Default usage of ssl

Similar Messages

• Problems with Netscape, Mozilla in WebServer6SP3 usage acelerador/SSL ct100

  Hi my name is Jesus Delgado from Mexico city:
  I have problems when usage webserver 6 sp3 with acelerator SSL ct100, the problem is when display in browser page recive code in Netscape, Mozilla both in browser InternetExplored display page good.
  Helpme please.
  Regards

  1: My first inclination is that this is a non-issue. The vulnerability you are concerned with 'SSL Server Allows Anonymous Authentication Vulnerability port 311/tcp over SSL' is for port 311, a port that is not normally set to allow access to the internet. So any vulnerability/data leak would be from internal.
  2: That port is for access from Server Admin.app. Yes, the port is held open and connectivity via any access (such as telnet localhost 311) does connect, there is no data/information leakage that I could cause. That port does not respond to standard queries such as help, info, ? et al. I would suspect it would have to be a crafted xml/soap or somesuch conversation before anything could potentially leak.
  3: Assuming that access to this data needs to be the same as what happens when one uses Server Admin.app, the data probably could be considered secure as in order to view or modify any data, you must know a valid user id and password and that user must be authorized as an administrator (or monitor) account before the Server Admin.app will allow control.
  If you are still concerned, you could submit this as a bug to https://bugreport.apple.com/ . Be aware you must be an ADC member to submit bugs.
  Peter

• Default Usage Decision Code

  Hi Gurus,
  My client requirement is that in usage decision code field they should have A Accept code as default UD code but it must be changeable whenever required.Is it possible to set through SU01 via parameter ID,if so which parameter should we select..
  Or is there any other way in doing it.
  Regards
  Ram

  Hi Ram,
               You can use Automatic UD Facility for it as if all correctristic are OK Then System will do automatic UD and Approved it & If there is any rejection then User has to do Manual Stock posting and UD.
  You can plan for Auto UD using QA17 after doing necessary settings in QM Inspection data of material master & Plant level QM settings in Customising.
  For Auto UD to happen, The inspection lots must meet the following conditions:
  o All characteristics have been completed
  o None of the characteristics have been rejected
  o No defects have been recorded, or quality notifications created
  o The waiting time set in Customizing must have elapsed.
  Hope this will help you
  Regards

• ACE SSL Sticky class-map generic vs class default differences.

  There was a thread recently titled "ACE 3.0(0) SW / LB with SSL Session-ID" where Giles Dufour outlined a configuration for an ACE performing sticky based on SSL Session ID.
  Can anyone explain the benefits and differences of using a specific class-map generic such as this:
  class-map type generic match-any SSL-v3-32
    2 match layer4-payload regex "\x16\x03\x00..\x01.*"
    3 match layer4-payload regex "\x16\x03\x01..\x01.*"
  Versus just matching class default?
  So if I have a configuration such as this:
  policy-map type loadbalance generic first-match SSL-v3-Sticky
  class SSL-v3-32
     sticky-serverfarm ssl-v3
  vs
  policy-map type loadbalance generic first-match SSL-v3-Sticky
  class class-default
     sticky-serverfarm ssl-v3
  What's the benefit or drawback?

  The SSL session id is only available in version 3.0.1 and 3.1.1
  So you can match this particular version and then attempt to do stickyness.
  You are guaranteed to find what you're looking for.
  If you match a class-default it means you apply stickyness to any version of ssl packet.
  So there is a risk to misinterpret the content of the packet and stick on something else than the session id.
  Gilles.

