Connect DTR by SSL

HI all,
I got some questions about connect DTR by SSL.
Firstly, can DTR command line too connect DTR by SSL? I tried but got following errors:
====================================================
>Connecting to client "DTR_HTTPS"
Ping on server https://192.168.3.6:50101/dtr/ failed (maybe server not available
) - Unable to open connection.failed to retrieve SSL socket [SSL provider does n
ot support certificates]..
The server https://192.168.3.6:50101/dtr/ is unavailable
The server https://192.168.3.6:50101/dtr/ is unavailable
>Initialization Failed.
====================================================
Secondly, anyone tried to connect DTR in NWDS by SSL successfully? I tried but got the following errors:
====================================================
Ping on server https://192.168.3.6:50101/dtr/ failed (maybe server not available) - Unable to open SSL connection to host "192.168.3.6:50101". Peer sent alert: Alert Fatal: handshake failure..
Failed to log in (status: -1) on server https://192.168.3.6:50101/dtr/
====================================================
I can access DTR by using IE through SSL, that is access the link https://192.168.3.6:50101/dtr/, but fail to access via DTR command line and NWDS.
Hope someone can help.
Thanks & Regards,
Kelvin

Hi Kelvin,
Did you get this problem solved? I am also getting this problem now. Could you please let me know, if you solve this issue already.
Thanks
Prem

Similar Messages

ODSM unable to connect to OVD SSL admin port

Hi,
I have installed ODSM 11g on middleware server. OVD 11 is installed on a separate server.
OVD is up and running
When i try to connect to OVD SSL admin port using ODSM i am getting ODSM-00007 error.
ODSM-00007: SSL connection failed.
Cause: You may not have provided valid SSL port number and host. Or ODSM may not be able to read its trust store or may not have access to Credential Store Framework. Refer exception to find actual cause.
Action: Ensure that you have provided valid SSL port number and host details. Ensure that ODSM has access to Credential Store Framework and is able to read its trust store.
Level: 1
This is the error i am seeing in the log file
java.security.AccessControlException: access denied (oracle.security.jps.service.credstore.CredentialAccessPermission context=SYSTEM,mapName=ODSMMap,keyName=ODSMKey.Wallet read)
     at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
     at java.security.AccessController.checkPermission(AccessController.java:546)
     at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:378)
     at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:438)
     at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:460)
     at oracle.security.jps.internal.credstore.util.CsfUtil.checkPermission(CsfUtil.java:579)
     at oracle.security.jps.internal.credstore.ssp.SspCredentialStore.getCredential(SspCredentialStore.java:410)
     at oracle.ldap.odsm.ui.common.Login$1.run(Login.java:696)
     at oracle.ldap.odsm.ui.common.Login$1.run(Login.java:693)
     at java.security.AccessController.doPrivileged(Native Method)
     at oracle.ldap.odsm.ui.common.Login.getTrustWalletPwd(Login.java:691)
     at oracle.ldap.odsm.ui.common.Login.createTrustConnection(Login.java:773)
     at oracle.ldap.odsm.ui.common.Login.saveChanges(Login.java:211)
     at sun.reflect.GeneratedMethodAccessor230.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.sun.el.parser.AstValue.invoke(AstValue.java:157)
     at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283)
     at org.apache.myfaces.trinidadinternal.taglib.util.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:53)
     at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodBinding(UIXComponentBase.java:1259)
     at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:183)
     at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.broadcastEvents(LifecycleImpl.java:812)
     at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:292)
     at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:177)
     at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
     at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
     at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
     at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:97)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420)
     at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:247)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:157)
     at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:330)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
     at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
     at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
     at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
Any ideas?
Ramnath

Nothing to do with LOOKUP
try below
1. Let Provisioning happen as it is
2. Open Create user task
3. attach "Disable User" task on SUCCESS response of Create user.
this will do your job
else use useraccesscontrol=514 or 2. for this you need to add extra field to process form and add another task in the process definition
regards,
nayan
Edited by: Nishith Nayan on Jan 31, 2012 10:51 PM

