Enable SSL over iWS4.1SP7 & iAS 6.0SP2

Similar Messages

• Getting error when trying to enable ssl over pop3

  We are using SunOne Messaging Server v5.2 on Solaris 9
  We followed the below steps:
  1. Create a trust database password for "Internal (Software) Token"
  2. Obtain a certificate
  3. Install the certificate along with CA certificate.
  4. The certificate is installed with the name "Server_Cert" and is shown as trusted in the "Certificate Management"
  5. configured ssl over pop3 using configutil
  6. stop and start the services.
  The Configutil changes made are as below:
  nsserversecurity = on
  encryption.rsa.nssslactivation = on
  encryption.rsa.nssslpersonalityssl = Server_Cert
  encryption.rsa.nsssltoken = "Internal (Software)"
  service.pop.enablesslport = yes
  service.pop.sslport = 995
  We saved the below in the sslpassword.conf:
  Internal (Software) Token:mypassword
  After restarting the services, pop3 over ssl is not working.We also checked "netstat -an -P tcp | grep 995" and it shows nothing.
  The logs are showing the below error:
  "[22/Apr/2006:15:46:58 -0300] mail popd[26352]: General Error: SSL initialization error: Didn't find certificate Server_Cert (-8157)"
  Please advice a solution for the same. I am unable to figure out the problem.
  Your help will be highly aperciated .
  Regards
  Ehab

  Hi,
  have you checked whether the cert is in the certsdb using certutil?
  thanks
  ndrb

• Failed to use LDAP over SSL MUTUAL AUTHENTICATION with some Directory enable SSL.

  In iPlanet Web Server, Enterprise Edition Administration's guide, chapter 5: secure your web server - Using SSL and TLS protocol specifying that the Administrator server camn communicate LDAP over SSL with some Directory enable SSL.
  Is there any way to configure iplanet Administration server to talk ldap/ssl in mutual authentication mode with some directory?

  Hi,
  Sorry, I could not understand what your are trying to do with iWS.
  Could you please berifly explain your question. So that I can help you.
  Regards,
  Dakshin.
  Developer Technical Support
  Sun Microsystems
  http://www.sun.com/developers/support.

• Enable HTTP Over SSL: New documentation

  Hi,
  Fyi, a new article has been published in the CQ5.5 documentation:
  Enabling HTTP Over SSL
  hope that helps 
  scott

  Enable ssl for HTTP
  In the administration guide, you shoud find this
  you have to modify ssl.conf to enable ssl, as well in th eopmn.xml there is an option for enable ssl. but more accurant check the guide.
  http://download.oracle.com/docs/cd/B14099_19/core.1012/b13995/sslmid.htm#CHDDGBGF

• Enabling SSL for Oracle Enterprise Manager 10.1.3.1 is Failing!!!

  Hi All,
  I have followed the steps described in
  http://download-uk.oracle.com/docs/cd/B31017_01//core.1013/b28940/em_app.htm#BABCEEAH.
  However when I am trying to start the application server using 'opmnctl startall' the server is not starting and some timeout is getting generated in the log file.
  Is it that enabling SSL will only make the EM console secured? Then how to enable SSL for other soa components like - BPEL,ESB,OWSM? Are there any documentations available?
  Also please let me know how can I enable SSL for Oracle Application server console?
  Please any advice will be appreciated. I am in the middle of a project delivery.
  Thanks

