Configuring XI for SSL ?

Similar Messages

• How to configure apache for ssl in windows platform

  hi all,
  can anyone help me expalin how to configure apache for ssl in windows platform.

  George,
  I would take the following 'first steps'
  1)Install Apache20 on your Windows machine following the Apache online documentation
  http://httpd.apache.org/docs-2.0/misc/tutorials.html
  2)Make sure you can 'serve up' static HTML content from your Apache Server
  3)Install Weblogic Server per our online documentation
  http://edocs.bea.com/wls/docs61/install/index.html
  4)Also, make sure you can 'serve up' both static and dynamic (e.g., JSP) content
  directly from WLS server
  5)Once you have both of the above 'sanity' checks attempt to configure a simple
  proxy by ppath or mime type via our online documentation
  http://edocs.bea.com/wls/docs61/adminguide/apache.html#103803
  Chuck Nelson
  DRE
  BEA Technical Support

• Configure EP6 SP11 for SSL

  I am following the instructions (help.sap.com) for applying SSL but they are slightly confusing.
  1. You apply the SSL to J2EE
  2. You have to have the Key Storage Server running - but how do you ensure that it is? Is it by default when the J2EE is running
  3. I want to use Verisign Certificates so I suppose that I generate a certificate signing request - do I have to create an entry first under the service_ssl view of the Visual Adminstrator or is this only if I am using a test CA.
  4. I then get the certicate back from Verisign and import it into the J2EE.
  I assume I can them call my portal on the secure port:
  https://myportal.com:500003/irj
  Where do I find the secure ports and do I have to do anything in the portal?
  Thanks
  Patrick

  Hi,
  I have gone through this document but still i am not able to achieve SSL. These are the steps that i have performed. Do let me know if i have missed out something.
  Creating the Server's Key Pair to Use for SSL:
  1) Visual Administrator -> KeyStore -> Views (service_ssl) -> 2 Enteries (ssl-credentials, ssl-credentials-cert). I would like to use ssl-credentials for testing purpose. So if i am not wrong, i don't need to do anything here.
  2) Assigning the Key Pair to Use for a Specific SSL Port:
  I have configured as described in the document.
  3)Managing the Credentials and Trusted Certificates to Use SSL:
  Is it necessary to select one of these:
  Request client certificate
  Require client certificate
  Can't i use the default, Do not request client certificate ?
  I have used Request client certificate and added, SAPServerCA and SAPPassportCA.
  4) Configuring the Use of Client Certificates for Authentication
  Here the pre-requisite says "The SAP J2EE Engine is configured to support SSL", what does that mean? How do i cross check this ?
  The rest of the steps are performed.
  Is there anything else that has to be taken care of ?
  Thanks in advance.
  Regards,
  Sunil

• Configuring Oc4j 9.0.2 for SSL

  Hi,
  I'm trying to enable oc4j 9.0.2 for SSL communication. I have created the certificate request using the Oracle Wallet Manager and received a signed certificate from CA. I refer my .der file created by OWM in the ssl-config tag-keystore attribute.
  When i start my oc4j server, i receive the following error.
  Error starting HTTP-Server: Unable to intialize SSLServerSocketFactory 'com.evermind.ssl.JSSESSLServerSocketFactory': Invalid keystore format
  If i create a self-signed certificate with keytool, it works fine.
  Can someone help me in this.
  Thanks in advance.

  Hi,
  I found that Oracle Wallet Manager cannot be used with Oc4J-SO. KeyTool should be used instead. However certificates for HTTP server could be configured using the Wallet. It could then be configured to proxy the request to the oc4j using mod ssl. As my requirements are different, i did not try the latter. Hope this info is useful to someone working on a similar issue.
  Thanks.