• Cisco IOS SSL VPN Not Working - Internet Explorer

  Hi All,
  I seem to be having a strange SSL VPN issue.  I have a Cisco 877 router with c870-advsecurityk9-mz.124-24.T4.bin and I cannot get the SSL VPN (Web VPN) working with Internet Explorer (tried both IE8 on XP and IE9 on Windows 7).  Whenever I browse to https://x.x.x.x, I get "Internet Explorer Cannot Display The Webpage".  It sort of works with Chrome (I can get the webpage and login, but I can't start the thin client, when I click on Start, nothing happens).  It only seems to work with Firefox.  It seems quite similar to this issue with the ASAs - http://www.infoworld.com/d/applications/cisco-asa-users-cant-use-ssl-vpns-ie-8-901
  Below is the config snippet:
  username vpntest password XXXXX
  aaa authentication login default local
  crypto pki trustpoint TP-self-signed-1873082433
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-1873082433
  revocation-check none
  rsakeypair TP-self-signed-1873082433
  crypto pki certificate chain TP-self-signed-1873082433
  certificate self-signed 01
  --- omitted ---
          quit
  webvpn gateway SSLVPN
  hostname Router
  ip address X.X.X.X port 443 
  ssl encryption aes-sha1
  ssl trustpoint TP-self-signed-1873082433
  inservice
  webvpn context SSLVPN
  title "Blah Blah"
  ssl authenticate verify all
  login-message "Enter the magic words..."
  port-forward "PortForwardList"
     local-port 33389 remote-server "10.0.1.3" remote-port 3389 description "RDP"
  policy group SSL-Policy
     port-forward "PortForwardList" auto-download
  default-group-policy SSL-Policy
  gateway SSLVPN
  max-users 3
  inservice
  I've tried:
  *Enabling SSL 2.0 in IE
  *Adding the site to the Trusted Sites in IE
  *Adding it to the list of sites allowed to use Cookies
  At a loss to figure this out.  Has anyone else come across this before?  Considering the Cisco website itself shows an example using IE (http://www.cisco.com/en/US/products/ps6496/products_configuration_example09186a008072aa61.shtml), surely it should work in IE you'd think?
  Thanks

  Hi,
  I would check where exactly it is failing, either in the ssl connection itself or something after that. The best way to do that is run a wireshark capture when you try to access the page using IE. You can compare this with the one with Mozilla too just to confirm the ssl is working fine.
  Also can you try with different SSL ciphers as one difference between browsers is the ciphers they use. 3des should be a good option to try.