Configure the ADMIN and CLUSTER service connections to be SSL

Can you configure the ADMIN and CLUSTER service connections to be SSL
rather than tcp?
I was wondering about the present or future ability to secure other
connection services with SSL. Can you now or are there future plans
to configure the ADMIN and CLUSTER service connections to be SSL
rather than tcp? I suppose I should add the PORTMAPPER to that list.
My primary interest is for an SSLCLUSTER service in the case where
two brokers are connected over a non-trusted network. It may
not be too difficult to secure all the services the same way, but
perhaps that is on the TODO list.
A related question is if there are plans to add SSL with client
authentication as a stronger authentication mechanism than 'simple'
username and password. I believe you could get the username from
the client certificate's DN and continue to use the same LDAP user
repository for access control. I think this is similar to the way
that BEA's Weblogic server does it.
Finally should it be possible to deploy the HTTP tunnel servlet to
a webserver (such as iPlanet Web Server) configured to do SSL with
client authentication as a work-around to get stronger authentication
with the current release of the product? Or am I perhaps missing some
obvious and important detail? :) I guess I would like to know it's been
done already or is at least possible before I try and do it myself.

3 scenarios involving SSL are:
1: JMS client <------- SSL -------> iMQ broker
2: iMQ admin <------- SSL -------> iMQ broker
3: iMQ broker <------- SSL -------> iMQ broker (i.e clusters)
(1) is currently supported in iMQ 2.0
(2) and (3) is not supported in iMQ 2.0. No concrete plans yet to support
it in the near future but we'll definitely consider doing it if we
hear a lot of demand for it.
]A related question is if there are plans to add SSL with client
]authentication as a stronger authentication mechanism than 'simple'
]username and password. I believe you could get the username from
]the client certificate's DN and continue to use the same LDAP user
]repository for access control. I think this is similar to the way
]that BEA's Weblogic server does it.
This is on our todo list, but due to other more pressing issues we
have not been able to address it. We will continue to keep it
on our potential list of new features.
Sorry if I sound pretty wishy-washy in my responses above, but the fact
is that the things you mentioned above had to take a backseat
to other more critical features. That and the usual time/resource
constraints caused them not to be implemented.
]Finally should it be possible to deploy the HTTP tunnel servlet to
]a webserver (such as iPlanet Web Server) configured to do SSL with
]client authentication as a work-around to get stronger authentication
]with the current release of the product? Or am I perhaps missing some
]obvious and important detail? :) I guess I would like to know it's been
]done already or is at least possible before I try and do it myself.
Yes, this should be possible (although I don't believe we've tried it here).
The client authentication here is really only between the JMS client and the
web server (not between the tunnel servlet and the iMQ broker) and should
be similar in setup to any other java application talking to iPlanet Web
Server.

I can't set up gmail in my iPad 2. Keep on saying ' can't connect with SSL and ask me whether to connect without using SSL, then I press 'yes' and it said again IMAP is not working and tell me to see network connection and incoming mail server.

I can't set up gmail in my iPad 2. Keep on saying ' can't connect with SSL and ask me whether to connect without using SSL, then I press 'yes' and it said again IMAP is not working and tell me to see network connection and incoming mail server. No idea how to do anymore. Already tried to figure out. But not work. Can anyone pls help me?

Nope, doesn't pass verification. I get the spinner for a minute or so, then the alert about setting it up without SSL. Are you suggesting I disable Fetch and Push BEFORE I enter the account details? Because I never get past the account details screen, unless I choose "Set up without SSL" after the warning.