  Hi,
  Let me first highlight the installation that I have done. I have installed SOA components with 'basic installation' mode.
  The log file under <ORACLE_SOA_HOME>/opmn/config/ has generated the following stack:-
  08/07/25 11:03:34 Start process
  08/07/25 11:03:37 WARNING: XMLApplicationServerConfig.overwriteSiteConfigPort Port assignment is ignored: web-site not found in the server OC4JServiceInfo id: default-web-site protocol: http hostname: null port: 8890 description: null
  08/07/25 11:03:37 WARNING: XMLApplicationServerConfig.overwriteSiteConfigPort Port assignment is ignored: web-site not found in the server OC4JServiceInfo id: secure-web-site protocol: https hostname: null port: 1156 description: null
  08/07/25 11:03:47 log4j:WARN No appenders could be found for logger (wsif).
  08/07/25 11:03:47 log4j:WARN Please initialize the log4j system properly.
  08/07/25 11:03:53 WARNING: OC4J Service: ascontrol-web-site with protocol: https and port: 1156 was not declared in opmn.xml
  08/07/25 11:03:53 Oracle Containers for J2EE 10g (10.1.3.1.0) initialized
  08/07/25 11:03:53 WARNING: OC4J will not send ONS ProcReadyPort messages to opmn for service: OC4JServiceInfo id: default-web-site protocol: http hostname: null port: 8890 description: null
  08/07/25 11:03:53 default-web-site hostname was null
  08/07/25 11:03:53 WARNING: OC4J will not send ONS ProcReadyPort messages to opmn for service: OC4JServiceInfo id: secure-web-site protocol: https hostname: null port: 1156 description: null
  08/07/25 11:03:53 secure-web-site hostname was null
  On the command prompt I am getting the following error:-
  opmn id=CALTP8BB32:6203
  0 of 1 processes started.
  ias-instance id=home.CALTP8BB32.cts.com
  +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  ias-component/process-type/process-set:
  default_group/home/default_group/
  Error
  --> Process (index=1,uid=301928631,pid=2944)
  failed to start a managed process after the maximum retry limit
  Log:
  D:\product\SOASuite\opmn\logs\\default_group~home~default_group~1.log
  --------------------------------------------------------------+---------
  ias-component | process-type | pid | status
  --------------------------------------------------------------+---------
  OC4JGroup:default_group | OC4J:home | N/A | Down
  ASG | ASG | N/A | Down
  Please let me know where am I going wrong?
  Thanks,
  Mandrita.

• How to enable ssl in ohs

  I installed the web tier (ohs and web cache) 11.1.1.2 on 2008 r2 64 bits. Also I patched that to 11.1.1.3 I did not think and this may
  be where I went wrong, I needed to install weblogic?. I have not done anything with webcache. yet.
  I had imagined I could enable ssl in apache the way it is done on other installations just by putting entries in
  the ssl.conf like SSLCertificateFile and SSLCertificateKeyFile . But no. The software will not allow you to do that.
  I believe the certificate has to go in a wallet (for ohs. Other fusion things want a different plan). There's multiple
  wallet programs already there such as from installing the database. I find that the wallet program will not allow
  me to use the csr I already created that was used to get the certificate I have gotten. oops!
  So anyone know if there is a way around this so I can use the .crt and .key I have for this domain name?
  This is really taking a lot of time. I suppose I could install apache, the regular one, on this machine so that I
  could use an ssl connection to that and then hand it over to ohs. Since it wasn't going anywhere it wouldn't
  be much of a problem the traffic wasn't encrypted.
  Edited by: lake on Nov 23, 2010 7:11 PM

  I thought I'd never get this to work. No one should bother trying without reading the docs
  1226484.1 and 1218603.1 on metalink.
  While it could be that one could use a reverse proxy such as using proxypass and proxypass reverse
  in an apache web server so that ssl could be configured in the other server, I saw reports of that not always working.
  Otherwise if one did not install weblogic I believe the only way to configure ssl with this version of ohs is with orapki the command line
  interface for handling wallets, or the gui wallet application which I found on the 11gr2 database menu under "integrated management tools". You may be able to add an existing csr to a wallet via the orapki interface.
  If you were using a separate key and certificate you may be able to change them to the wallet requirements given sufficient knowledge of opensll. That was more knowledge than I had. So what I did
  was start over from scratch totally. I created the csr in the wallet gui, exported it, submitted it, and got a totally new cert from our cert source.
  What I used for the wallet "operations, import user certificate" was a .cer file, and it worked. The wallet already had our CA in it so I did not have to fight that battle. Hallelujah.
  It is essential to check on the "Wallet" menu the "Auto Login" selection before saving it. When you save a wallet
  it will be called cwallet.sso if it is autologin. If the saved file is called ewallet.p12 it is not autologin and will not
  work for ohs.
  After you have saved your wallet as cwallet.sso say in
  "....instances\instance1\config\OHS\ohs1\mykeys"
  then you would need to check the ssl.conf and it would need to be like so:
  SSLWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/mykeys"
  Note that is to the directory the sso file is in.
  But wait there's more....
  on windows 2008 r2, you need to get fire up windows explorer and navigate to your cwallet.sso file
  Under properties, security you need to add SYSTEM in "group or user names" and give it all permissions possible.
  Secondly, you need to go under properties, security, advanced, owner and change the owner to SYSTEM.
  Without these changes it will never work because the web server cannot open the wallet.
  Remember by default the logs go in
  "....instances\instance1\diagnostics\logs\OHS\ohs1"
  I became very familiar with them :-)

