Custom sig: Non-SSL over SSL port

Similar Messages

• How to configure Node manager on Linux on ssl port

  Hi,
  I have installed SOA BPM 11.1.1.3 on linux with ssl enabled. I am trying to configure Node Manager but it's not working.
  Here are the steps I did to configure.
  1. Created a machine
  2. Added managed servers to the machine i.e. soa,bam
  3. Enroll domain using nmEnroll using
  cd $BEA_HOME/user_projects/domains/<domain_name>/bin/
  . setDomainEnv.sh
  java weblogic.WLST
  wls> connect(’weblogic’,'weblogic1’, ‘t3://mymachine.mydomain:7001’)
  wls> nmEnroll(’$BEA_HOME/user_projects/domains/<domain_name>’, ‘$BEA_HOME/wlserver_<version>/common/nodemanager’)
  here 7001 is the admin server non-ssl port but when I try 7002 ssl port it doesn't connect. But I need to enroll it on ssl port as I have ssl enabled.
  4. reset the node manager user/password same as weblogic console
  5. started the node manager using $WL_HOME\server\bin\startNodeManager.sh
  But when I log back into console and try to start my manage server it gives the following error
  SEVERE: java.io.FileNotFoundException: /usr3/app/oracle/Middleware/user_projects/domains/wcbpm_domain/./config/jps-config.xml (No such file or directory)
  <Aug 6, 2010 5:30:16 PM EDT> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The dynamic loading of the OPSS java security policy provider class oracle.security.jps.internal.policystore.JavaPolicyProvider failed due to problem inside OPSS java security policy provider. Exception was thrown when loading or setting the JPSS policy provider. Enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-01538: The default policy provider was not found.I did not add my Admin server to be part of the machine.
  Any help if I am missing anything or doing anything wrong.
  Thanks

  Hi,
  Do I need to add Admin Server also part of the Machine where I added bam,soa servers. I tried again following the steps but gets the below error again. Appreciate if someone can list the steps as the docs are a bit vague:
  <Aug 6, 2010 6:14:01 PM> <INFO> <wcbpm_domain> <bam_server1> <Starting WebLogic server with command line: /usr3/app/oracle/Middleware/user_projects/domains/wcbpm_domain/bin/startWebLogic.sh >
  Aug 6, 2010 6:14:01 PM weblogic.nodemanager.server.ServerManager log
  INFO: Starting WebLogic server with command line: /usr3/app/oracle/Middleware/user_projects/domains/wcbpm_domain/bin/startWebLogic.sh
  <Aug 6, 2010 6:14:01 PM> <INFO> <wcbpm_domain> <bam_server1> <Working directory is '/usr3/app/oracle/Middleware/user_projects/domains/wcbpm_domain'>
  Aug 6, 2010 6:14:01 PM weblogic.nodemanager.server.ServerManager log
  '/usr3/app/oracle/Middleware/user_projects/domains/wcbpm_domain/servers/bam_server1/logs/bam_server1.out'
  <Aug 6, 2010 6:14:02 PM> <INFO> <wcbpm_domain> <bam_server1> <Server failed during startup so will not be restarted>
  Aug 6, 2010 6:14:02 PM weblogic.nodemanager.server.ServerManager log
  INFO: Server failed during startup so will not be restarted
  <Aug 6, 2010 6:14:02 PM> <WARNING> <Exception while starting server 'bam_server1'>
  java.io.IOException: Server failed to start up. See server output log for more details.
          at weblogic.nodemanager.server.ServerManager.start(ServerManager.java:331)
          at weblogic.nodemanager.server.Handler.handleStart(Handler.java:567)
          at weblogic.nodemanager.server.Handler.handleCommand(Handler.java:118)
          at weblogic.nodemanager.server.Handler.run(Handler.java:70)
          at java.lang.Thread.run(Thread.java:619)
  [WARN ] Use of -Djrockit.optfile is deprecated and discouraged.
  [WARN ] Use of -Djrockit.optfile is deprecated and discouraged.
  Unknown option or illegal argument: -XX:+UseParallelGC.
  Please check for incorrect spelling or review documentation of startup options.
  Could not create the Java virtual machine.
  <Aug 6, 2010 6:14:02 PM> <FINEST> <NodeManager> <Waiting for the process to die: 590>
  <Aug 6, 2010 6:14:02 PM> <INFO> <NodeManager> <Server failed during startup so will not be restarted>
  <Aug 6, 2010 6:14:02 PM> <FINEST> <NodeManager> <runMonitor returned, setting finished=true and notifying waiters>Don't know if I hve missed any steps in node manager configuration.
  Thanks

