Custom Certificate in URL AGENT grid 12c

Hi all..
I'm using the grid control 12c in my enviroment and i'd like configure to use certificate in the SSL ports.
I configured the certificate in the SSL port in OMS server successfully, but when try configure the custom certificate in the port of URL AGENT I can´t.
Let me know if someone has gone through this?
Regards,
Alessandro Silveira

Can you provide more details as to what happens when you try to configure the certificate on the agent side.
-Mughees

Similar Messages

Em grid 12c doesn't discorer db 9i

Hello,
I install the agent from the emgrid on a machine with an oracle db 9i.
All the installation is going fine but when i try to add the database on grid the discover process on the machine doesn't find nothing.
I check the agent status and it is up and running.
oragrid@piteco:~/agent12c/core/12.1.0.1.0/bin$ ./emctl status agent+
Oracle Enterprise Manager 12c Cloud Control 12.1.0.1.0
Copyright (c) 1996, 2011 Oracle Corporation. All rights reserved.
Agent Version     : 12.1.0.1.0
OMS Version       : 12.1.0.1.0
Protocol Version : 12.1.0.1.0
Agent Home        : /usr3/oragrid/agent12c/agent_inst
Agent Binaries    : /usr3/oragrid/agent12c/core/12.1.0.1.0
Agent Process ID : 4638
Parent Process ID : 4039
Agent URL         : https://piteco.scmgroup.com:3872/emd/main/
Repository URL    : https://emgrid.scmgroup.com:4901/empbs/upload
Started at        : 2012-04-18 12:07:04
Started by user   : oragrid
Last Reload       : (none)
Last successful upload                       : 2012-04-18 14:02:20
Last attempted upload                        : 2012-04-18 14:02:20
Total Megabytes of XML files uploaded so far : 0.4
Number of XML files pending upload           : 0
Size of XML files pending upload(MB)         : 0
Available disk space on upload filesystem    : 68.42%
Collection Status                            : Collections enabled
Last attempted heartbeat to OMS              : 2012-04-18 14:06:24
Last successful heartbeat to OMS             : 2012-04-18 14:06:24
Agent is Running and Ready
Please, help me!
Thanks

Hi,
Only 9.2.0.8 db target is certified with 12C to monitor.
Deploy the latest database plugin to OMS and Agent as per the following note:
Note 1388143.1 - How to Deploy Latest Database Plugin to OMS and Agent in 12C Cloud Control
Once the latest plugin is deployed, add the database target as per the steps mentioned above.
-->Refer to note 1371846.1
Best Regards,
Venkat

SAP Certificate vs Customer Certificate - Best Practice

Hi All
We are using an external archive server for archiving data and documents. The communication between SAP and the server is made secure using certificates.
As per my limited understanding, SAP uses its own certificate for this communication, that is generated in the transaction STRUST. I think it is also possible to use a customer certificate for this communication by importing it in the same transaction.
We need to determine whether to use the standard SAP certificate or use a custom one in our project. Under which scenarios is it recommended to use a custom certificate? Are there any disadvantages of using the standard SAP certificate?
Any help is appreciated. Thanks in advance.
Joy

Hi,
If you archive server is inside your corporate network, I don't see why it would be needed to use a custom certificate.
I don't even know if it is possible because this is the System PSE.
The SAP system send its STRUST PSE to the archive server at initialization.
Then each URL generated by the SAP system is signed with the certicate in order for the archive server to know from where the command came.
I would advice you to keep using the standard System PSE.
Regards,
Olivier

Which version of DB for OEM Grid 12c is stable?

Hello friends.
My intention is to set up a new OEM Grid 12C OMS installation.
This will be for a relatively small number of databases, approx. 40 or 50, mixture of production and test/dev.
I intend on having the OEM repository database on the same server (or VM) as the OMS software.
I've done it this way in the past and it works fine without any resource contention (regardless what Oracle recommends).
The question I have is if I set up the OMS 12c, what is the latest and most stable (recommended) version of database to use for the OEM repository database.
My initial thoughts were to use 11.2.0.4 EE, because I'm not crazy about using the first version of an Oracle database release (i.e., 12.1).
In the past, for every version I can remember going back to v.6, the second release resolved all the major issues with the first release, and also included new features that didn't make it into the first release.
My installation will be on a VM running Redhat Linux 6.4.
Thank you in advance...
I've found the OEM forum and moved this message to the OEM forum.