Cannot connect using webserviceclient+ssl.jar

Hello!
I installed Verisign test certificate on my server and I am able to connect
to the server using Web Service client with JSSE adapter class. Funnily
enough, I cannot connect using WebLogic SSL library, I get an exception.
Could someone help me understand, why I cannot connect using WebLogic SSL
implementation?
To connect using JSSE I use following system properties:
java^
-classpath
.;abcconnect-client.jar;webserviceclient.jar;..\lib\jcert.jar;..\lib\jnet.ja
r;..\lib\jsse.jar;^
-Dweblogic.webservice.client.ssl.adapterclass=com.xxx.yyy.webservice.ssl.AB
CJSSEAdapter^
-Djavax.net.ssl.trustStore=abc.keystore^
-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol^
Client https://MyServer:7002/webservice/ABCConnectService?WSDL
where abcconnect-client.jar is the client jar file, and abc.keystore
contains getcacert.cer root CA, which I downloaded from Verisign from this
page: https://digitalid.verisign.com/server/trial/trialStep4.htm,
ABCJSSEAdapter is the adapter class, implementing SSLAdapter. JSSE test
works fine.
To connect using WebLogic SSL implementation I use following system
properties:
java^
-classpath .;abcconnect-client.jar;webserviceclient+ssl.jar;^
-Dweblogic.webservice.client.ssl.trustedcertfile=getcacert.cer^
-Dweblogic.webservice.client.ssl.strictcertchecking=false^
-Dweblogic.webservice.security.verbose=true^
-Dweblogic.webservice.client.verbose=true^
-Dbea.home=.^
-Djava.protocol.handler.pkgs=com.certicom.net.ssl^
Client https://MyServer:7002/webservice/ABCConnectService?WSDL
I converted binary format of the certificate to PEM, but it did not help.
I am getting this exception:
[BaseWLSSLAdapter] : SSLAdapter verbose output enabled
[BaseWLSSLAdapter] : Strict cert checking disabled by default
[BaseWLSSLAdapter] : Trusted certificates will be loaded from getcacert.cer
[BaseWLSSLAdapter] : Loaded local trusted certificates from
java.io.FileInputStream@73a7ab
[BaseWLSSLAdapter] : Disabling strict checking on adapter
weblogic.webservice.client.WLSSLAdapter@4faf8
[BaseWLSSLAdapter] : Set TrustManager to
weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@78c6df
[WLSSLAdapter] : Set HostnameVerifier to
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[BaseWLSSLAdapter] : Loaded local trusted certificates from
java.io.FileInputStream@57c2bd
[BaseWLSSLAdapter] : Disabling strict checking on adapter
weblogic.webservice.client.WLSSLAdapter@323210
[BaseWLSSLAdapter] : Set TrustManager to
weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@74f44a
[WLSSLAdapter] : Set HostnameVerifier to
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[BaseWLSSLAdapter] : Got new socketfactory
javax.net.ssl.impl.SSLSocketFactoryImpl@18c56d
[WLSSLAdapter] :
openConnection(https://MyServer:7002/webservice/ABCConnectService?WSDL)
returning
weblogic.webservice.client.https.HttpsURLConnection:https://MyServer:7002/we
bservice/ABCConnectService?WSDL
[WLSSLAdapter] : -- using HostnameVerifier
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[WLSSLAdapter] : -- loaded certs from getcacert.cer
java.io.IOException: Write Channel Closed, possible SSL handshaking or trust
failure
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Un
known Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(U
nknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at
com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
at
com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknown
Source)
at
weblogic.webservice.client.https.HttpsURLConnection.getInputStream(HttpsURLC
onnection.java:216)
at
weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(Definitio
nFactory.java:71)
at
weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:62)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
106)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
82)
at
weblogic.webservice.core.rpc.ServiceImpl.<init>(ServiceImpl.java:67)
at Client.main(Client.java:136)