• Configuring httpd-ssl.conf on Leopard and Apache 2.2.6

  Hi everybody,
  I recently migrated to Leopard from Tiger 10.4.10. On my Tiger client I had installed my own web server using mod_ssl with Apache 1.3 server. On Leopard, apache 2.2.6 and OpenSSL 0.9.7 are now installed and configurations files have changed.
  Since two weeks, I'm trying to install mod_ssl without success on my machine. Thereafter, I will show only what's relevant from two configuration files :
  First -> Httpd.conf (which is in /etc/apache2/)
  #My port 80 is blocked by my isp
  Listen 8080
  <IfDefine SSL>
  LoadModule ssl_module libexec/apache2/mod_ssl.so
  </IfDefine SSL>
  LoadModule php5_module /usr/local/php5/libphp5.so
  User www
  Group www
  </IfModule>
  <IfModule mod_ssl.c>
  Listen 8080
  Listen 8083
  </IfModule>
  DocumentRoot "/Library/WebServer/Documents"
  <IfModule dir_module>
  DirectoryIndex index.htm lndex.php index.htm default.html
  </IfModule>
  ErrorLog /private/var/log/apache2/error_log
  # Virtual hosts
  #Include /private/etc/apache2/extra/httpd-vhosts.conf
  # Local access to the Apache HTTP Server Manual
  Include /private/etc/apache2/extra/httpd-manual.conf
  # Distributed authoring and versioning (WebDAV)
  #Include /private/etc/apache2/extra/httpd-dav.conf
  # Various default settings
  #Include /private/etc/apache2/extra/httpd-default.conf
  # Secure (SSL/TLS) connections
  #Include /private/etc/apache2/extra/httpd-ssl.conf
  <IfModule ssl_module>
  SSLRandomSeed startup builtin
  SSLRandomSeed connect builtin
  </IfModule>
  AddType application/x-httpd-php .php
  AddType application/x-httpd-php-source .phps
  DirectoryIndex index.html index.php
  </IfModule>
  #Include /private/etc/apache2/other/*.conf
  # end of httpd.conf
  Second ->httpd-ssl.conf (which is in /etc/apache2/extra/)( I elided personnal information)
  <IfModule mod_ssl.c>
  listen 8080
  listen 8083
  </IfModule>
  AddType application/x-x509-ca-cert .crt
  AddType application/x-pkcs7-crl .crl
  SSLPassPhraseDialog builtin
  #SSLSessionCache "dbm:/private/var/run/ssl_scache"
  SSLSessionCache "shmcb:/private/var/run/ssl_scache(512000)"
  SSLSessionCacheTimeout 300
  SSLMutex "file:/private/var/run/ssl_mutex"
  <VirtualHost default:8080>
  #Just to keep things sane...
  DocumentRoot "/Library/WebServer/Documents"
  ServerName myadress.com
  ServerAdmin [email protected]
  SSLEngine off
  </VirtualHost>
  <VirtualHost default:8083>
  # General setup for the virtual host
  DocumentRoot "/Library/WebServer/Documents"
  ServerName myadress.com
  ServerAdmin [email protected]
  ErrorLog "/private/var/log/apache2/error_log"
  TransferLog "/private/var/log/apache2/access_log"
  # SSL Engine Switch:
  # Enable/Disable SSL for this virtual host.
  SSLEngine on
  # SSL Cipher Suite:
  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:eNULL
  # Server Certificate:
  SSLCertificateFile "/private/etc/apache2/ssl.key/server.crt"
  #SSLCertificateFile "/private/etc/apache2/server-dsa.crt"
  # Server Private Key:
  SSLCertificateFile "/private/etc/apache2/ssl.key/server.key"
  #SSLCertificateKeyFile "/private/etc/apache2/server-dsa.key"
  # Server Certificate Chain:
  #SSLCertificateChainFile "/private/etc/apache2/server-ca.crt"
  # Certificate Authority (CA):
  #SSLCACertificatePath "/private/etc/apache2/ssl.crt"
  SSLCACertificatePath "/private/etc/apache2/ssl.key/"
  #SSLCACertificateFile "/private/etc/apache2/ssl.crt/ca-bundle.crt"
  # Certificate Revocation Lists (CRL):
  #SSLCARevocationPath "/private/etc/apache2/ssl.crl"
  #SSLCARevocationFile "/private/etc/apache2/ssl.crl/ca-bundle.crl"
  # Client Authentication (Type):
  #SSLVerifyClient require
  #SSLVerifyDepth 10
  # Access Control:
  #<Location />
  #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
  # and %{SSLCLIENT_S_DNO} eq "Snake Oil, Ltd." \
  # and %{SSLCLIENT_S_DNOU} in {"Staff", "CA", "Dev"} \
  # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
  # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
  # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
  #</Location>
  # SSL Engine Options:
  #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
  <FilesMatch "\.(cgi|shtml|phtml|php)$">
  SSLOptions +StdEnvVars
  </FilesMatch>
  <Directory "/Library/WebServer/CGI-Executables">
  SSLOptions +StdEnvVars
  </Directory>
  # SSL Protocol Adjustments:
  BrowserMatch ".MSIE." \
  nokeepalive ssl-unclean-shutdown \
  downgrade-1.0 force-response-1.0
  # Per-Server Logging:
  CustomLog "/private/var/log/apache2/sslrequestlog" \
  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
  </VirtualHost>
  ### end of httpd-ssl.conf
  When I uncomment this line in httpd.conf :
  LoadModule ssl_module libexec/apache2/mod_ssl.so
  and try to send the 'apachectl start' command in terminal nothing happens. Apache seems to hang and
  no "Apache/2.2.6 (Unix) DAV/2 PHP/5.2.5 configured -- resuming normal operations" in my console log. Of course, nothing in my error_log.
  I've read somewhere else that there would be a bug in 9.7 version of modssl and that we should install 9.8 version. Could anybody confirm this ?
  Is there somebody here who succeeded installing ssl on apache 2.2.6 and Leopard 10.5.1 ?
  Thanks for helping me
  Regards