• How to configure sso with SSL step by step

  Purpose
  In this document, you can learn how to configure SSO with SSL. After user have certificate installed in browser, he can login without input username and password.
  Overview
  In this document we will demonstrate:
  1.     How to configure OHS support SSL
  2.     How to Register SSO with SSL
  3.     Configure SSO for certificates
  Prerequisites
  Before start this document, you should have:
  1.     Oracle AS 10g infrastructure installed (10.1.2)
  2.     OCA installed
  Note:
  1.     “When you install Oracle infrastructure, please make sure you have select OCA.
  2.     How Certificate-Enabled Authentication Works:
  a.     The user tries to access a partner application.
  b.     The partner application redirects the user to the single sign-on server for authentication. As part of this redirection, the browser sends the user's certificate to the login URL of the server (2a). If it is able to verify the certificate, the server returns the user to the requested application.
  c.     The application delivers content. Users whose browsers are configured to prompt for a certificate-store password may only have to present this password once, depending upon how their browser is configured. If they log out and then attempt to access a partner application, the browser passes their certificate to the single sign-on server automatically. This means that they never really log out. To effectively log out, they must close the browser.
  Enable SSL on the Single Sign-On Middle Tier
  The following steps involve configuring the Oracle HTTP Server. Perform them on the single sign-on middle tier. In doing so, keep the following in mind:
  l     You must configure SSL on the computer where the single sign-on middle tier is running.
  l     You are configuring one-way SSL.
  l     You may enable SSL for simple network encryption; PKI authentication is not required. Note though that you must use a valid wallet and server certificate. The default wallet location is ORACLE_HOME/Apache/Apache/conf/ssl.wlt/default.
  1.     Back up the opmn.xml file, found at ORACLE_HOME/opmn/conf
  2.     In opmn.xml, change the value for the start-mode parameter to ssl-enabled. This parameter appears in boldface in the xml tag immediately following.
  <ias-component id="HTTP_Server">
  <process-type id="HTTP_Server" module-id="OHS">
  <module-data>
  <category id="start-parameters">
  <data id="start-mode" value="ssl-enabled"/>
  </category>
  </module-data>
  <process-set id="HTTP_Server" numprocs="1"/>
  </process-type>
  </ias-component>
  3.     Update the distributed cluster management database with the change: ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct opmn
  4.     Reload the modified opmn configuration file:
  ORACLE_HOME/opmn/bin/opmnctl reload
  5.     Keep a non-SSL port active. The External Applications portlet communicates with the single sign-on server over a non-SSL port. The HTTP port is enabled by default. If you have not disabled the port, this step requires no action.
  6.     Apply the rule mod_rewrite to SSL configuration. This step involves modifying the ssl.conf file on the middle-tier computer. The file is at ORACLE_HOME/Apache/Apache/conf. Back up the file before editing it.
  Because the Oracle HTTP Server has to be available over both HTTP and HTTPS, the SSL host must be configured as a virtual host. Add the lines that follow to the SSL Virtual Hosts section of ssl.conf if they are not already there. These lines ensure that the single sign-on login module in OC4J_SECURITY is invoked when a user logs in to the SSL host.
  <VirtualHost ssl_host:port>
  RewriteEngine on
  RewriteOptions inherit
  </VirtualHost>
  Save and close the file.
  7.     Update the distributed cluster management database with the changes:
  ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct ohs
  8.     Restart the Oracle HTTP Server:
  ORACLE_HOME/opmn/bin/opmnctl stopproc process-type=HTTP_Server
  ORACLE_HOME/opmn/bin/opmnctl startproc process-type=HTTP_Server
  9.     Verify that you have enabled the single sign-on middle tier for SSL by trying to access the OracleAS welcome page, using the format https://host:ssl_port.
  Reconfigure the Identity Management Infrastructure Database