Michael,
I guess the getcacert.cer, which is on the client side, should have the
server's certificate followed by the root CA certificate in .pem format.
I have it working with this format.
Could you please try this out and let us know.
Regards,
Anurag
"Michael Jouravlev" <[email protected]> wrote in message
news:[email protected]...
Hello!
I installed Verisign test certificate on my server and I am able toconnect
to the server using Web Service client with JSSE adapter class. Funnily
enough, I cannot connect using WebLogic SSL library, I get an exception.
Could someone help me understand, why I cannot connect using WebLogic SSL
implementation?
To connect using JSSE I use following system properties:
java^
-classpath
.;abcconnect-client.jar;webserviceclient.jar;..\lib\jcert.jar;..\lib\jnet.ja
r;..\lib\jsse.jar;^
-Dweblogic.webservice.client.ssl.adapterclass=com.xxx.yyy.webservice.ssl.AB
CJSSEAdapter^
-Djavax.net.ssl.trustStore=abc.keystore^
-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol^
Client https://MyServer:7002/webservice/ABCConnectService?WSDL
where abcconnect-client.jar is the client jar file, and abc.keystore
contains getcacert.cer root CA, which I downloaded from Verisign from this
page: https://digitalid.verisign.com/server/trial/trialStep4.htm,
ABCJSSEAdapter is the adapter class, implementing SSLAdapter. JSSE test
works fine.
To connect using WebLogic SSL implementation I use following system
properties:
java^
-classpath .;abcconnect-client.jar;webserviceclient+ssl.jar;^
-Dweblogic.webservice.client.ssl.trustedcertfile=getcacert.cer^
-Dweblogic.webservice.client.ssl.strictcertchecking=false^
-Dweblogic.webservice.security.verbose=true^
-Dweblogic.webservice.client.verbose=true^
-Dbea.home=.^
-Djava.protocol.handler.pkgs=com.certicom.net.ssl^
Client https://MyServer:7002/webservice/ABCConnectService?WSDL
I converted binary format of the certificate to PEM, but it did not help.
I am getting this exception:
[BaseWLSSLAdapter] : SSLAdapter verbose output enabled
[BaseWLSSLAdapter] : Strict cert checking disabled by default
[BaseWLSSLAdapter] : Trusted certificates will be loaded fromgetcacert.cer
[BaseWLSSLAdapter] : Loaded local trusted certificates from
java.io.FileInputStream@73a7ab
[BaseWLSSLAdapter] : Disabling strict checking on adapter
weblogic.webservice.client.WLSSLAdapter@4faf8
[BaseWLSSLAdapter] : Set TrustManager to
weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@78c6df
[WLSSLAdapter] : Set HostnameVerifier to
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[BaseWLSSLAdapter] : Loaded local trusted certificates from
java.io.FileInputStream@57c2bd
[BaseWLSSLAdapter] : Disabling strict checking on adapter
weblogic.webservice.client.WLSSLAdapter@323210
[BaseWLSSLAdapter] : Set TrustManager to
weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@74f44a
[WLSSLAdapter] : Set HostnameVerifier to
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[BaseWLSSLAdapter] : Got new socketfactory
javax.net.ssl.impl.SSLSocketFactoryImpl@18c56d
[WLSSLAdapter] :
openConnection(https://MyServer:7002/webservice/ABCConnectService?WSDL)
returning
weblogic.webservice.client.https.HttpsURLConnection:https://MyServer:7002/we
bservice/ABCConnectService?WSDL
[WLSSLAdapter] : -- using HostnameVerifier
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[WLSSLAdapter] : -- loaded certs from getcacert.cer
java.io.IOException: Write Channel Closed, possible SSL handshaking ortrust
failure
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(UnknownSource)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Un
known Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(U
nknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at
com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
at
com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknown
Source)
at
weblogic.webservice.client.https.HttpsURLConnection.getInputStream(HttpsURLC
onnection.java:216)
at
weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(Definitio
nFactory.java:71)
at
weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:62)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
106)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
82)
at
weblogic.webservice.core.rpc.ServiceImpl.<init>(ServiceImpl.java:67)
at Client.main(Client.java:136)

Lync front end connectivity test fails (SSL certificate / URL problem)