If your OMS is installed on a host that is protected by a firewall and the Management Agents that provide management data are on the other side of the firewall, you must perform the following tasks:
Configure the OMS to use a proxy server for its communications to the Management Agents.
Configure the firewall to allow incoming HTTP traffic from the Management Agents on the Management Repository upload port.
Check this documentation link below, it will help you. " Configuring EM for firewalls"
http://docs.oracle.com/cd/E24628_01/install.121/e24089/firewalls.htm#BEIEJCGC

Best approach to add Z custom field to IC Agent Inbox search and results view

Hi Experts,
We are having a requirement to add a Z custom field to IC Agent Inbox search and results view. I got multiple forums and ideas, but looking for the best approach for handling this. I am sure, you experts, would have already done this.
Thanks in advance.
Regards
Siva

Hi Sivakumar,
AET is the best way by far to create a custom field in this area. It is easy and simple.
Also, field once added in one business object it can be used at different objects as well.
There is also a demo available for AET on sdn.
Please let me know if any more help is required.
Thanks,
Bhushan

Soa suite 11.1.1.4 & Grid 12C

Periodically in Grid 12C and Grid 11 we have got database soainfra workload and we have find it that this is becouse of very strange select SELECT COUNT(*) FROM CUBE_INSTANCE ci WHERE ci.COMPONENTTYPE = :1 AND ci.STATE IN (6, 10) and we receive about 20 selects like this in 1 minute. Had anyone this situation?