  You need the latest plugin.
  Get it from at least 6.1 SP4.
  Eric
  "Michael Congdon" <[email protected]> wrote in message
  news:[email protected]..
  >
  I am having the exact same problem with Apache 2.0.40 on Solaris 2.7 andWebLogic
  6.1 SP 1.
  Please let me know if you get any help. I don't know of anyone who hassuccessfully
  used Apache 2.0 w/WebLogic.
  "Yanjing Liu" <[email protected]> wrote:
  I tried to use apache plug-in to forward request to a wls6.1sp1 on
  Win2000.
  >>
  So I installed Apache 2.0.40 running on Solaris 8 and simply copymod_wl.so
  from
  WL_HOME\lib\Solaris to APATHE_HOME/libexec. A few lines has been added
  to my httpd.conf,
  which are:
  LoadModule weblogic_module libexec/mod_wl.so
  <IfModule mod_weblogic.c>
  WebLogicHost myweblogicserver.com WebLogicPort 7001
  </IfModule>
  <Location /weblogic>
  SetHandler weblogic-handler
  </Location>
  When I verify the syntax of the httpd.conf file with the followingcommand:
  >>
  /export/home/apache2/bin/apachectl configtest
  Here are the errors I got:
  Cannot load /export/home/apache2/libexec/mod_wl_20.so into server:ld.so.1
  >>
  /export/home/apache2/bin/httpd:fatal: relocation error:file
  /export/home/apache2/libexec/mod_wl_20.so: symbol apr_pool_create:referenced
  symbol not found.
  Has anyone expereinced a similiar problem?
  Thanks,
  Yanjing

• Web.xml, struts and ssl

  Hi there,
  on our projects web pages we use struts, to combine the html of our pages with the java code behind. To enable SSL I added a security constraint to the web.xml:
       <security-constraint>
            <display-name>SSL Constraint</display-name>
            <web-resource-collection>
                 <web-resource-name>secured login resource</web-resource-name>
                 <description></description>
                 <url-pattern>/index.html</url-pattern>
                 <url-pattern>*.do</url-pattern>
                 <http-method>GET</http-method>
                 <http-method>PUT</http-method>
                 <http-method>POST</http-method>
            </web-resource-collection>
            <auth-constraint>
                 <description></description>
                 <role-name>authenticatedUser</role-name>
            </auth-constraint>
            <user-data-constraint>
                 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
            </user-data-constraint>
       </security-constraint> Some of our web pages need to use no SSL. So I added (for first testing) a second security constraint to the web.xml and defined which pages should be without SSL:
       <security-constraint>
            <display-name>No-SSL Constraint</display-name>
            <web-resource-collection>
                 <web-resource-name>businesstransaction resource</web-resource-name>
                 <description></description>
                 <url-pattern>*.go</url-pattern>
                 <http-method>GET</http-method>
                 <http-method>PUT</http-method>
                 <http-method>POST</http-method>
            </web-resource-collection>
            <auth-constraint>
                 <description></description>
                 <role-name>authenticatedUser</role-name>
            </auth-constraint>
            <user-data-constraint>
                 <transport-guarantee>NONE</transport-guarantee>
            </user-data-constraint>
       </security-constraint>As you can see, I exchanged *.do with *.go for testing. I simply defined all actions I want to be used without SSL with a .go instead of a .do in the struts.config.
  In principle it works, but there is a problem: The default behaviour for struts seems to be that the name of the new action is posted in the url at the end of the standard starting url.
  Our url starts with https://localhost:9443/client-web/, and whatever action I start, this url text in the browser window never changes, regardless of wether the next action would be protected or not.
  First I thought my url pattern would be wrong, or the user or whatever. But then I found out, that when changing the url in the browser window by hand to http://localhost:9080/client-web/ it works. The web page then is without SSL active. And when I manually change the url while viewing a page that is meant to be SSL protected, the browser automatically changes to the SSL adress.
  But then again, moving to a page without SSL does not enforce the browser to change its adress to the no SSL String. So again, SSL is active though a non secure access would be allowed.
  Anybody has any idea how to change this default behaviour? It would be important to not only tell the server that non secure would be ok, but to actually USE non secure connection automatically.
  The internet explorer is not able to upload files in SSL mode (though any other browser is able to), and our customer insists on using IE. And to tell the users "oh, just edit the line there in the window manually and reload the page will help ... or use Firefox" will not be a suitable solution.
  Regards, Rommie.

  There is a plugin called sslext which will do most of what you need.
  http://sslext.sourceforge.net/
  I think the last time I used it I made some changes to the plugin source so that I could force non-ssl to be the default behavour unless SSL was explictily stated in struts.config, but can't remember for sure. Bottom line is it will do most of what you need and can probably be modified to do the rest without too much trouble.