• The graphs created in non ssl endeca server run in ssl endeca server

  Hi All,
  I created the graphs to run in non-ssl endeca server and when I gave the code for testing its failing with error:
  Unable to read WSDL file from location 'http://slc06xkc.us.oracle.com:7001//endeca-server/ws/manage?wsdl'. Response status: HTTP/1.1 404 Not Found WSDLException: faultCode=PARSER_ERROR: Wsdl not found
  http://slc06xkc.us.oracle.com:7001//endeca-server/ws/manage?wsdl
  Can someone please let me know whether the graphs which are created in non ssl endeca server will work in ssl endeca serve ror not.Do we need to do some modifications?
  Thanks,
  Amrit

  Amrit,
  If SSL is enabled, the default wsdl port is 7002.
  See http://docs.oracle.com/cd/E40521_01/server.760/es_install/toc.htm#Creating%20SSL%20certificates
  This is the doc about generating SSL certificates, when you install Endeca Server in the SSL mode.
  "The generate_ssl_keys utility:
  Creates the SSL certificates in the $DOMAIN_HOME/config/ssl directory.
  Updates the EndecaServer.properties and EndecaCmd.properties files (in the $DOMAIN_HOME/config directory) with the pathnames of the key files.
  Enables the SSL Listen Port of 7002 in WebLogic Server, and sets 7002 as the port on which Endeca Server is started."
  To summarize:
  If you installed Endeca Server in non-SSL mode, you access the Manage web service of the Endeca Server as discussed in "Accessing the Manage Web Service", using this path: http://host:port/endeca-server/ws/manage, or to access the WSDL: http://<host>:<port>/endeca-server/ws/manage/?wsdl, where the default non-SSL port is 7001.
  If you installed Endeca Server in the SSL mode, the protocol in the path changes to HTTPS, and the default port changes to 7002 (it can be any other port, depending on the one you configure during the installation process).
  Note: any other public web service of the Endeca Server is accessible in the same way: http://host:port/endeca-server/ws/<name_of_the_web_service>.

• Non SSL website on port 443

  Hi, I have a non-SSL website running on port 443. When I access this website using Chrome or IE it works just fine, but Firefox can't seem to accept what I have done. All browsers on the same machine and using the same web proxy.
  I access the website as http://xyz:443.
  Just a bit of background info as to why I need this. Where I work I can only access ports 443 and 80 via the web proxy. I have two distinct websites running on a couple of devices at home behind a very config-wise limited router which has ports 80 and 443 redirected to these hosts. There is no way for me to setup two port forward rules on port 80 to two different devices. I cannot setup SSL on either of the websites.
  Regardless of options that could exist to overcome my particular issue, I would like to check if you guys know how to make Firefox work with a website running on port 443 whilst not having a certificate assigned to it.
  Firefox 32.0.3
  Error message:
  The connection was reset
  The connection to the server was reset while the page was loading.
  The site could be temporarily unavailable or too busy. Try again in a few moments.
  If you are unable to load any pages, check your computer's network connection.
  If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

  What type of ssl are you running? [https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/]
  You can somehow remove the Strict-Transport-Security header or if there is a feature that forced encryption but by default https uses 443 for encryption. I do not know if this is possible.