We have a weird problem in our installation where Lync keeps complaining about connectivity issues to external reach proxy on our front end server.
The event log error codes are 41024 and 41026.
Here's the error from the snooper utility:
TL_ERROR(TF_COMPONENT) [0]1A14.0EE4::12/12/2014-10:31:30.901.0000000d (DataMCURunTime,DataProxies.ProcessResponse:1197.idx(601))
(0000000001595A27)Failed poking Proxy error=[The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.], type=[ExternalReachProxy], url=[https://dunords36.du.local:4443/Reach/DataCollaborationRelayWebService.svc]
The problem is that it makes the test with the INTERNAL FQDN (dunords36.du.local) and thus the SSL trust fails as the certificate is for our EXTERNAL FQDN on the front end server! I have verified this by testing the above URL with the external address and
the internal one. With the external one the certificate is OK.
If you're wondering; we do not use a reverse proxy. Instead we just have the firewall change the port and forward the traffic to our front end server. Our lync setup is a NAT'ed setup.
I know about the security risks so this is not what the discussion is about.
I can't find anywhere where i can change the above behaviour and tell lync to make the test on the correct, external FQDN. The settings in the topology builder all seems to be OK. And as you can see it does make the test on port 4443 which in our topology
builder is configured for our external FQDN.

Hi,
Would you please elaborate your Lync Server environment (Standard Edition or Enterprise Edition)?
Please double check if you enter the correct external base URL on Lync Topology.
Please also check if the SAN of FE Server certificate correctly.
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support

JDeveloper fails to connect after enabling SSL Listen Port

Hi,
When I activate SSL on port 8002 (SSL Listen Port Enabled) for my soa_server in weblogic console, JDeveloper fails to connect to the server when deploying.
Soa server lookup takes a long time an ends in an error failed to connect to <server>:8002
When I turn off SSL JDev can find the SOA server again.
I use JDeveloper 11.1.1.4 and SOA Suite 11.1.1.4
What can I do about this?
Groeten,
HJH

Here's the top 3 causes for this:
(1) make sure the database listener is running on the server with the database.
(2) make sure the connection information that JDeveloper is using is correct.
(3) remember that JDeveloper uses the SID and not the service name.
Rob
Team JDev

Help required in connecting to Implicit SSL FTP server

Hi,
I am working on a scenario of File to Idoc.
Here the File server (FTP server) is using the Implicit SSL protocol which is not supported by PI.
Hence, we thought of using the scripts for this.
Using Script we will move the file from the FTP server to the PI directory & then using NFS protocol in channel, PI will read the file.
Here my query is, is it possible to go for such a design in case of Implicit SSL?
If yes, please let me know how it can be achieved.
I am referring the below blog of writing the scripts in case of SSH protocol:
/people/daniel.graversen/blog/2008/12/11/sftp-with-pi-the-openssh-way
Please let me know if any such blog/material is available for Implicit SSL protocol as well.
Your help is highly appreciated.
-Supriya.

have you tried calling from ABAP ?
Connect FTP Server through R/3
There is something called SAP cryptographic kit which you need to install ,please check this link I am not sure
File has to pass through FTPS connection.. Connection parameters?
Port for Implicit SSL is 990
regards
Ninad

Unable to connect to internal SSL sites with unknown CA's after 36.0 update.

Last week my browser auto-updated to version 36.0 and I am now no longer able to connect to certain internal corporate websites. These sites either have self-signed certs, or certs signed by an internal CA. They do not use certs signed by publicly known "trusted" CA's.
For example, one of the errors that I receive is below:
Secure Connection Failed
An error occurred during a connection to [HOST]:[PORT]. SSL peer rejected a handshake message for unacceptable content. (Error code: ssl_error_illegal_parameter_alert)
Although a warning message is received in IE or Chrome we are given the option to proceed and the site opens correctly, despite those browsers also indicating that the servers cert is not trusted.
I have added the internal CA's cert to the Authorities tab in the Firefox Certificate Manager, but am still not able to connect to the internal site.
Firefox allows me to accept some incorrect certs (or at least it did in the past), why is this not the default behavior with *all* certificate related problems? I realize that there are malicious sites out there, but there are also internal ones that are being blocked as well. Is there a config option that can be set so a user is prompted for all cert errors and they can decide to proceed if desired instead of just being blocked from the site? I understand blocking by default, but there also needs to be a way to proceed for advanced users.
Are there any configuration options to loosen the cert standards for sites? All other sites seem to load properly and otherwise there are no problems with the browser.
Sorry if this is the wrong place to post, I wasn't sure where to.
Thanks for any assistance!
-Beaty