• POA IMAP and enabling SSL

  I would like to enable SSL to allow external users (mostly users using PDA's, cell phones, etc) to connect to our POA using IMAP. Of course I want to enable SSL for IMAP connections as otherwise it would pass their credentials in plain text.
  I have IMAP running without SSL on port 143 just fine. However, I'm unable to get IMAP to listen on 993 for SSL. I've tried enabling the option using the POA object via ConsoleOne. I've also tried enabling it using the switches in the .POA startup file and neither seems to work.
  I've exported the certificate using the self signed server certificate object in ConsoleOne and pointed the POA object to the certificate in the POA object configuration options and still nothing.
  In the log/settings for the POA I still see...
  Internet Protocol Agent Settings:
  IMAP Agent: Enabled
  IMAP Port for Incoming IMAP requests: 143 (Default)
  IMAP over SSL: Disabled
  Any help is appreciated.
  Thanks,
  Walter Keener
  Network Administrator
  Grandville Public Schools

  OK, I'm making progress. I followed your/Novell's instructions for the CSR to create the certificate and key file and IMAP via SSL appears to be up and running...
  16:59:10 1FB Internet Protocol Agent Settings:
  16:59:10 1FB IMAP Agent: Enabled
  16:59:10 1FB IMAP Port for Incoming IMAP requests: 143 (Default)
  16:59:10 1FB IMAP over SSL: Enabled
  16:59:10 1FB IMAP SSL Agent: Enabled
  16:59:10 1FB IMAP SSL Port for Incoming IMAP requests: 993 (Default)
  However, when I try to connect to IMAP on port 993 via SSL I receive a connection error on the client side. On the POA side I see this message in he log file...
  17:01:32 330 New IMAP session initiated from 10.51.10.88
  17:01:32 330 *** NEW PHYS. CONNECTION, Tbl Entry=5, Socket=235
  17:01:32 330 Return from IMAP [890F]
  17:01:32 330 *** PHYSICAL PORT DISCONNECTED, Tbl Entry=5, Socket=235
  Thanks again for any help you can provide.
  Walter Keener
  Network Administrator
  Grandville Public Schools

• Inspection task list usage is not picking automatically?

  Hi all,
  whenever I create inspection lot for source inspection (for PO) through Qi07, in the inspection lot, task usage assigned as a 6(goods issue), but i will assign 3 (universal) later on for the source inspection ( with respect to PO)in qa32 & later on i will proceed. But i want the system to assign the  3 (task list usage) automatically for all the inspection lots, how to enable the same?
  regards,
  Sanju

  Hi
  In the SPRO setting for inspection type, you can assign default usage. I am not having system access right now, so cant give you exact path. But approx. QCC0--insp lot creation-maintain insp type/default values for inspection type.
  Try if this solves your issue.

• SSL connections

  Hi,
  If I want to make an SSL connection using JSSE from within WebLogic to another JSSE based Java application on a remote machine, how would I make this work without turning WebLogic's SSL property off?
  It seems that WebLogic's SSL libraries get invoked whenever SSL connections from within WebLogic occur, which throws exceptions and prevents further communications with a remote JSSE based Java application.
  Anyone know if this problem is resolved in service packs of v5.1 or the latest version (6.1)? Thanks!

  Hi Solomon,
  The property to turn off the weblogic's SSL Handler is
  weblogic.security.SSLHandler.enable=false
  -- SunnyNani
  "Solomon" <[email protected]> wrote in message
  news:[email protected]..
  >
  Hi Sunny,
  I am also facing a similar problem. I want to enable SSL and use JSSE toconnect
  to another SSL application.
  As you mentioned how can I disable Weblogic SSL Protocol Handler ? Is itby making
  the property
  "weblogic.security.ssl.enable" false or is there someother way?
  If I make this property false then I cannot use weblogic on SSL !
  Please advice.
  Thanks,
  Solomon
  "Sunnynani \([email protected]\)" <[email protected]> wrote:
  Yang,
  By default, weblogic's SSL handler is enabled and gets invoked. In order
  to
  use JSSE or any third-party package, you have to disable it.
  -- SunnyNani.
  "Yichong Yang" <[email protected]> wrote in message
  news:[email protected]..
  Hi,
  If I want to make an SSL connection using JSSE from within WebLogicto
  another JSSE based Java application on a remote machine, how would I
  make
  this work without turning WebLogic's SSL property off?
  It seems that WebLogic's SSL libraries get invoked whenever SSLconnections from within WebLogic occur, which throws exceptions and
  prevents
  further communications with a remote JSSE based Java application.
  Anyone know if this problem is resolved in service packs of v5.1 orthe
  latest version (6.1)? Thanks!

