/ -
Unable to configure SSL certificate on Apex
I am trying to configure ssl certificate in one apex application.
http://docs.tpu.ru/docs/oracle/en/oas/10.1.2.0.0/web.1012/b14007/ssl.htm#i1031859
as per the above document first step is create a wallet with SSL certificate information.
While creating wallet i am trying to import the CA certificate and User Certificate.
But i am not able to import the certificates properly. I am getting error messages.
Error Message :
User certificate installation failed
Possible Errors;
-- Input was not a valid certificate.
-- No matching certificate was found
-- CA certificate is needed for certificate chain not found please install it first.
What could be the reason for this. and solution for this problem ?Yes I am using OWM ( Oracle Wallet Manager)
First I have created a new wallet and then i did create service request.
Then Import user certificate and import CA certitificates are enabled.
Then tried to import the certificates above mentioned errors are coming.....
Yes first i imported the CA certificate then i imported the user certificate using the wallet manager. I used the copy - paste certificate method while importing.
Any how if do import user certificate first it will show an error saying install ca certificate first.
Message was edited by:
Santhosh Kumar T -
Is it possible to achive the following:
-myhost is a web server.
-myweb1 is a virtual web located on myhost, so, it is an DNS alias of myhost. it's SSL runs on the server myhost.
-myhost2 is another virtual web located on myhost and it is an DNS alias of myhost also. it has another key/cert and run SSL on the server myhost also.
I have been asked to configure SSL termination on my CSS11506 to offload the SSLs trafic.
Could anyone advice me for a VIP, (myhost), can I use two key/CA? if so, how do I configure them?
Any comments will be appreciated
Thanks in advance.ssl-proxy-list ssl-slot3
ssl-server 31
............. -> the one which working fine.
ssl-server 14
ssl-server 14 vip address 10.1.31.14
ssl-server 14 cipher rsa-with-rc4-128-sha 10.11.31.14 81
ssl-server 14 rsakey Myweb1Rkey
ssl-server 14 rsacert Myweb1Scert
ssl-server 15
ssl-server 15 vip address 10.1.31.15
ssl-server 15 rsakey Myweb2Rkey
ssl-server 15 rsacert Myweb2Scert
ssl-server 15 cipher rsa-with-rc4-128-sha 10.11.31.15 81
active
service ssl-slot3-srv
type ssl-accel
keepalive type none
slot 3
add ssl-proxy-list ssl-slot3
active
service myhost
ip address 10.4.31.14
keepalive type tcp
keepalive port 80
active
owner mytest
content myweb2-rule
add service ssl-slot3-srv
vip address 10.1.31.15
protocol tcp
port 443
content myweb2-rule2
vip address 10.4.31.15
protocol tcp
port 81
balance leastconn
add service myhost
active
content myweb1-rule
protocol tcp
port 443
add service ssl-slot3-srv
vip address 10.1.31.14
active
Do I miss anything? -
Configure SSL enabled communication issue
Hi Experts,
I'm having this wierd issue.. Installed SharePoint like for the 10th time in my life or so. But this time when I was doing this "Configure SSL enabled communication" steps the Powershell window just hangs forever.
PS C:\FASTSearch\installer\scripts> .\SecureFASTSearchConnector.ps1 -certPath "C
:\FASTSearch\data\data_security\cert\FASTSearchCert.pfx" -ssaName "FAST Content"
-username "domain\user"
Enter the certificate password: **********
Installed certificate.
Updated acls on certificates private keys.
Nothing happens after that. It usually will say the below but it freezes for me.
Updated acls on certificates private keys.
Your FAST Search Connector has been setup to use certificate, restarting osearch14.
Connection to contentdistributor host:port successfully validated.
Until I restart the osearch14 manually from services. But after that the contentsource page is never opening up for me.
I'm I missing something obvious? Or I'm I facing some premission realted issues? nctrl status shwoings everything is running. Any pointers will help.
Thank you.
Freddie Maize ..A story with Glory is History. Doesn’t matter whether Glory rest in the world of Demon or God. Lets create History..Thank you for your response.
Yes I have set the particular proerty SSLAlwaysNegoClientCert to True and it is able to establish the ssl conneciton without initiating renegotiation from IIS server side.The property has to be set the metabase.xml file.
Thank you very much once again.
Edited by: arpitak on Jun 23, 2010 2:10 AM -
How to configure SSL in standalone weblogic server for ADF apps
Hello,
I'm new to weblogic, Could anyone provide documentation/blog references to configuring SSL in weblogic for adf application. Currently adf application deploys on http I need it to deploy as https.
Appreciate your response
Thanks and RegardsExpand Environment > Click on Server > Click on Keystores Tab
Under Keystores you have some options like DemoIdentity & Demo Trust.
If u want to use the default keystores, you dont have to modify these configuations.
Just enable SSL and specify the listen port.
Expand Environment > Click on Server > General
SSL Listen Port Enabled
SSL Listen Port:
If u want to use your own keystore Select Custom Identity and Custom Trust besides Keystores Drop Down and specify the require values.
If u need any clarification let me knw.
HTH,
Faisal
http://download-llnw.oracle.com/docs/cd/E11035_01/wls100/secmanage/ssl.html
Maybe you are looking for
-
Error Message on 7520 All In One Set up on MAC
I have tried several times to install the drivers for the HP 7520 on my MAC (10.9.5 Mavericks). Each time I get this error message; The system extension "/System/Library/Extensions/AppleUSBEthernetHost.kext" was installed improperly and cannot be us
-
Hi, I am facing a problem, i am using an lov for an item. When i am running the lov query individually i am not getting any error but when i am using in the lov region i am getting the following error. Exception Details. oracle.apps.fnd.framework.OAE
-
BC Provided javascript not loading in Internet Explorer
I'm trying to create a web app form that anonymous users can use. I found the snippet of code (below) in the BC Resources: <script type="text/javascript" src="http://code.jquery.com/jquery-latest.js"></script> <script type="text/javascript"> $(docume
-
Buenas, Estoy trabajando con un programa subvi desde mi ordenador a modo de control, y en mi modulo cRio tengo trabajando un programa en RealTime (con "Run as Start up") y el propio programa de la FPGA, configurado como "Run when loaded to FPGA". T
-
Update user_sdo_geom_metadata
Hi, how can i update this view. I try this: Update user_sdo_geom_metadata set diminfo = MDSYS.diminfo(NULL) WHERE table_name = ART_REQUEST_AREA; I get this error: Fehler bei Befehlszeile:8 Spalte:22 Fehlerbericht: SQL-Fehler: ORA-00904: "ART_REQUEST_