  Change all references of http in single sign-on URLs to https within the identity management infrastructure database. When you change single sign-on URLs in the database, you must also change these URLs in the targets.xml file on the single sign-on middle tier. targets.xml is the configuration file for the various "targets" that Oracle Enterprise Manager monitors. One of these targets is OracleAS Single Sign-On.
  1.     Change Single Sign-On URLs
  Run the ssocfg script, taking care to enter the command on the computer where the single sign-on middle tier is located. Use the following syntax:
  UNIX:
  $ORACLE_HOME/sso/bin/ssocfg.sh protocol host ssl_port
  Windows:
  %ORACLE_HOME%\sso\bin\ssocfg.bat protocol host ssl_port
  In this case, protocol is https. (To change back to HTTP, use http.) The parameter host is the host name, or server name, of the Oracle HTTP listener for the single sign-on server.
  Here is an example:
  ssocfg.sh https login.acme.com 4443
  2. Restart OC4J_SECURITY instance and verify the configuration
  To determine the correct port number, examine the ssl.conf file. Port 4443 is the port number that the OracleAS installer assigns during installation.
  If you run ssocfg successfully, the script returns a status 0. To confirm that you were successful, restart the OC4J_SECURITY instance:
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY
  Then try logging in to the single sign-on server at its SSL address:
  https://host:ssl_port/pls/orasso/
       3. Back up the file targets.xml:
  cp ORACLE_HOME/sysman/emd/targets.xml ORACLE_HOME/sysman/emd/targets.xml.backup
  4. Open the file and find the target type oracle_sso_server. Within this target type, locate and edit the three attributes that you passed to ssocfg:
  ·     HTTPMachine—the server host name
  ·     HTTPPort—the server port number
  ·     HTTPProtocol—the server protocol
  If, for example, you run ssocfg like this:
  ORACLE_HOME/sso/bin/ssocfg.sh http sso.mydomain.com:4443
  Update the three attributes this way:
  <Property NAME="HTTPMachine" VALUE="sso.mydomain.com"/>
  <Property NAME="HTTPPort" VALUE="4443"/>
  <Property NAME="HTTPProtocol" VALUE="HTTPS"/>
  5.Save and close the file.
  6.     Reload the OracleAS console:
       ORACLE_HOME/bin/emctl reload
  7. Issue these two commands:
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY
  Registering mod_osso
  1.     This command sequence that follows shows a mod_osso instance being reregistered with the single sign-on server.
  $ORACLE_HOME/sso/bin/ssoreg.sh
       -oracle_home_path $ORACLE_HOME
       -config_mod_osso TRUE
       -mod_osso_url https://myhost.mydomain.com:4443
  2.     Restarting the Oracle HTTP Server
  After running ssoreg, restart the Oracle HTTP Server:
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server
  Configuring the Single Sign-On System for Certificates
  1.     Configure policy.properties with the Default Authentication Plugin
  Update the DefaultAuthLevel section of the policy.properties file with the correct authentication level for certificate sign-on. This file is at ORACLE_HOME/sso/conf. Set the default authentication level to this value:
  DefaultAuthLevel = MediumHighSecurity
  Then, in the Authentication plugins section, pair this authentication level with the default authentication plugin:
  MediumHighSecurity_AuthPlugin = oracle.security.sso.server.auth.SSOX509CertAuth
  2.     Restart the Single Sign-On Middle Tier
  After configuring the server, restart the middle tier:
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY
  Bringing the SSO Users to OCA User Certificate Request URL
  The OCA server reduces the administrative and maintenance cost of provisioning a user certificate. The OCA server achieves this by authenticating users by using OracleAS SSO server authentication. All users who have an Oracle AS SSO server account can directly get a certificate by using the OCA user interface. This reduces the time normoally requidred to provision a certificate by a certificate authority.
  The URL for the SSO certificate Request is:
  https://<Oracle_HTTP_host>:<oca_ssl_port>/oca/sso_oca_link
  You can configure OCA to provide the user certificate request interface URL to SSO server for display whenever SSO is not using a sertificate to authenticate a user. After the OracleAS SSO server authenticates a user, it then display the OCA screen enabling that user to request a certificate.
  To link the OCA server to OracleAS SSO server, use the following command:
  ocactl linksso
  opmnctl stoproc type=oc4j instancename=oca
  opmnctl startproc type=oc4j instancename=oca
  You also can use ocactl unlinksso to unlink the OCA to SSO.