• ID, IR error when try to login (JNDI error) during SSL configuration

  I'm in the process to configure SSL on SAP J2EE Engine. I'm following the document of SAP library and "Enabling SSL and client certificates on SAP J2EE Engine" by Angel Dichev of RIG, SAP Labs.
  I deployed the SAP Java Cryptographic Toolkit and update the unlimited strength jurisdiction policy files.
  As per document, I changed the default setting from SSL provider service for the Dispatcher from manual start to always start.
  After this step, I have problems to log in IR and ID ( SLD and RWB are working), getting the follow errors ( after click on ID or IR, got the login screen for user/pwd and after entering getting the error):
  "Unable to map from JNDI delivered class com.sap.engine.services.jndi.persistent.UnsatisfiedReferenceImpl to class com.sap.aii.ib.sbeans.login.LoginServiceHome registered during login service"
  Any solution of this problem?
  Regards
  Amar

  Thanks Ravi
  I created the certificate and then it work for one day. Today morning, i received the certificate request response from SAP trust centre and imported into our server.
  I have inported into Key storage of visual admin as per guide. Is there any other place to check it?
  Again logon to IB fail with the same error.
  Any idea?
  Regards
  Amar

• Problem while installing Usage Tracking in OBIEE 10g

  Hi all,
  I am installing usage tracking in OBIEE for that created a database called usertracking using the sample tables provided in OBIEE 10g. everything is fine, but while configuring the NQSConfig.INI (like, PHYSICAL_TABLE_NAME   = "usertracking"."dbo"."S_NQ_ACCT" ; where usertracking is the database ) file I am getting the error called : Error 1067 : The process terminated unexpectedly.
  Please help me by your precious suggestions.
  Thanking you,
  Jagadeesha
  Edited by: Jagadeesh on Apr 15, 2012 9:55 PM

  Hi,
  Just keep it only below
  PHYSICAL_TABLE_NAME = "usertracking"."dbo"."S_NQ_ACCT" ;
  for example oracle default usage tracking setting in NQSconfig.ini file
  PHYSICAL_TABLE_NAME = "OBI Usage Tracking"."Catalog"."dbo"."S_NQ_ACCT";
  CONNECTION_POOL = "OBI Usage Tracking"."Usage Tracking Writer Connection Pool" ;
  For more info refer :
  http://obiee101.blogspot.com/2008/08/obiee-setting-up-usage-tracking.html
  http://www.obieetalk.com/obiee11g-setting-usage-tracking
  http://www.oracle.com/webfolder/technetwork/tutorials/obe/fmw/bi/biee/r1013/usage_tracking/usage_tracking.htm
  http://oraclebizint.wordpress.com/2007/08/14/usage-tracking-in-obi-ee/
  Thanks
  Deva

• ORA-09100 specified length too long for its datatype with Usage Tracking.