• OIM 9102 , AD Password Sync 91x, JBoss 423GA - issue over SSL port.

  Followed the steps describe in "Deploying the connector"
  http://download.oracle.com/docs/cd/E11223_01/doc.910/e11218/install_config.htm#insertedID0
  section
  Pre-Installation both SSL n non-SSL works for SPML verification.
  For JBoss Application Server:
  http://IP ADDRESS:8080/spmlws/services/HttpSoap11
  https://IP ADDRESS:8443/spmlws/services/HttpSoap11
  Post Installation - configured SSL.
  On AD machine logs following error message is displayed:
  MAX_RETRY LIMIT count is not updated: OIM is down
  Following meta-link ID 1073889.1
  https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&doctype=PROBLEM&id=1073889.1
  explains to verify 'oimhost and oimport' - oimhost is machine ip address ( AD machine is able to ping OIM machine through ip address and machine name )
  oimport is 8443
  Any suggestion.
  Or anyone previously successfully deployed password sync over SSL for OIM 9102 and AD Password sync 91x,
  as i found a similar thread in OTN forum where user had issues over SSL.

  Did anyone resolve this issue? I have the same running SSL Password Sync on OAS 10.1.3.4 and OIM 9.1.0.2 BP09a with AD 2003.
  Debug [7/8/2010 6:35:45 AM] oimport is
  Debug [7/8/2010 6:35:45 AM] 4443
  Debug [7/8/2010 6:35:45 AM]
  Debug [7/8/2010 6:35:45 AM] oimsslclient is
  Debug [7/8/2010 6:35:45 AM] nw-dc-01.nwocaland.nwoca.org
  Debug [7/8/2010 6:35:45 AM]
  Debug [7/8/2010 6:35:45 AM] oimuserattr is
  Debug [7/8/2010 6:35:45 AM] USR_UDF_SAM_ACCTNAME
  Debug [7/8/2010 6:35:45 AM]
  Debug [7/8/2010 6:35:45 AM] oimusessl is
  Debug [7/8/2010 6:35:45 AM] Y
  Debug [7/8/2010 6:35:45 AM]
  Debug [7/8/2010 6:35:45 AM] oimappservertype is
  Debug [7/8/2010 6:35:45 AM] 2
  Debug [7/8/2010 6:35:45 AM]
  Debug [7/8/2010 6:35:45 AM] End of sgsloidi::getConfigParamters
  Debug [7/8/2010 6:35:45 AM] Inside sgsloidi::setParameters
  Debug [7/8/2010 6:35:45 AM] The SOAP start element is
  Debug [7/8/2010 6:35:45 AM] <SPMLv2Document xmlns="http://xmlns.oracle.com/OIM/provisioning">
  Debug [7/8/2010 6:35:45 AM] The SOAP end element is
  Debug [7/8/2010 6:35:45 AM] </SPMLv2Document>
  Debug [7/8/2010 6:35:45 AM] The path is
  Debug [7/8/2010 6:35:45 AM] /spmlws/HttpSoap11
  Debug [7/8/2010 6:35:45 AM] End of sgsloidi::setParameters

• NRM over SSL (port 8009) doesn't respond

  Netware 6 Sp5 box + post patches. This is an old box that I'm trying to migrate over to a VM by enabling iscsi and setting that up. I've done this with 6.5x without issue. Anyway, NRM will respond and function over http on port 8008 without issue. however, if i click the 'iSCSI Services" link at the bottom.. it throws an Unauthorized Access Denied error. After doing some digging online, someone said to try logging into NRM via SSL (port 8009) and it worked for him. Well, I'm unable to do that. When I try to access NRM over https/8009 the browser just spins and spins. I checked TCPCON and it appears that its listening on port 8009.. I telnet'd to port 8009 and it doesnt deny me.. but nothing comes up. I've done PKIDiags, httpstk /reset and re-loaded with /ssl /keyfile:"SSL CertificateIP" with no change. No errors with certificates that I can find
  Kind of out of ideas. Any out there still familiar with this? :)