First, sorry for the delay in responding, things have been crazy here lately.
Secondly, here is the output from openSSL for connecting to the server:
OpenSSL> s_client -connect qrsa01.qnao.net:443
Loading 'screen' into random state - done
CONNECTED(00000180)
depth=1 CN = RSA root CA for qrsa01.qnao.net, serialNumber = 15702a01a563d5b8f2b
a65250ad81947eef537554eae2320efed2159a8193bd5
verify error:num=19:self signed certificate in certificate chain
Certificate chain
0 s:/CN=qrsa01.qnao.net/serialNumber=3b444eeb8355fb2b5b686d03ce1c0a61cd3552a184
001b9564700f7cebcbe9f0
i:/CN=RSA root CA for qrsa01.qnao.net/serialNumber=15702a01a563d5b8f2ba65250a
d81947eef537554eae2320efed2159a8193bd5
1 s:/CN=RSA root CA for qrsa01.qnao.net/serialNumber=15702a01a563d5b8f2ba65250a
d81947eef537554eae2320efed2159a8193bd5
i:/CN=RSA root CA for qrsa01.qnao.net/serialNumber=15702a01a563d5b8f2ba65250a
d81947eef537554eae2320efed2159a8193bd5
Server certificate
-----BEGIN CERTIFICATE-----
MIIDdDCCAlygAwIBAgIQYNRTnyH83tfcpTKMxP2kbTANBgkqhkiG9w0BAQUFADB1
MSgwJgYDVQQDDB9SU0Egcm9vdCBDQSBmb3IgcXJzYTAxLnFuYW8ubmV0MUkwRwYD
VQQFE0AxNTcwMmEwMWE1NjNkNWI4ZjJiYTY1MjUwYWQ4MTk0N2VlZjUzNzU1NGVh
ZTIzMjBlZmVkMjE1OWE4MTkzYmQ1MB4XDTEzMTExMTIxMTcwMloXDTMzMTExMjIx
MTcwMlowZTEYMBYGA1UEAwwPcXJzYTAxLnFuYW8ubmV0MUkwRwYDVQQFE0AzYjQ0
NGVlYjgzNTVmYjJiNWI2ODZkMDNjZTFjMGE2MWNkMzU1MmExODQwMDFiOTU2NDcw
MGY3Y2ViY2JlOWYwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwgkK
Lx1fAgNJsejbev9HP/j6I1quZH3oH4mQ5sy/Hx/F2yWXnf0vUFjclP8swte3OFA+
+okNqESCUDTZYHA4b3GCJDbzLKTWXOZ9GuZ8f2xAGbTYNEVdzTD2io0HBVwvd0O/
XGYn1vF1J+PghKJq40fQgdvVSJ2ZKeFc8U1yBRrEbL7/9XG7cgQxMkyzwdaWUg8k
9aGWn7ajSduJqYAb0NFbycZyY9JqKLRaI+L4bUyZZSUiDNV08dzPca7zDlA/G26K
mVfxdnQDp5sX6x7LMUDfo25gJVHOB7bp25/XCSASWBKG0BQx+Snl/mPmiY+00B6l
PTjyV4h3j2e4o255rQIDAQABoxAwDjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEB
BQUAA4IBAQCdUBdHPPmMzArZ8w5+FLoOo6VFA1gNDtOa+YDpt1H5K/ki0lO49W2v
vKDPC6J60gTnvwtNe7zT2l6QIEf/k1Ene+ZvWFmOW1Eco2cWnXaxEmbb3L1uxvid
6vMCWscKvbo0LRLrskAWhzionoziGazkt8XqM7prmlroH7n9keLyIFRFhbzSYKhp
q3Zd2Ys/7AFzwIGymTe8MncU1bYw5vYl5hvy8KR8t+qqz/DNBXDCQ2FPpEK9SWrT
7LF7iPrrCi0Zd8gSFkcCWWojCcOpk+FKU3Lo3geURvNypNZMihenuWPoTSn+PCE/
vJZCWnp7n2DDeDOBmNvaV2K2R5w81+xN
-----END CERTIFICATE-----
subject=/CN=qrsa01.qnao.net/serialNumber=3b444eeb8355fb2b5b686d03ce1c0a61cd3552a
184001b9564700f7cebcbe9f0
issuer=/CN=RSA root CA for qrsa01.qnao.net/serialNumber=15702a01a563d5b8f2ba6525
0ad81947eef537554eae2320efed2159a8193bd5
No client certificate CA names sent
SSL handshake has read 1948 bytes and written 675 bytes
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : RC4-SHA
Session-ID: 550194FCFA9BE4A1060430A13EBA67B9EBD793485253412053534C4A20202020
Session-ID-ctx:
Master-Key: F1FD3AB4846FBC14D35EB7BBAFF8704821940DDE5A0549519A0AFF2EC8CAF245
08DCAA6D4F9FB1D125664FC7BFE87E95
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1426167036
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
read:errno=0
OpenSSL>
I had already set the tls.security.version.min to 0, so would have expected to be able to connect.
At this point it seems like the problem is that we are using an internal CA to sign the cert for this server, but Firefox won't allow me to proceed despite this. Is there an option that I can set to have firefox prompt on all certificate issues and give me the option to proceed anyways?
Any other thoughts/suggestions?