  Hello Everyone,
  I'm getting an (ORA-09100 specified length too long for its datatype) (a sample error is provided below) when viewing the "Long-Running Queries" from the default Usage Tracking Dashboard. I've isolated the problem to the logical column "Logical SQL" corresponding to the physical column "QUERY_TEXT" in the table S_NQ_ACCT. Everything else is working correctly. The logical column "Logical SQL" is configured as a VARCHAR of length 1024 and the physical column "QUERY_TEXT" is configured as a VARCHAR2 of length 1024 bytes in an Oracle 11g database. Both are the default configurations and were not changed.
  In the the table S_NQ_ACCT we do have record entries in the field "QUERY_TEXT" that are of length 1024 characters. I've tried various configuration such as increasing the the number of bytes or removing any special character but without any sucess. Currently, my only possible workaround is reducing the "Query_Text" data entries to roughly 700 characters. This makes the error go away. Additional point my character set to WE8ISO8859P15.
  - Any suggestions?
  - Has anyone else ever had this problem?
  - Is this potentially an issue with the ODBC drive? If so, why would ODBC not truncate the field length?
  - What is the maximum length supported by BI, ODBC?
  Thanks in advance for everyones help.
  Regards,
  FBELL
  *******************************Error Message**************************************************
  View Display Error
  Odbc driver returned an error (SQLExecDirectW).
  Error Details
  Error Codes: OPR4ONWY:U9IM8TAC:OI2DL65P
  State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred. [nQSError: 17001] Oracle Error code: 910, message: ORA-00910: specified length too long for its datatype at OCI call OCIStmtExecute: select distinct T38187.QUERY_TEXT as c1 from S_NQ_ACCT T38187 order by c1. [nQSError: 17011] SQL statement execution failed. (HY000)
  SQL Issued: SELECT Topic."Logical SQL" saw_0 FROM "Usage Tracking" ORDER BY saw_0
  *******************************************************************************************

  I beleieve I have found the issue for at least one report.
  We have views in our production environment that call materialized views on another database via db link. They are generated nightly to reduce load for day-old reporting purposes on the Production server.
  I have found that the report in question uses a view with PRODUCT_DESCRIPTION. In the remote database, this is a VARCHAR2(1995 Bytes) column. However, when we create a view in our Production environment that simply calls this materialized view, it moves the length to VARCHAR2(4000).
  The oddest thing is that the longest string stored in the MV for that column is 71 characters long.
  I may be missing something here.... But the view that Discoverer created on the APPS side also has a column length for the PRODUCT_DESCRIPTION column of VARCHAR2(4000) and running the report manually returns results less than that - is this a possible bug?

• Move from NON-SSL to SSL (OAS 9.0.4.1)

  We installed OAS 9.0.4.1 (two Midtier and 1 Infst).
  We have Application based on forms. We installed and configure OAS default like non-ssl and forms using port 7778. Now we need to use SSL.
  If somebody give me detail what should be done?
  Actually, what I did
  1. I stop midtier Using EM.
  2. I modified httpd.conf file changed only "Listen from 7778 to 4445" I didn't change port.
  3. Run dcmctl updateconfig -ct ohs
  4. start midtier using EM.
  I can run forms using //http:localhost:4445/forms90/f90servlet? -succesufully
  but My portal is not available. Did I miss something?
  Please help. It is emergency we need to go to PROD.
  Thanks