  Originally Posted by AndersG
  Try unload httpstk, then load it
  http://www.novell.com/rms
  Have done that at least 100 times :) with /reset , etc. actually just figured out it works with Firefox, but not ie or chrome

• How do i know the ssl over non ssl

  Hello Gurus,
  Your answer is greatly aprreciaied ;
  a)
  https://ebusdockel.9dc.com:243/DockerMasterAJX/services/DockerMaster
  b)
  http://ebusmodel.9dc.com/DockerMasterAJX/services/DockerMaster
  How do to dtermine from the above 2 URLS difference betwenn SSL and non SSL ,your answer is appreciated.

  Hi,
  There is a way within Forms to programmatically tell whether users are in SSL or not - if you're in 11g Forms. You can use the new 11g javascript built-ins to execute javascript. Javascript will pull the URL and return it to as a VARCHAR. Then you can have PL/SQL logic to see if the url contains "https" or "http", then you can execute whatever logic you want.
  The PL/SQL Built-in you want to use is: web.javascript_eval_function
  The javascript command you want to run is: document.location.href
  If you are looking for a way to force users to go to SSL, there are some options you can do with OHS(Oracle HTTP Server) - which comes with the 11g Forms.
  I hope this helps.
  Thank you,
  Gavin
  http://pitss.com/us

• IDS, detection of encrypted packets within non-SSL traffic streams?

  All...
  Here's the scenario:
  There's a host on the internal network that has a reverse shell to the outside world, and the packets being sent back to the attacker are encrypted, over a standard web (TCP/80) port - which is allowed by Websense or URL filter of choice.
  Can a custom signature be created to alert on the detection of encrypted packets / data streams over non-encrypted transmissions? We've found other IDS/IPS systems that we're able to build custom sigs to detect and alert on these streams, but are wondering if we can do that in within Cisco IDS/IPS?
  Please be specific if possible...let's assume the organization is using the latest version of Cisco IDS software.
  Thanks in advance...

  Have you got Sig 11233 series enabled?  It does, BTW, appear to exclude "WEBPORTS."  Maybe a copy could be made to exclude only TCP 443.

• Changes to Verizon email servers and Non-SSL capable email clients

  Need to change over my pop/smtp settings to the new settings as per Verizon notification.  I have quite a few non-SSL capable email clients.  Does Verizon provide a non-SSL email server on port other than 25 I can use ?

  blottje wrote:
  Need to change over my pop/smtp settings to the new settings as per Verizon notification.  I have quite a few non-SSL capable email clients.  Does Verizon provide a non-SSL email server on port other than 25 I can use ?
  Not once they turn off the old incoming/outgoing servers. (Supposedly coming in September.)
  What email clients are you using that don't allow for SSL???
  If a forum member gives an answer you like, give them the Kudos they deserve. If a member gives you the answer to your question, mark the answer as Accepted Solution so others can see the solution to the problem.
  "All knowledge is worth having."

• Web Server 7 - Switch to SSL - Automatic forwarding from non-SSL

  I just posted a similar question regarding Web server 6. This question is for Web server 7!
  I maintain Web tools on a non-SSL Web Server 7. I need to turn on SSL, because our organization requires the security feature for certain functions in the tool.
  The current non-SSL address for the tool is similar to http://mytool.com/. I want to make the switch to SSL transparent for users, so I want http://mytool.com/ to automatically forward to https://mytool.com. What is the best way to do that in Web server 7?
  Also, I'd like to make the changes without using the GUI, what are the XML commands for the server.xml file (I assume that's what I'll need to change, right?)
  Sincerely,
  dailysun
  THIS IS FOR WEB SERVER 7