IHat : connecting to an SSL-enabled opmn notifcation server

I'm having trouble connecting iHat to an app server
instance, where the opmn.xml file contains
<notification-server>
<port local="6100" remote="6200" request="6003"/>
<log-file path="$ORACLE_HOME/opmn/logs/ons.log" level="4" rotation-size="1500000"/>
<ssl enabled="true" wallet-file="$ORACLE_HOME/opmn/conf/ssl.wlt/default"/>
</notification-server>
In the ons.log I get errors
... :6200 SSL handshake failed
Has anyone had any success working around this problem?
Thanks
- Charles Poulsen

Clear the cache and the cookies from sites that cause problems.
"Clear the Cache":
* Tools > Options > Advanced > Network > Offline Storage (Cache): "Clear Now"
"Remove Cookies" from sites causing problems:
* Tools > Options > Privacy > Cookies: "Show Cookies"

How to connect LDAP though SSL

Hi,
I had successfully configured iDS4.1 to be a Naming Information Server,
and I applied a Test cert to it which generated from Verisign. Now I
would like to let all LDAP client connect to my LDAP server though the
encrytion port 636, what should i do?
Thanks
Matthew

Matthew Cheung wrote:
>
I had successfully configured iDS4.1 to be a Naming Information Server,
and I applied a Test cert to it which generated from Verisign. Now I
would like to let all LDAP client connect to my LDAP server though the
encrytion port 636, what should i do?
When you want to connect to LDAP via SSL the server sends his
certificate to the client. The client then wants to verify this cert and
therefore he needs the certificate of the issuer of the server cert. If
the verification fails (e.g the issuer cert is missing, no longer valid,
revoked or not trusted) the client refuses the connection to the server.
So all your clients need the certificate of the issuer of your Test
cert. In your case insert the Verisign certificate into your LDAP
Clients as a trusted CA certificate. Then configure your clients to use
a secure connection with host = your.ldap.host and port = 636 (or
whatever port you use for encrypted connections). You also need the
baseDN and maybe a bindDN and password.
Armin Wenz

Cfhttp connection failed on SSL

I'm running CF 9 Ent using JVM 1.6.0_14.
We had a credit card processor API that was working fine until this weekend when they updated their SSL certificate. Then we started getting the connection failed message. So I went in and got a copy of their .cer file and I imported it into the KeyStore using the keytool. I reboot the VM and the CFHTTP works for about 5 minutes then starts giving the Connection Failure message again. The URL comes up fine in a browser on the desktop of the VM. I'm at a loss as to what to do now. The places online where I see people having this issue they all claim an import of the keyfile fixes it. You would think it would work find all the time or not at all. Makes no sense why it works for a little bit after a reboot then doesn't work again all the sudden. Anybody got any suggestions?