  I have read the SSO admin guide, and performed the steps for enabling SSL on the SSO, and followed the steps to configure mod_osso with virtual host on port 4443 as mentioned in the admin guide.
  The case now is that when I call my form (which is developed by forms developer suite 10g and deployed on the forms server which is SSO enabled) , it calls the SSO module on port 7777 using http (the default behaviour).
  on a URL that looks like this :
  http://myhostname:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
  and gives the error :
  ( Forbidden
  You don't have permisission to access /sso/auth on this server at port 7777)
  when I manually change the URL to :
  https://myhostname:4443/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
  the SSO works correctly.
  The question is :
  How can I change this default behaviour and make it call SSO on port 4443 using https instead ?
  Any ideas ?
  Thanks in advance

• Can port 25 be used for SSL-enable SMTP server ?

  Hi,
  Our customer is using port 25 for a SSL-enabled SMTP server without certificate. When our email client tried to connect to it, the following exception thrown:
  DEBUG SMTP: exception reading response: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
  Since we don't want to ask our customer to change their port configuration unless absolutely necessary, we did some tests with our own SSL-enabled SMTP server that uses certificate. Here is what I got:
  1) with port 25, got the same exception as above;
  2) with port 465, worked fine;
  3) with any other randomly pick up valid port, worked fine.
  This made me wonder if 25 is for non SSL SMTP server ONLY. By the way, I'm using Javamail 1.3.4 and JSDK 1.4.2_02. My question is whether we can configure javamail so that port 25 can be used by SSL-enabled SMTP server?
  Your help will be appreciated.

  Yes, port 25 is intended for non-SSL servers only, although that doesn't
  prevent a client from making a plain text connection and then using the
  STARTTLS command to switch the connection to SSL/TLS. JavaMail 1.4
  supports that usage.
  You can configure JavaMail to use port 25 for SSL connections if you
  really want to. JavaMail 1.3.x requires you configure an appropriate
  socket factory to get SSL connections; you can configure whatever port
  you want for use with that socket factory.

• How to set the Certifcate to use for SSL when more than one available?

  I apologise for bad wording of question.
  We have a 11g Directory Server and when we created the directory instance it generated a self-signed certificate. very nice.
  We have recently requested and installed a CA signed certifcate, so we now have TWO certificates in the directory certificate store. Default Certificate and the new Server-Cert (the CA signed one)
  LDAP clients STILL seem to be presented with the self-sgned certificate though.
  Simple question... how do I make my Server-Cert the 'default' certificate presented to LDAP clients ???
  I would rather not delete the self-signed cert if possible.
  I cant find any documented method to achieve this.

  # Listing Certificate
  $ /certutil -L -d <path>/slapd-abc/alias -P slapd-
  # Add Trust by adding CT
  $ certutil -M -n "GeoTrust DV SSL CA" -t CT,, -d <path>/slapd-abc/alias -P slapd-
  # Verify the setup.
  $ certutil -L -d <path>/slapd-abc/alias -P slapd-
  ( You should see the CT beside the relevant cerficate, making it default for SSL communication )
  GeoTrust DV SSL CA CT,,
  Link : http://docs.oracle.com/cd/E19656-01/821-1504/6nmg10b6g/index.html ( Look around for different steps for configuring SSL )
  JPrince