Hello Anuj,
Thanks for replay.
This is request from soainfra (JDBC Thin Client).
I have AWR report:
WORKLOAD REPOSITORY report for
DB Name DB Id Instance Inst Num Startup Time Release RAC
SOADB 1514424829 soadb2 2 11-Jan-12 16:15 11.2.0.1.0 YES
Host Name Platform CPUs Cores Sockets Memory(GB)
soa11db02.teleco Linux x86 64-bit 32 32 32 30.97
Snap Id Snap Time Sessions Curs/Sess
Begin Snap: 35572 11-Jan-12 23:45:05 193 6.9
End Snap: 35573 12-Jan-12 00:00:40 156 5.2
Elapsed: 15.58 (mins)
DB Time: 327.87 (mins)
Cache Sizes Begin End
~~~~~~~~~~~ ---------- ----------
Buffer Cache: 432M 432M Std Block Size: 8K
Shared Pool Size: 1,168M 1,168M Log Buffer: 16,548K
Load Profile Per Second Per Transaction Per Exec Per Call
~~~~~~~~~~~~ --------------- --------------- ---------- ----------
DB Time(s): 21.0 6.2 0.70 0.05
DB CPU(s): 0.4 0.1 0.01 0.00
Redo size: 19,706.4 5,774.0
Logical reads: 23,499.3 6,885.4
Block changes: 76.3 22.4
Physical reads: 21,018.6 6,158.5
Physical writes: 40.3 11.8
User calls: 395.7 115.9
Parses: 21.2 6.2
Hard parses: 0.3 0.1
W/A MB processed: 2.0 0.6
Logons: 2.3 0.7
Executes: 30.0 8.8
Rollbacks: 1.2 0.4
Transactions: 3.4
Instance Efficiency Percentages (Target 100%)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Buffer Nowait %: 99.91 Redo NoWait %: 99.95
Buffer Hit %: 98.75 In-memory Sort %: 100.00
Library Hit %: 98.78 Soft Parse %: 98.50
Execute to Parse %: 29.36 Latch Hit %: 99.97
Parse CPU to Parse Elapsd %: 3.02 % Non-Parse CPU: 98.96
Shared Pool Statistics Begin End
Memory Usage %: 70.70 70.99
% SQL with executions>1: 82.86 83.78
% Memory for SQL w/exec>1: 85.60 90.25
Top 5 Timed Foreground Events
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Avg
wait % DB
Event Waits Time(s) (ms) time Wait Class
direct path read 834,521 12,929 15 65.7 User I/O
db file sequential read 8,189 3,759 459 19.1 User I/O
db file scattered read 1,999 2,286 1143 11.6 User I/O
DB CPU 364 1.8
read by other session 398 347 873 1.8 User I/O
Host CPU (CPUs: 32 Cores: 32 Sockets: 32)
~~~~~~~~ Load Average
Begin End %User %System %WIO %Idle
11.21 6.69 1.6 0.8 23.5 97.5
Instance CPU
~~~~~~~~~~~~
% of total CPU for Instance: 1.4
% of busy CPU for Instance: 55.0
%DB time waiting for CPU - Resource Mgr: 0.0
Memory Statistics
~~~~~~~~~~~~~~~~~ Begin End
Host Mem (MB): 31,710.0 31,710.0
SGA use (MB): 1,808.0 1,808.0
PGA use (MB): 802.8 704.7
% Host Mem used for SGA+PGA: 8.23 7.92
RAC Statistics DB/Inst: SOADB/soadb2 Snaps: 35572-35573
Begin End
Number of Instances: 2 2
Global Cache Load Profile
~~~~~~~~~~~~~~~~~~~~~~~~~ Per Second Per Transaction
Global Cache blocks received: 7.43 2.18
Global Cache blocks served: 7.97 2.34
GCS/GES messages received: 67.34 19.73
GCS/GES messages sent: 80.02 23.45
DBWR Fusion writes: 1.91 0.56
Estd Interconnect traffic (KB) 151.96
Global Cache Efficiency Percentages (Target local+remote 100%)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Buffer access - local cache %: 98.46
Buffer access - remote cache %: 0.29
Buffer access - disk %: 1.25
Global Cache and Enqueue Services - Workload Characteristics
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Avg global enqueue get time (ms): 2.2
Avg global cache cr block receive time (ms): 9.4
Avg global cache current block receive time (ms): 25.9
Avg global cache cr block build time (ms): 0.0
Avg global cache cr block send time (ms): 0.1
Global cache log flushes for cr blocks served %: 1.5
Avg global cache cr block flush time (ms): 386.8
Avg global cache current block pin time (ms): 31526.5
Avg global cache current block send time (ms): 0.1
Global cache log flushes for current blocks served %: 7.5
Avg global cache current block flush time (ms): 269.2
Global Cache and Enqueue Services - Messaging Statistics
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Avg message sent queue time (ms): 0.0
Avg message sent queue time on ksxp (ms): 12.6
Avg message received queue time (ms): 0.0
Avg GCS message process time (ms): 0.0
Avg GES message process time (ms): 0.0
% of direct sent messages: 40.72
% of indirect sent messages: 54.27
% of flow controlled messages: 5.00
Cluster Interconnect
~~~~~~~~~~~~~~~~~~~~
Begin End
Interface IP Address Pub Source IP Pub Src
eth1 192.168.1.4 N Oracle Cluster Repository
Time Model Statistics DB/Inst: SOADB/soadb2 Snaps: 35572-35573
-> Total time in database user-calls (DB Time): 19672.4s