  Hi
  Assuming you have figured out the way to setup a listener with SSL enabled, you can the following
  1. find out what object file is currently used by server
  bin/wadm get-virtual-server-prop user=admin config=<hostname> object-file
  this will either return as obj.conf or <vs>-obj.conf
  2. now open this file and add the following lines after <Object name="default" line
  <Object name="default">
  #add the following lines
  <Client match="all" security="false" urlhost="mytool.com">
  NameTrans fn="redirect" from="/" url-prefix="https://mytool.com"
  NameTrans fn="redirect" from="/*" url-prefix="https://mytool.com/"
  </Client>
  # end
  now save this file and test to see if this is what you are expecting.
  if you are satisfied, you will need to bring over this manual change into admin config repository by doing something like
  bin/wadm pull-config user=admin  config=<..>
  You can also save the commonly used parameter like <user> and <password> within the .wadmrc file. Please see - http://blogs.sun.com/natarajan/date/20070131
  hope this helps

• Apache configuration for proxying requests to Weblogic SSL port

  Hello Everyone,
  I want to proxy requests from Apache to Weblogic server on its SSL Port 7002. I am using the default SSL demo version provided by Oracle/BEA.
  Both my Apache and Weblogic instances are running on same machine.
  This is the procedure I followed. I enabled SSL port on Weblogic. Added below configuration to Apache conf file. I am passing trusted.crt file inside WL_HOME/server/lib as parameter to TrustedCAFile .
  <Location "/">
  SetHandler weblogic-handler
  </Location>
  <IfModule mod_weblogic.c>
  SetHandler weblogic-handler
  WebLogicHost ServerHostMame
  WebLogicPort WLInstanceSSLPort
  SecureProxy ON
  TrustedCAFile "C:/trusted.crt"
  RequireSSLHostMatch false
  Debug ALL
  WLLogFile "C:/wl_proxy.log"
  </IfModule>
  When I start the Apache instance and try to access the webpage I see below exception in proxy log.
  Thu Apr 09 10:38:05 2009 <735212392878852> Hdrs to WLS:[WL-Proxy-Client-IP]=[10.149.181.55]
  Thu Apr 09 10:38:05 2009 <735212392878852> Hdrs to WLS:[Proxy-Client-IP]=[10.149.181.55]
  Thu Apr 09 10:38:05 2009 <735212392878852> Hdrs to WLS:[X-Forwarded-For]=[10.149.181.55]
  Thu Apr 09 10:38:05 2009 <735212392878852> Hdrs to WLS:[X-WebLogic-KeepAliveSecs]=[30]
  Thu Apr 09 10:38:05 2009 <735212392878852> Hdrs to WLS:[X-WebLogic-Force-JVMID]=[unset]
  Thu Apr 09 10:38:05 2009 <735212392878761> INFO: No session match found
  Thu Apr 09 10:38:05 2009 <735212392878852> INFO: SSL certificate chain validation failed: 3015
  Thu Apr 09 10:38:05 2009 <735212392878852> trusted certs = 0
  Thu Apr 09 10:38:05 2009 <735212392878852> dumping cert chain
  Thu Apr 09 10:38:05 2009 <735212392878852> commonName is testmachine-us
  Thu Apr 09 10:38:05 2009 <735212392878761> INFO: DeleteSessionCallback
  Thu Apr 09 10:38:05 2009 <735212392878852> ERROR: SSLWrite failed
  Thu Apr 09 10:38:05 2009 <735212392878852> SEND failed (ret=-1) at 789 of file ../nsapi/URL.cpp
  Thu Apr 09 10:38:05 2009 <735212392878852> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 790 of ../nsapi/URL.cpp
  Thu Apr 09 10:38:05 2009 <735212392878852> Marking 10.149.181.55:40011 as bad
  Thu Apr 09 10:38:05 2009 <735212392878852> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0,  line 790 of ../nsapi/URL.cpp]: at line 2994
  Thu Apr 09 10:38:05 2009 <735212392878852> INFO: Closing SSL context
  Thu Apr 09 10:38:05 2009 <735212392878852> INFO: Error after SSLClose, socket may already have been closed by peer
  Thu Apr 09 10:38:05 2009 <735212392878852> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
  Thu Apr 09 10:38:05 2009 <735212392878852> attempt #1 out of a max of 5
  Thu Apr 09 10:38:05 2009 <735212392878852> general list: trying connect to '10.149.181.55'/40011/40011 at line 2619 for '/'
  Thu Apr 09 10:38:05 2009 <735212392878852> New SSL URL: match = 0 oid = 22
  Thu Apr 09 10:38:05 2009 <735212392878852> Connect returns -1, and error no set to 10035, msg 'Unknown error'
  Thu Apr 09 10:38:05 2009 <735212392878852> EINPROGRESS in connect() - selecting
  Thu Apr 09 10:38:05 2009 <735212392878852> Setting peerID for new SSL connection
  Please advice if I am missing anything here?
  - - Tarun