• Issue with one of the Managed server while enabling SSL.__ Issue Resovled

  Weblogic version:wls 8.1sp6
  SSL: internal
  Environment:
  1 AdminServer and 2 Managed servers. Admin and M1 are on same host. M2 is on different host. We have enabled SSL on M1 & M2 only. Configuration of M1 & M2 are identical. After restarting the servers M1 has no issue with SSL but M2 throws javax.net.ssl.SSLKeyException as shown below,
  <Aug 4, 2008 12:29:01 PM BST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
  <Aug 4, 2008 12:29:02 PM BST> <Info> <WebLogicServer> <BEA-000213> <Adding address: 10.96.201.249 to licensed client list>
  <Aug 4, 2008 12:29:09 PM BST> <Notice> <Security> <BEA-090171> <Loading the identity certificate stored under the alias wpy-euq02 from the JKS keystore file /home/lonwpyq/ssl_cert/WPY_PAYROLLSOLUTIONSKeystore.jks.>
  <Aug 4, 2008 12:29:09 PM BST> <Notice> <Security> <BEA-090170> <Loading the private key stored under the alias wpy-euq02 from the JKS keystore file /home/lonwpyq/ssl_cert/WPY_PAYROLLSOLUTIONSKeystore.jks.>
  <Aug 4, 2008 12:29:09 PM BST> <Warning> <Security> <BEA-090773> <The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.>
  <Aug 4, 2008 12:29:09 PM BST> <Warning> <Security> <BEA-090773> <The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.>
  <Aug 4, 2008 12:29:09 PM BST> <Warning> <Security> <BEA-090773> <The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.>
  <Aug 4, 2008 12:29:09 PM BST> <Error> <Cluster> <BEA-000141> <TCP/IP socket failure occurred while fetching statedump over HTTP from -6401422690190304510S:lonlxwebhost99:[16544,16544,16042,16042,16544,16042,-1,0,0]:etg:lonwpyq_16543_1.
  javax.net.ssl.SSLKeyException: [Security:090773]The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.
  at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
  at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
  at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
  at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
  at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
  at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
  at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
  at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
  at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
  at com.certicom.tls.record.WriteHandler.write(Unknown Source)
  at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
  at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
  at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
  at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
  at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:122)
  at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:322)
  at weblogic.cluster.HTTPExecuteRequest.connect(HTTPExecuteRequest.java:73)
  at weblogic.cluster.HTTPExecuteRequest.execute(HTTPExecuteRequest.java:121)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)>
  Please let me know where I am going wrong. Thnx in advance
  Message was edited by:
  Shashi_sr