-> Statistics including the word "background" measure background process
time, and so do not contribute to the DB time statistic
-> Ordered by % or DB time desc, Statistic name
Statistic Name Time (s) % of DB Time
sql execute elapsed time 19,517.5 99.2
DB CPU 363.5 1.8
parse time elapsed 176.5 .9
hard parse elapsed time 162.0 .8
hard parse (sharing criteria) elapsed time 10.7 .1
connection management call elapsed time 9.4 .0
PL/SQL execution elapsed time 3.8 .0
failed parse elapsed time 2.1 .0
PL/SQL compilation elapsed time 0.0 .0
repeated bind elapsed time 0.0 .0
DB time 19,672.4
background elapsed time 1,438.0
background cpu time 13.5
Operating System Statistics DB/Inst: SOADB/soadb2 Snaps: 35572-35573
-> *TIME statistic values are diffed.
All others display actual values. End Value is displayed if different
-> ordered by statistic type (CPU Use, Virtual Memory, Hardware Config), Name
Statistic Value End Value
BUSY_TIME 68,611
IDLE_TIME 2,705,656
IOWAIT_TIME 651,332
NICE_TIME 0
SYS_TIME 22,920
USER_TIME 45,204
LOAD 11 7
PHYSICAL_MEMORY_BYTES 33,250,344,960
NUM_CPUS 32
NUM_CPU_CORES 32
NUM_CPU_SOCKETS 32
GLOBAL_RECEIVE_SIZE_MAX 4,194,304
GLOBAL_SEND_SIZE_MAX 1,048,586
TCP_RECEIVE_SIZE_DEFAULT 87,380
TCP_RECEIVE_SIZE_MAX 4,194,304
TCP_RECEIVE_SIZE_MIN 4,096
TCP_SEND_SIZE_DEFAULT 16,384
TCP_SEND_SIZE_MAX 4,194,304
TCP_SEND_SIZE_MIN 4,096
Operating System Statistics - Detail DB/Inst: SOADB/soadb2 Snaps: 35572-35573
Snap Time Load %busy %user %sys %idle %iowait
11-Jan 23:45:05 11.2 N/A N/A N/A N/A N/A
12-Jan 00:00:40 6.7 2.5 1.6 0.8 97.5 23.5
soadb.telecom
846481 16696 828 143 0 0 1088866 10
SYS$USERS
5926 3004 162 0 1 0 1514 0
SYS$BACKGROUND
1644 1039 153 2 0 0 0 0
SQL ordered by Elapsed Time DB/Inst: SOADB/soadb2 Snaps: 35572-35573
-> Resources reported for PL/SQL code includes the resources used by all SQL
statements called by the code.
-> % Total DB Time is the Elapsed Time of the SQL statement divided
into the Total Database Time multiplied by 100
-> %Total - Elapsed Time as a percentage of Total DB time
-> %CPU - CPU Time as a percentage of Elapsed Time
-> %IO - User I/O Time as a percentage of Elapsed Time
-> Captured SQL account for 63.5% of Total DB Time (s): 19,672
-> Captured PL/SQL account for 6.1% of Total DB Time (s): 19,672
Elapsed Elapsed Time
Time (s) Executions per Exec (s) %Total %CPU %IO SQL Id
5,073.8 110 46.13 25.8 1.3 97.0 gcgrp99sfm5t9
Module: JDBC Thin Client
SELECT count(*) FROM CUBE_INSTANCE ci WHERE ci.COMPONENTTYPE = :1 AND ci.STATE
IN (6, 10)
4,688.1 110 42.62 23.8 .8 98.2 80ccpb53caau6
Module: JDBC Thin Client
SELECT count(*) FROM CUBE_INSTANCE ci WHERE ci.COMPONENTTYPE = :1 AND ci.STATE
IN (1)
633.2 2 316.59 3.2 .0 98.2 8pa3fnfk6ynuy
Module: JDBC Thin Client
SELECT CIKEY, NODE_ID, SCOPE_ID, COUNT_ID, DOMAIN_NAME, COMPONENT_NAME, COMPOSIT
E_NAME, COMPOSITE_LABEL, COMPOSITE_REVISION, COMPONENTTYPE, PRIORITY, EXP_DATE F
ROM WI_EXPIRABLE WHERE EXP_DATE < :1 AND COMPONENTTYPE = :2
536.9 0 N/A 2.7 .9

Using a custom certificate store for SCCM 2012 clients and primary site server

I have read what seems to be all the pki related documentation out there for SCCM 2012. I have a PKI infrastructure up and running issueing certificates with an offline root through group policy autoenrollment. The problem that i'm faced with is we are migrating
from SCCM 2007 that was in native mode and we chose not to use the CA that we used for the old SCCM environment. When the clients attempt to communicate with the M.P. it runs through all of the different certificates and adds a tremendous amount of overhead
to the M.P. We will have ten's of thousands of clients by migration end. Could someone please point me to a document that goes over how to leverage a custom certificate store that I could then tell the new 2012 environment to use? I know that it's in there,
I've seen it in the console. The setup is one primary site server with SQL on box and the pki I just mentioned as well as the old 2007 environment that is still live.
I read that you can try and use SAN as a method of identifying the new certs but I haven't found a good document covering exactly how that works. Any info you could provide I would be very grateful for. Thanks.

Jason, thank you for your reply. I'm getting the impression that you have never been in the situation where you had to deal with 2 different PKI environments. Let me state that I understand what your saying about trust. We have to configure the trusted root