  I'm using WL9 and Apache2.2
  I had exact same issue as above (which I solved with these directions) in additiion to another issue, that only showed once I enabled full logging, since it shows as warning/info, not as error
  First to enable full logging, add this
  Debug ALL
  WLLogFile "C:/wl_proxy.log"
  Then after a failure (even after fixing the above), look at the log, and if you see this INFO/WARN:
  Thu Apr 23 00:48:27 2009 <235612404369072> INFO: Host (comp1) doesn't match (192.168.0.229), validation failed
  Thu Apr 23 00:48:27 2009 <235612404368911> WARN: DeleteSessionCallback: No match found!!
  Thu Apr 23 00:48:27 2009 <235612404369072> ERROR: SSLWrite failed
  Thu Apr 23 00:48:27 2009 <235612404369072> SEND failed (ret=-1) at 795 of file ../nsapi/URL.cpp
  Thu Apr 23 00:48:27 2009 <235612404369072> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 796 of ../nsapi/URL.cpp
  Thu Apr 23 00:48:27 2009 <235612404369072> Marking 192.168.0.229:7002 as bad
  that means you have same problem as I do. The WeblogicHost inside the Location descriptor should match the actual host name for the machine. I believe it's easer because the certificate created by weblogic during its installation will encapsulate the machine host name, or because the SSL validation mechanism expects the machine host name, nothing else.
  Here's how the config would like (my hostname is comp1)
  <IfModule mod_weblogic.c>
  SecureProxy on
  TrustedCAFile "C:/tools/bea9/weblogic92/server/lib/CertGenCA.pem"
  Debug ALL
  WLLogFile "C:/wl_proxy.log"
  EnforceBasicConstraints off
  </IfModule>
  <Location /EnterpriseCMP>
  SetHandler     weblogic-handler
  WebLogicHost      comp1
  WebLogicPort     7002
  ConnectTimeoutSecs     1000
  ConnectRetrySecs     1000
  </Location>
  I believe the

• Move from NON-SSL to SSL (OAS 9.0.4.1)

  We installed OAS 9.0.4.1 (two Midtier and 1 Infst).
  We have Application based on forms. We installed and configure OAS default like non-ssl and forms using port 7778. Now we need to use SSL.
  If somebody give me detail what should be done?
  Actually, what I did
  1. I stop midtier Using EM.
  2. I modified httpd.conf file changed only "Listen from 7778 to 4445" I didn't change port.
  3. Run dcmctl updateconfig -ct ohs
  4. start midtier using EM.
  I can run forms using //http:localhost:4445/forms90/f90servlet? -succesufully
  but My portal is not available. Did I miss something?
  Please help. It is emergency we need to go to PROD.
  Thanks