• Configuring mod_wl_ohs for OHS to weblogic

  Hello,
  I'm trying to configure SSL between OHS and a weblogic application server. I've been through various docs and threads, but cannot seem to find the answer to the problem. I can pull up a ssl page on the app server itself, and see that it's secure and using the certificate (https://appserver:7002). SSL works fine from a client to the OHS server as well.
  In httpd.conf on OHS server:
  <VirtualHost <myip>:443>
  ServerName ohsserver
  DocumentRoot "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/htdocs"
  DirectoryIndex index.html
  <IfModule ossl_module>
  SSLEngine on
  SSLProtocol nzos_Version_3_0
  SSLCipherSuite SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
  SSLVerifyClient none
  SSLWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/ohs_wallet"
  SSLCRLCheck Off
  </IfModule>
  ServerAdmin web@mydomain
  <IfModule weblogic_module>
  WebLogicHost appserver
  MatchExpression /go
  WLLogFile /tmp/wlproxy_ssl.log
  Debug ALL
  DynamicServerList Off
  WebLogicPort 7002
  SecureProxy On
  WLSSLWallet "$(ORACLE_INSTANCE)/config/OHS/ohs1/keystores/ohs_wallet"
  </IfModule>
  </VirtualHost>
  I've imported the appserver certificate into the ohs_wallet (my ssl wallet).
  I see this in the wlproxy_ssl.log file (i replace ips with <myip>):
  Thu Aug 12 01:13:13 2010 <2806212815755931> INFO: SSL is configured
  Thu Aug 12 01:13:13 2010 <2806212815755931> Using Uri /go/here.jsp
  Thu Aug 12 01:13:13 2010 <2806212815755931> After trimming path: '/go/here.jsp'
  Thu Aug 12 01:13:13 2010 <2806212815755931> The final request string is '/go/here.jsp'
  Thu Aug 12 01:13:13 2010 <2806212815755931> parseServerList: Socket Address hostnames 'appserver:7002'
  Thu Aug 12 01:13:13 2010 <2806212815755931> Host extracted from serverlist is [appserver]
  Thu Aug 12 01:13:13 2010 <2806212815755931> parseServerList: IP from socket Address [<myip>]
  Thu Aug 12 01:13:13 2010 <2806212815755931> Initializing lastIndex=0 for a list of length=1
  Thu Aug 12 01:13:13 2010 <2806212815755931> getListNode: created a new server node: id='appserver:7002' server_name='ohsserver', port='443'
  Thu Aug 12 01:13:13 2010 <2806212815755931> attempt #0 out of a max of 5
  Thu Aug 12 01:13:13 2010 <2806212815755931> Trying a pooled connection for '<myip>/7002/7002'
  Thu Aug 12 01:13:13 2010 <2806212815755931> getPooledConn: found a host and port/securePort match
  Thu Aug 12 01:13:13 2010 <2806212815755931> getPooledConn: No more connections in the pool for Host[<myip>] Port[7002] SecurePort[7002]
  Thu Aug 12 01:13:13 2010 <2806212815755931> general list: trying connect to '<myip>'/7002/7002 at line 3188 for '/go/here.jsp'
  Thu Aug 12 01:13:13 2010 <2806212815755931> SSL is not configured for this connection
  Thu Aug 12 01:13:13 2010 <2806212815755931> Local Port of the socket is 55262
  Thu Aug 12 01:13:13 2010 <2806212815755931> Remote Host <myip> Remote Port 7002
  Thu Aug 12 01:13:13 2010 <2806212815755931> URL::connect SSLConn for reader is not set as it is NULL
  It worked with non-ssl requests, but for ssl requests I get the error:
  Failure of server APACHE bridge:
  No backend server available for connection: timed out after 10 seconds or idempotent set to OFF.
  Any help is appreciated!

  Thanks for the reply!
  Yes, I created a custom identity and trust keystores using keytool. I added the root and intermediate CAs in both of those and then imported the certificate I received from the intermediate CA into the identity store.
  All I get from the OHS access log is a 503 status when I try to access something on the app server.
  Here's what I get on the app server log:
  ####<Aug 16, 2010 12:50:09 PM GMT+00:00> <Warning> <Security> <my name> <app_server> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1281963009359> <BEA-090475> <Plaintext data for protocol HTTP was received from peer <my ohs server> - <my ip> instead of an SSL handshake.>
  I looked up this error, and it says to add SecureProxy to the configuration...but I already added that!
  Thanks for the help

• Using HttpSupport library for SSL with User Id/Password

  Does anybody know how to use UDS HttpSupport library for SSL connection which requires user id and password?
  Got no problem so far in getting pages using https and HttpBaseRequest but can't figure out how to setup user id and password for logging in to server. Have tried https://userid:password@server/... but UDS treated password@server as the port!
  Any help is appreciated.

  I assume you mean that you need to provide the password needed for a certificate for SSL authentication.
  For both client and server, these are configuration items.
  If you want to do HTTP authorization, which is not related to SSL, you should use the Authorization and WWW-Authenticate (in a 401 response) to get a user name and password to the server.

• Up gradation Issues from 11.1.2.1 to 11.1.2.2 especially for SSL envrionmen

  Hi All,
  We are going for an up gradation from Hyperion 11.1.2.1 to Hyperion 11.1.2.2. All the products configured with SSL. I would like to know whether is there an impact in SSL configuration or not.
  Products Installed in Hyperion 11.1.2.1 in Distributed Environment
  Hyperion Planning
  HFM
  FR
  Thanks

  If you are configuring EPM System products for SSL, the configuration sequence and selections that you make during configuration depend on the type of SSL implementation you choose.
  http://docs.oracle.com/cd/E17236_01/epm.1112/epm_security_1112200.pdf

• Configuring Keystore for clusted WL 10.3 (OSB).