CA via GPO. That simply isn't enough, and I have a valid example to backup this claim. When the new clients got the advertisement and began the ccmsetup process I used the /pki switch among others. What the client end up doing was selecting a certificate that
had the longest validity period which was issued by our old CA. It checked the authentication chain, found it to be valid and selected it for communication. At that point the installation failed, period, no caveats as you say. The reason the install failed
because the new PKI infrastructure is integrated into the new environment, and the old is not. So when you said " that
are trusted and they can use *any* cert that is trusted because at the end of the day, there is no
difference between two valid certs that have the same purpose as long as they are trusted. "
that is not correct. Both certs are trusted, and use the same certificate template, but only one certificate would allow the install to complete successfully.
Once I started using the CCMCERTISSUERS
switch the client install went swimmingly. The only reason I'm still debating this point is because someone might read this thread see your comments and assume "well I've got my new PKI configured as a trusted root CA, I should be all set" and their
deployment will fail, just as my pilot did.
About Intune I'm looking forward to doing a POC in the lab i built with my Note 3. I'm hoping it goes well as I really want to have our MDM migrated into ConfigMgr... I think the
biggest obstacle outside of selling it to management will be the actual device migration from the current MDM solution. From what I understand of the enrollment process manual install and config is the only path forward.
Thanks Jason for your post and discussion.

Custom certificates for JAR file signing

Hi,
Can anyone please let me know how to check that we have custom certificates for JAR file signing set up in our instance
Thanks,
Praveen

It depends on the version of your $ADJVAPRG. See the referenced note.
How to use,create and /or update Digital Certificates for Jinitiator in 11i Applications
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=365735.1

AS2 Certificates and URL

Hi,
We are setting up a party and going to exchange via AS2.
As the messages would involve outbound and inbound, they had forwarded their certificates along with URL path.
Also, they were requesting GLN number. Please let me know what is it about.

Hi Krish,
>>As the messages would involve outbound and inbound, they had forwarded their certificates along with URL path.
Nwo you need to provide your certificates and url.. Generally there shoudl be a template for exchanging this information...
GLN number is an identification number, through which your messages are identified.. we call it as AS2ID
Regards
Suraj

Need clarification on DNS, Certificate and URL? during 2010 to 2013 migration

Hi Guys,
I am working on a migration project Lync server 2010 to 2013.
Lync 2010 Standard Edition and Edge
Lync 2013 Ent edition and Edge (Enterprise Voice "SIP Trunk")
I need few clarification on How to setup the DNS, Certificate and URL Pre and post migration?
Shall we use the Lync 2010 existing internal and external URLs to lync 2013 or do we need to setup a new URLs for lync 2013?
How about the DNS records and Certificates?
I have gone trough the below blogs but need clear understanding on this part..
http://lyncdude.com/2013/08/11/understanding-lync-dns-records-and-autoconfiguration/
https://technet.microsoft.com/en-us/library/hh690044.aspx
and few more....
Thanks,
Balakrishna G
Regards, Balgates

Hi,
Agree with Thamara.Wijesinghe.
You need to different Web service URL for Lync Server 2010 and Lync Server 2013. If you only have Web service URL for Lync Server 2010, then Lync 2013 mobile will fail to connect to FE Server. If you point Web service URL point to Lync Server 2013 Pool,
then both Lync 2010 and 2013 mobile clients will connect to FE Server successfully.
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support

Agent Grid Control

Hi everyone,
I have a doubt about this scenario, i can somebody can help me.
We have a grid control 10g and much databases in our company in 10g. We have migrated of 10g to 11g a database of all. So my doubt is if i must install the agent grid control 11g (will be it compatible with the 10g grid control) or i must install the agent 10g?