  I started from beginning install again OAS 9.0.4 and followed instruction in
  whitepaper in the Internet deployment section titled "Oracle Forms 10g - Configuring Security with SSL ".
  Everything was goung okay until last peice run test form using ssl -- https
  I have error
  java.io.IOException: javax.net.ssl.SSLException: Failed set trust point in ssl context
       at oracle.security.ssl.OracleSSLSocketImpl.startHandshake(Unknown Source)
       at oracle.jinitiator.protocol.https.HttpsClient.doConnect(Unknown Source)
       at sun.net.www.http.HttpClient.openServer(Unknown Source)
       at sun.net.www.http.HttpClient.openServer(Unknown Source)
       at sun.net.www.http.HttpClient.<init>(Unknown Source)
       at sun.net.www.http.HttpClient.<init>(Unknown Source)
       at sun.plugin.protocol.jdk12.http.HttpClient.<init>(Unknown Source)
       at oracle.jinitiator.protocol.https.HttpsClient.<init>(Unknown Source)
       at oracle.jinitiator.protocol.https.HttpsClient.New(Unknown Source)
       at oracle.jinitiator.protocol.https.HttpsURLConnection$1.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at oracle.jinitiator.protocol.https.HttpsURLConnection.connect(Unknown Source)
       at sun.plugin.protocol.jdk12.http.HttpURLConnection.getInputStream(Unknown Source)
       at oracle.jre.protocol.jar.HttpUtils.followRedirects(Unknown Source)
       at oracle.jre.protocol.jar.JarCache$CachedJarLoader.download(Unknown Source)
       at oracle.jre.protocol.jar.JarCache$CachedJarLoader.load(Unknown Source)
       at oracle.jre.protocol.jar.JarCache.get(Unknown Source)
       at oracle.jre.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
       at oracle.jre.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source)
       at sun.misc.URLClassPath$JarLoader.getJarFile(Unknown Source)
       at sun.misc.URLClassPath$JarLoader.<init>(Unknown Source)
       at sun.misc.URLClassPath$2.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at sun.misc.URLClassPath.getLoader(Unknown Source)
       at sun.misc.URLClassPath.getLoader(Unknown Source)
       at sun.misc.URLClassPath.getResource(Unknown Source)
       at java.net.URLClassLoader$1.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at java.net.URLClassLoader.findClass(Unknown Source)
       at sun.applet.AppletClassLoader.findClass(Unknown Source)
       at sun.plugin.security.PluginClassLoader.findClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at sun.applet.AppletClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at sun.applet.AppletClassLoader.loadCode(Unknown Source)
       at sun.applet.AppletPanel.createApplet(Unknown Source)
       at sun.plugin.AppletViewer.createApplet(Unknown Source)
       at sun.applet.AppletPanel.runLoader(Unknown Source)
       at sun.applet.AppletPanel.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  WARNING: Unable to cache https://houorcl324.corp.kbr.com:4444/forms90/java/f90all_jinit.jar
  load: class oracle.forms.engine.Main not found.
  java.lang.ClassNotFoundException: java.io.IOException: javax.net.ssl.SSLException: Failed set trust point in ssl context
       at oracle.security.ssl.OracleSSLSocketImpl.startHandshake(Unknown Source)
       at oracle.jinitiator.protocol.https.HttpsClient.doConnect(Unknown Source)
       at sun.net.www.http.HttpClient.openServer(Unknown Source)
       at sun.net.www.http.HttpClient.openServer(Unknown Source)
       at sun.net.www.http.HttpClient.<init>(Unknown Source)
       at sun.net.www.http.HttpClient.<init>(Unknown Source)
       at sun.plugin.protocol.jdk12.http.HttpClient.<init>(Unknown Source)
       at oracle.jinitiator.protocol.https.HttpsClient.<init>(Unknown Source)
       at oracle.jinitiator.protocol.https.HttpsClient.New(Unknown Source)
       at oracle.jinitiator.protocol.https.HttpsURLConnection$1.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at oracle.jinitiator.protocol.https.HttpsURLConnection.connect(Unknown Source)
       at sun.plugin.protocol.jdk12.http.HttpURLConnection.getInputStream(Unknown Source)
       at java.net.HttpURLConnection.getResponseCode(Unknown Source)
       at sun.applet.AppletClassLoader.getBytes(Unknown Source)
       at sun.applet.AppletClassLoader.access$100(Unknown Source)
       at sun.applet.AppletClassLoader$1.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at sun.applet.AppletClassLoader.findClass(Unknown Source)
       at sun.plugin.security.PluginClassLoader.findClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at sun.applet.AppletClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at sun.applet.AppletClassLoader.loadCode(Unknown Source)
       at sun.applet.AppletPanel.createApplet(Unknown Source)
       at sun.plugin.AppletViewer.createApplet(Unknown Source)
       at sun.applet.AppletPanel.runLoader(Unknown Source)
       at sun.applet.AppletPanel.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  Do I need SSL webcache too? It was not in instruction
  please help