  In one of test env i have weblogic 10.3 (OSB) Admin with 6 managed servers. In order to configure one way SSL,Do we need to configure keystore (Identity&Trust) only for admin or for all managed servers individually?
  help is much appriciated.
  Regards,
  Sreepad

  But configuring keystore in weblogic console is more like deploying any app, so doing it on admin wiil not help? Where did you see that? It is not correct. Configuring keystore is a part of Weblogic configuration and it is not a deployment. Moreover, each and every server has it's own configuration so you have to mention the keystore path in all server's config, however you may use same keystore for all the servers.
  Remember, in clustered deployment, OSB gets deployed on the cluster and not on admin server.
  also can we use WLST for configurng keystore?I think we can create and configure complete domain itself using WLST, so this will also be possible.
  Regards,
  Anuj

• IPhone Config Utility 1.1 for Windows:  Cert Chooser not working for SSL

  I have installed the iPhone Configuration Utility for Windows 1.1 and I cannot add SSL certificates into Configuration Profiles. The Certificate Chooser opens, but there is no way for me to add an SSL certificate. Blank list and no button to browse or add a certificate.
  Any solutions to this? Has anyone else seen this? I have tried repairing the installation, and uninstalling/reinstalling the application to no avail.
  Sorry to open a new post for a supposedly closed topic, but the old thread does not contain any real answer...just an 'I fixed it myself' post with no description of the solution.

  Hi Aaron,
  Did you open a TAC case for this?
  Escalations team found a problem with the format of the xml file in a very similar issue reported in a TAC case. The format needs to be as below:
  <?xml version="1.0" encoding="utf-8"?>
  9905
  9.0.3
  http://server.domain.com/update/CiscoJabberSetup.msi
  or just:
  9905
  9.0.3
  http://server.domain.com/update/CiscoJabberSetup.msi
  Thanks,
  Maqsood

• ACE Best Sticky Method for SSL Traffic

  Hi, With ACE 4710 running serverfarms primarily running SSL traffic, what is the best method for configuring stickiness. Here are some parameters:
  1) low volume sites, 2 real servers
  2) ACE _will not_ do SSL offloading
  3) Balancing HTTPS requests
  4) Many versions of HTTP clients
  5) Currently running ACE A1 code
  I am thinking of:
  1) TCP Header | HostID inspection
  2) SSL-session ID (not good if re-key often though)
  3) Any suggestions?
  many thx,
  WR

  Hi Will,
  You can see a comple configured example for your perusal in this regard for
  Configure ACE Module for End to End SSL Termination
  http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c6f37.shtml
  And Many more here regarding
  Data Center Application Services Configuration Examples:
  http://docwiki.cisco.com/wiki/Category:Data_Center_Application_Services_Configuration_Examples
  Hope these configuration examples will be useful to you.
  Sachin Garg

• For SSL program code

  hi dear to all
  i am new to http tunneling.
  i want to know how should i confignure the SSL between the webserver to database server. because i want to send/receiver the data from database. i want to know how should i configure the ssl in sever? is there any options for that? what r the softwares required for that? if it is not possible manually if write the code for SSL ; is it possible to keep between server and database. if u have the code please provide me.
  thank u
  regards
  krishna

  hi, that error got solved, the SessID i was receiving in that code had some leading or trailing white spaces. so SessID = SessID.trim() did the job.
  But i have a question. This program workd fine when i compile and run from my local system. But when i port this on to the oracle server (JAVA_TOP) and access this from a JSP, then the program performs very un-reliably.
  The first data transfer works fine, i get the SessID, when i pass that SessID along with the DTSSessionID to the server, the server says that i doesn't recognise my SessID, and throws a client.Authentication Error.
  So there goes the parsing out of the window for the data in the second iteration.

• Error: The chosen certificate was not exported and cannot be used for SSL

  Hello there,
  when I try to configure the profilemanager in OS X Server and it comes to choose a certificate i get the following message:
  The chosen certificate cannot be used.
  The chosen certificate was not exported and cannot be used for SSL.
  I chose our Wildcard certificate we received from Thawte.
  It is completely imported in the Keychain from the Mac.
  (Sorry if any sentence is wrong, I translated it from german to english)
  Best regards,
  Christoph

  Is this a regular web ssl cert or a code signing cert?