It is basically,
Thank you if somebody can help me.
Regards.

user12215372 wrote:
Hi everyone,
I have a doubt about this scenario, i can somebody can help me.
We have a grid control 10g and much databases in our company in 10g. We have migrated of 10g to 11g a database of all. So my doubt is if i must install the agent grid control 11g (will be it compatible with the 10g grid control) or i must install the agent 10g?
It is basically,
Thank you if somebody can help me.
Regards.does it work now?
How do I ask a question on the forums?
SQL and PL/SQL FAQ

QuickVPN Plus with custom certificates

I am attempting to establish a VPN connection using QuickVPNPlus to a WRV200. I generated my own certificate for security. With the Linksys Quick VPN client, I would put the certificate .pem file in the same directory as the Linksys Quick VPN client. How do I tell QuickVPNPlus to use a custom certificate file? When I attempt to connect I get the following: QuickVPNplus ver: 1.0.6 Flags: 0 (0x0) OSver: 5.1 [T] Figuring out local interface. [T] ipADD 192.168.1.102 [T] defGW 192.168.1.1 [T] match found - I am done here. [T] interface type: 6 Local ip address: 192.168.1.102 Requesting configuration data from 71.30.180.242 ... [T] Uri: https://userassword@myrouter:443/StartConnection.htm?versi on=1?IP=192.168.1.102?PASSWD=password?USER=user [I] using WinInet [W] Authorization 12045 - The certificate authority is invalid or incorrect SSLsrvCert: US California Irvine "Cisco-Linksys, LLC" WRV200 001A70B2532D [E] HttpSendRequest 12152 - The server returned an invalid or unrecognized response

The Quick VPN Plus client was downloaded from the linksys community forum: http://www.linksysinfo.org/forums/showthread.php?t=52876 It's an alternative to Quick VPN that is available. The reason I am attempting to use the Quick VPN Plus client b/c I haven't been able to get the Quick VPN client to work. Quick VPN connects (username/password, certificate all validates). However, after it connects I get the popup "The remote gateway is not responding...". I cannot ping any system on the remote side. This problem with Quick VPN occurs on systems that have previously had the Cisco VPN client installed. I have uninstalled the Cisco VPN client and re-installed the QuickVPN client many times to no avail. This is why I am trying Quick VPN Plus client.

Link between Material code, Customer & Certificate Profile (Quality)

Hi All
I develop one smart form for quality certificate.
But I am not able to find out the link between Material, Customer & Certificate profile.
In which table these all data are storing.
On the basis of above condition MIC will print on Quality certificate.
Regards
ARK

It should be posted in QM forum, isn't it? Anyway, try this.
First you get the profile schema in table T683 (configuration of profile schema in Quality Management -> Quality certificates -> Certification Profile -> Profile determination -> Define schema for profile determination). Standard one is QC0001.
Then you use function call V61I_CERT_PROFILE_FINDING with parameter (standard routine for finding certificate profile. Unless you have the user exit, this routine should work):
I_APPLICATION = QC
I_DATE = current date or whatever date (i.e., delivery date in outbound delivery)
I_DIALOG = leave blank
I_HEADER_COMMUNICATION => here you can put in your customer, material, plant ; depend on your access sequence
I_SCHEME = value from table T683
You will get the output in table E_KONDI which give you data of condition rec. no, certification type, profile and version.
Then you can use certification type, profile and version to select the characteristics from QCVM.
Hope it helps.

Sun Java Webconsole custom certificate

I'm trying to use a custom certificate for Sun Java Webconsole; specifically, I'm trying to use the same certificate that we user for our other applications on the server.
I have tried going into /var/webconsole/domains/console/conf/console.xml and changing the keystore file location, then tried using wcadmin password -k to change the password to the correct password. However, it refused to boot afterwords. the only error message I could find in any logs was that it could not determine the status of the webconsole.