• Weblogic redirects to administration port, not ssl port, for confidential

  Using WLS 9.2 MP2.
  I added the following into web.xml to make sure all requests are using https.
  It works fine when the administration port is not enabled (weblogic redirects the request to the ssl port).
  But when the administration port is enabled, weblogic redirects the request to the administration port, not the ssl port, and hence get a 404 error for the page.
  I opened BEA case 759384 in Nov last year, and CR354916 was filed, but have not heard back.
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>All Pages</web-resource-name>
  <description>These pages are only accessible by over SSL.</description>
  <url-pattern>/*</url-pattern>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
  </web-resource-collection>
  <user-data-constraint>
  <description>This is how the user data must be transmitted</description>
  <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
  </security-constraint>

  setting the setDomainEnv solved the issue.
  set MEM_ARGS=-Xms256m -Xmx512m -XX:PermSize=128m
  Regards,
  Sam.

• Disable Non-SSL

  Hi. After not being successfull using EPG, I installed and configured HTTP Server (11.2). Also configured it to listen as SSL (port 4443). How do I disable port 7777 (default, non-secure)?
  I know there is an option on APEX Admin to require SSL, but it still keeps loading the login page. I would like to stop listening on port 7777.
  How should I do it? Besides, what is the best way to disable the EPG listening too (it is working on both configs, HTTP Server, on port 4443, and EPG on port 4458. Http on EPG is already disabled, but how do I disable https?)?
  Thanks in advance.

  Try DBMS_XDB.SETHTTPPORT(0);
  Another good option in you app, is to check the protocol, and if it's HTTP, then redirect to HTTPS. The advantage is that it silently changes to https rather than just dieing.
  Something like:
  -- dump all your gateway vars to see whats available to construct https url
  -- owa_util.print_cgi_env
  if OWA_UTIL.get_cgi_env ('SERVER_PROTOCOL') like 'HTTP/%'  -- HTTP/1.1
  then l_https := 'https://'||
           replace(OWA_UTIL.get_cgi_env ('HTTP_HOST'), ':7777', ':4443')||   -- hyhost:7777 --> myhost:4333
           OWA_UTIL.get_cgi_env ('SCRIPT_NAME')||  -- /apex
           OWA_UTIL.get_cgi_env ('PATH_INFO')||    -- /f
           OWA_UTIL.get_cgi_env ('QUERY_STRING'); -- p=222:1:0:::::
       owa_util.redirect_url(l_https,'TRUE');
  end if;Edited by: maceyah on Mar 18, 2011 2:49 PM

• Remote non-SSL image served from SSL site?

  I have an SSL site and I need to display images located on an external non-SSL site. When I do this using a standard graphicImage tag and URL=http://whatever IE will throw a warning every time the page is displayed saying the page has secure and non-secure content. I need to avoid this somehow. Is there a way to have the image pulled to the server and then server over SSL? Surely this is a common problem!
  I really appreciate any help!
  Jeff

  You cannot suppress this warning without changing the browser's default settings.
  Serve the images through SSL, preferably from the same server. You could also create a servlet for this which gets the images from other non-SSL server by URLConnection.