I'm running CF 9 Ent using JVM 1.6.0_14.
We had a credit card processor API that was working fine until this weekend when they updated their SSL certificate. Then we started getting the connection failed message. So I went in and got a copy of their .cer file and I imported it into the KeyStore using the keytool. I reboot the VM and the CFHTTP works for about 5 minutes then starts giving the Connection Failure message again. The URL comes up fine in a browser on the desktop of the VM. I'm at a loss as to what to do now. The places online where I see people having this issue they all claim an import of the keyfile fixes it. You would think it would work find all the time or not at all. Makes no sense why it works for a little bit after a reboot then doesn't work again all the sudden. Anybody got any suggestions?

Error messagCannot connect Secure connection needed enable ssl 3.0 and slt

Error message "We cannot complete your itunes request. A secure internet connection cannot be determined. Be sure to enable ssl 3.0 or slt 1.0 in the internet options control panel. I did NOTHING different to my computer. One day I could purchase songs from itunes and 4 days later I couldn't. I've checked all things that discussion boards and technical support have suggested and nothing works. Enabled ssl 3.0 and slt 1.0, turned off firewall, authorized my computer, blah, blah...
Not only can't I purchase songs but when I plug in my ipod to shuffle or change playlists, the error messages tell me I will lose many of my songs if I don't authorize my account. Then, back to the problem of it looping me through error messages.

You don't really need to do anything, as the handshake will fall back to SSLv3 if either end can't speak TLS.
However if you want to enforce SSLv3 and nothing else (e.g. SSLv2) you could remove TLSv1 from the enabledProtocols of the SSLSocket (or SSLServerSocket if you're writing a server). You should also remove SSLv2 at the same time IMHO as it is insecure.
Alternatively, if you're using SSLContexts, do SSLContext.getInstance("SSLv3") and get your SSLSocketFactory from the result; see http://java.sun.com/j2se/1.4.1/docs/guide/security/jsse/JSSERefGuide.html#AppA.
EJP

Confirming connections are over ssl - OAS - advanced security

I have both ssl encrypted, via OAS, and non-ssl connection support configured. During a transition time, before I disable the clear text connection support, I'd like to monitor how clients are making the connection and hopefully, be able to identify them so they can "adjusted" away from clear text. I can do this with a tcpdump filter on the server, but is there some way to collect this information in the database?
I consider net8 tracing on the server a silly response to this question, too much overhead and it requires a restart to turn tracing on. tcpdump is a much easier way to attack the problem down near that layer. This query will tell you about your current session, but I need to know about all sessions.
select sys_context('USERENV','NETWORK_PROTOCOL') from dual;
Thanks.

I was curious about why I would get the periodic close() callsBecause RMI does connection pooling, which you can also control via those system properties, and part of that is closing idle connections.
and also about why the ServerHello might be timing out. Any further insight?Network problems?
Would the DNS configuration still come into play even if we were connecting purely to the IP address?Yes because Java does reverse DNS lookups when opening sockets.
Do the domain names in the cert chain(s) possibly get resolved every time?No.

Flex SSL Connection on Non-SSL page

hey there everyone,
i'm about to get into my first FLEX project. however, before my company decides as to whether or not we'll go w/ Flex and the proposed solution, there was a question that I had to find an answer to, namely: if the end-user is on a non-ssl page, selects a link that has something similar to a shadowbox popup open in the window containing the FLEX interface, can the said FLEX webapp connect via SSL?
Hopefully I explained the problem correctly. Please let me know if I need to develop the idea and explanation further.
Thanks for any help!

Yes a Flex app can use secure transport even if it's not hosted in a secure container.
Look at
SecureAMFChannel
SecureHTTPChannel
for examples on how to do this.
I suppose the converse is also true... you can make non-secure calls from a secure page, but I've never tried this, so...

Connect DTR by SSL

Similar Messages

Maybe you are looking for