I really need to be able to do this because our IA trolls are demanding that all the browsers available on the box can only use known and trusted ssl certs, and the self-signed certs that webconsole uses doesn't work under that regime.
This is the only reference I have found to this: http://forums.sun.com/thread.jspa?threadID=5432923
And this has almost no useful information: http://docs.sun.com/app/docs/doc/817-1985/sunweb-1?l=en&a=view
Can anyone help me???/

This one hit me too, thanks for the hint. FWIW, the [patch description|http://sunsolve.sun.com/search/document.do?assetkey=1-21-125953-18-1] does indeed list this particular issue:
a. JWC services that run local-only, seem to be undone (6722988).
The console service is now [Secure By Default|http://opensolaris.org/os/community/security/projects/sbd/] . That is,
tcp-listen in /var/svc/manifest/system/webconsole.xml
is now set to false, so the console is by default set to
local-only mode. The administrator should set it to true in
order to allow the console to work over the network.

SSL between NSAPI and WLS with custom certificate and RequireSSLHostMatch=true fails

I am trying to use SSL for communication between NSAPI and WebLogic
server (server authentication at the NSAPI).
Therefore, a custom server certificate is installed on WLS, containing this
server's hostname. The NSAPI is configured (RequireSSLHostMatch=true) to
check the hostname contained in the certificate against the WebLogicHost
parameter in the "obj.conf" file. The corresponding TrustedCAFile is installed
for NSAPI.
The SSL setup seems to work ok, but when matching the hostname, it seems like
NSAPI is trying to do a string-match against the numeric IP of the WebLogicHost,
not on the hostname as configured in the WebLogicHost parameter.
The relevant entry in the "obj.conf" file:
<Object name="weblogic" ppath="*">
Service fn=wl-proxy WebLogicHost=btsun2a.muc \
WebLogicPort=7162 \
Debug=ALL \
SecureProxy=ON \
TrustedCAFile=/home/qx13604/wls61/config/testdomain/TC_RootServer_PEM_Class0.pem
RequireSSLHostMatch=true
</Object>
I am using WLS6.1 with NSAPI (both Solaris). The content of "wlproxy.log" is as
follows.
Any ideas?
Content of "wlproxy.log":
Thu Oct 11 12:30:22 2001 INFO: SSL is configured
Thu Oct 11 12:30:22 2001 INFO: Initializing SSL library
Thu Oct 11 12:30:22 2001 Loaded 1 trusted CA's
Thu Oct 11 12:30:22 2001 INFO: Successfully initialized SSL
Thu Oct 11 12:30:22 2001 INFO: SSL configured successfully
Thu Oct 11 12:30:22 2001 ....relFile.../index.jsp...
Thu Oct 11 12:30:22 2001 URI=[index.jsp]
Thu Oct 11 12:30:22 2001 Initializing lastIndex=0 for a list of length=1
Thu Oct 11 12:30:22 2001 attempt #0 out of a max of 5
Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
at line 1156 for '/index.jsp'
Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
Thu Oct 11 12:30:22 2001 Going to check the general server list
Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
Thu Oct 11 12:30:22 2001 INFO: sysSend 52
Thu Oct 11 12:30:22 2001 Partial read socket
Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
validation failed
Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
of URL.cpp
Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
line 550 of URL.cpp]: at line 944
Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
Thu Oct 11 12:30:22 2001 INFO: sysSend 14
Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
Thu Oct 11 12:30:22 2001 attempt #1 out of a max of 5
Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
at line 1156 for '/index.jsp'
Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
Thu Oct 11 12:30:22 2001 Going to check the general server list
Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
Thu Oct 11 12:30:22 2001 INFO: sysSend 52
Thu Oct 11 12:30:22 2001 Partial read socket
Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
validation failed
Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
of URL.cpp
Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
line 550 of URL.cpp]: at line 944
Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
Thu Oct 11 12:30:22 2001 INFO: sysSend 14
Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
Thu Oct 11 12:30:22 2001 attempt #2 out of a max of 5
Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
at line 1156 for '/index.jsp'
Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
Thu Oct 11 12:30:22 2001 Going to check the general server list
Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
Thu Oct 11 12:30:22 2001 INFO: sysSend 52
Thu Oct 11 12:30:22 2001 Partial read socket
Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
validation failed
Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
of URL.cpp
Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
line 550 of URL.cpp]: at line 944
Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
Thu Oct 11 12:30:22 2001 INFO: sysSend 14
Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
Thu Oct 11 12:30:22 2001 attempt #3 out of a max of 5
Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
at line 1156 for '/index.jsp'
Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
Thu Oct 11 12:30:22 2001 Going to check the general server list
Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
Thu Oct 11 12:30:22 2001 INFO: sysSend 52
Thu Oct 11 12:30:22 2001 Partial read socket
Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
validation failed
Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
of URL.cpp
Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
line 550 of URL.cpp]: at line 944
Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
Thu Oct 11 12:30:22 2001 INFO: sysSend 14
Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
Thu Oct 11 12:30:22 2001 attempt #4 out of a max of 5
Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
at line 1156 for '/index.jsp'
Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
Thu Oct 11 12:30:22 2001 Going to check the general server list
Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
Thu Oct 11 12:30:22 2001 INFO: sysSend 52
Thu Oct 11 12:30:22 2001 Partial read socket
Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
validation failed
Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
of URL.cpp
Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
line 550 of URL.cpp]: at line 944
Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
Thu Oct 11 12:30:22 2001 INFO: sysSend 14
Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
Thu Oct 11 12:30:22 2001 attempt #5 out of a max of 5
Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
at line 1156 for '/index.jsp'
Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
Thu Oct 11 12:30:22 2001 Going to check the general server list
Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
Thu Oct 11 12:30:22 2001 INFO: sysSend 52
Thu Oct 11 12:30:22 2001 Partial read socket
Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
validation failed
Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
of URL.cpp
Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
line 550 of URL.cpp]: at line 944
Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
Thu Oct 11 12:30:22 2001 INFO: sysSend 14
Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
Thu Oct 11 12:30:22 2001 request [index.jsp] processed ..................

I tried some other case and configured a certificate containing
the numeric IP as hostname. The authentication works fine then,
but it wouldn't be nice to hard-code the IP in the certificate
(btw. the WebLogicHost parameter is still given as DNS name, not
as IP address).
Has anyone got a solution for this?
"Wolfgang Jodl" <[email protected]> wrote:
>
I am trying to use SSL for communication between NSAPI and WebLogic
server (server authentication at the NSAPI).
Therefore, a custom server certificate is installed on WLS, containing
this
server's hostname. The NSAPI is configured (RequireSSLHostMatch=true)
to
check the hostname contained in the certificate against the WebLogicHost
parameter in the "obj.conf" file. The corresponding TrustedCAFile is
installed
for NSAPI.
The SSL setup seems to work ok, but when matching the hostname, it seems
like
NSAPI is trying to do a string-match against the numeric IP of the WebLogicHost,
not on the hostname as configured in the WebLogicHost parameter.
The relevant entry in the "obj.conf" file:
<Object name="weblogic" ppath="*">
Service fn=wl-proxy WebLogicHost=btsun2a.muc \
WebLogicPort=7162 \
Debug=ALL \
SecureProxy=ON \
TrustedCAFile=/home/qx13604/wls61/config/testdomain/TC_RootServer_PEM_Class0.pem
RequireSSLHostMatch=true
</Object>
I am using WLS6.1 with NSAPI (both Solaris). The content of "wlproxy.log"
is as
follows.
Any ideas?

Custom Certificate in URL AGENT grid 12c

Similar Messages

Maybe you are looking for