  I started from beginning install again OAS 9.0.4 and followed instruction in
  whitepaper in the Internet deployment section titled "Oracle Forms 10g - Configuring Security with SSL ".
  Everything was goung okay until last peice run test form using ssl -- https
  I have error
  java.io.IOException: javax.net.ssl.SSLException: Failed set trust point in ssl context
       at oracle.security.ssl.OracleSSLSocketImpl.startHandshake(Unknown Source)
       at oracle.jinitiator.protocol.https.HttpsClient.doConnect(Unknown Source)
       at sun.net.www.http.HttpClient.openServer(Unknown Source)
       at sun.net.www.http.HttpClient.openServer(Unknown Source)
       at sun.net.www.http.HttpClient.<init>(Unknown Source)
       at sun.net.www.http.HttpClient.<init>(Unknown Source)
       at sun.plugin.protocol.jdk12.http.HttpClient.<init>(Unknown Source)
       at oracle.jinitiator.protocol.https.HttpsClient.<init>(Unknown Source)
       at oracle.jinitiator.protocol.https.HttpsClient.New(Unknown Source)
       at oracle.jinitiator.protocol.https.HttpsURLConnection$1.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at oracle.jinitiator.protocol.https.HttpsURLConnection.connect(Unknown Source)
       at sun.plugin.protocol.jdk12.http.HttpURLConnection.getInputStream(Unknown Source)
       at oracle.jre.protocol.jar.HttpUtils.followRedirects(Unknown Source)
       at oracle.jre.protocol.jar.JarCache$CachedJarLoader.download(Unknown Source)
       at oracle.jre.protocol.jar.JarCache$CachedJarLoader.load(Unknown Source)
       at oracle.jre.protocol.jar.JarCache.get(Unknown Source)
       at oracle.jre.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
       at oracle.jre.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source)
       at sun.misc.URLClassPath$JarLoader.getJarFile(Unknown Source)
       at sun.misc.URLClassPath$JarLoader.<init>(Unknown Source)
       at sun.misc.URLClassPath$2.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at sun.misc.URLClassPath.getLoader(Unknown Source)
       at sun.misc.URLClassPath.getLoader(Unknown Source)
       at sun.misc.URLClassPath.getResource(Unknown Source)
       at java.net.URLClassLoader$1.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at java.net.URLClassLoader.findClass(Unknown Source)
       at sun.applet.AppletClassLoader.findClass(Unknown Source)
       at sun.plugin.security.PluginClassLoader.findClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at sun.applet.AppletClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at sun.applet.AppletClassLoader.loadCode(Unknown Source)
       at sun.applet.AppletPanel.createApplet(Unknown Source)
       at sun.plugin.AppletViewer.createApplet(Unknown Source)
       at sun.applet.AppletPanel.runLoader(Unknown Source)
       at sun.applet.AppletPanel.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  WARNING: Unable to cache https://houorcl324.corp.kbr.com:4444/forms90/java/f90all_jinit.jar
  load: class oracle.forms.engine.Main not found.
  java.lang.ClassNotFoundException: java.io.IOException: javax.net.ssl.SSLException: Failed set trust point in ssl context
       at oracle.security.ssl.OracleSSLSocketImpl.startHandshake(Unknown Source)
       at oracle.jinitiator.protocol.https.HttpsClient.doConnect(Unknown Source)
       at sun.net.www.http.HttpClient.openServer(Unknown Source)
       at sun.net.www.http.HttpClient.openServer(Unknown Source)
       at sun.net.www.http.HttpClient.<init>(Unknown Source)
       at sun.net.www.http.HttpClient.<init>(Unknown Source)
       at sun.plugin.protocol.jdk12.http.HttpClient.<init>(Unknown Source)
       at oracle.jinitiator.protocol.https.HttpsClient.<init>(Unknown Source)
       at oracle.jinitiator.protocol.https.HttpsClient.New(Unknown Source)
       at oracle.jinitiator.protocol.https.HttpsURLConnection$1.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at oracle.jinitiator.protocol.https.HttpsURLConnection.connect(Unknown Source)
       at sun.plugin.protocol.jdk12.http.HttpURLConnection.getInputStream(Unknown Source)
       at java.net.HttpURLConnection.getResponseCode(Unknown Source)
       at sun.applet.AppletClassLoader.getBytes(Unknown Source)
       at sun.applet.AppletClassLoader.access$100(Unknown Source)
       at sun.applet.AppletClassLoader$1.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at sun.applet.AppletClassLoader.findClass(Unknown Source)
       at sun.plugin.security.PluginClassLoader.findClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at sun.applet.AppletClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at sun.applet.AppletClassLoader.loadCode(Unknown Source)
       at sun.applet.AppletPanel.createApplet(Unknown Source)
       at sun.plugin.AppletViewer.createApplet(Unknown Source)
       at sun.applet.AppletPanel.runLoader(Unknown Source)
       at sun.applet.AppletPanel.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  Do I need SSL webcache too? It was not in instruction
  please help

• SSL Config on Tomcat

  Hi Experts:
  My Apache+SSL is working now - thanks to you all. I checked it using https://www.hari.com.
  However, I have a small Application which contains JSP+Servlets which calls Oracle DB via JDBC. This application is working fine when I type http://www.hari.com:8080/hari/index.jsp but when I try HTTPS as https://www.hari.com:8080/hari/index.jsp it does'nt work - ie page does'nt shows up.
  I know that HTTPS listens to port 443 and my Application(Tomcat+JBoss) listens to port 8080 - so how do I integrate both the ports to work together? Any useful information on above is appreciated.
  THANKS!
  HARI

  Hi
  I guess that you haven't changed the pot that Tomcat listens for SSL connections.If not the default port for SSL is 8443 for Tomcat. SO if you want your application to run via SSL you must use s.g like https://localhost:8443/......
  if u use 8080 it won't run. The connection to the database should be again to the 8080 port, but the servlet should listen to 8443 for SSL. Check the port in the server.xml file