  Solution given by BEA Engineer:
  <Warning> <Security> <BEA-090773> <The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.>
  The reason for this was
  The CA Certificate was missing a required bit (according to RFC 3280).
  keyEncipherment bit is not in the KeyUsage and KeyUsage is marked as critical.
  As per RFC:
  The keyEncipherment bit is asserted when the subject public key is
  used for key transport. For example, when an RSA key is to be
  used for key management, then this bit is set.
  According to RFC3280, when the key will be used to encrypt other keys that are send over the wire ("key transport") the keyEncipherment bit of the KeyUsage extension must be set. If the KeyUsage extension is critical, the SSL certificate validation will check that the key can be used in the key agreement. That is, that the key can be used to encrypt the symmetric public key.
  Your KeyUsage only contains the following bits:
  [4]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [
  DigitalSignature
  Key_CertSign
  Crl_Sign
  Since it is marked Critical, it MUST have the keyEncipherment bit.
  Otherwise, it should not be marked as Critical.
  So the three solutions that should work are
  1) Remove keyUsage
  2) Don't mark keyUsage as critical
  3) If keyUsage is critical, make sure keyEncipherment bit is set.

• POA IMAP and enabling SSL

  I would like to enable SSL to allow external users (mostly users using PDA's, cell phones, etc) to connect to our POA using IMAP. Of course I want to enable SSL for IMAP connections as otherwise it would pass their credentials in plain text.
  I have IMAP running without SSL on port 143 just fine. However, I'm unable to get IMAP to listen on 993 for SSL. I've tried enabling the option using the POA object via ConsoleOne. I've also tried enabling it using the switches in the .POA startup file and neither seems to work.
  I've exported the certificate using the self signed server certificate object in ConsoleOne and pointed the POA object to the certificate in the POA object configuration options and still nothing.
  In the log/settings for the POA I still see...
  Internet Protocol Agent Settings:
  IMAP Agent: Enabled
  IMAP Port for Incoming IMAP requests: 143 (Default)
  IMAP over SSL: Disabled
  Any help is appreciated.
  Thanks,
  Walter Keener
  Network Administrator
  Grandville Public Schools

  OK, I'm making progress. I followed your/Novell's instructions for the CSR to create the certificate and key file and IMAP via SSL appears to be up and running...
  16:59:10 1FB Internet Protocol Agent Settings:
  16:59:10 1FB IMAP Agent: Enabled
  16:59:10 1FB IMAP Port for Incoming IMAP requests: 143 (Default)
  16:59:10 1FB IMAP over SSL: Enabled
  16:59:10 1FB IMAP SSL Agent: Enabled
  16:59:10 1FB IMAP SSL Port for Incoming IMAP requests: 993 (Default)
  However, when I try to connect to IMAP on port 993 via SSL I receive a connection error on the client side. On the POA side I see this message in he log file...
  17:01:32 330 New IMAP session initiated from 10.51.10.88
  17:01:32 330 *** NEW PHYS. CONNECTION, Tbl Entry=5, Socket=235
  17:01:32 330 Return from IMAP [890F]
  17:01:32 330 *** PHYSICAL PORT DISCONNECTED, Tbl Entry=5, Socket=235
  Thanks again for any help you can provide.
  Walter Keener
  Network Administrator
  Grandville Public Schools

• How do I enable SSL to serve swfs and non video content in FMS 4.5

  I'm running FMS 4.5 with the built in Apache server on a Windows 2003 server running SP2.  Our users are complaining that embedded videos in Chrome aren't displaying properly because the SWFs and some of the non video content are being delivered over http instead of https.  I'm having trouble finding any documentation on how to add an SSL cert to the Apache server and enabling it to serve content over 443.  I've requested my cert and am following my CA's docs on adding the cert to Apache, but I'm not seeing the VirtualDirectory referenced in the httpd.conf file.  I'm relatively new to Apache configuration, so please include as much detail as possible in your answer.  Thanks in advance for any assistance.

  Look for httpd-hls-secure.conf file in AMS(FMS) Apache Bundle. httpd.conf includes this file. This enables SSL for key delivery for HLS. You may like to do the same for other cases.
  Other than this, you have to enable the LoadModule mod_ssl in httpd.conf.

• How to enable SSL for policy service?

  Hi all,
  My application is using SunONE's C API to communicate with the Identity Server.
  In order to enable SSL, I have changed the following lines in amconfig.properties:
  com.sun.am.namingURL = https://id01.core.development.net:443/amserver/namingservice
  com.sun.am.policy.am.loginURL = https://id01.core.development.net:443/amserver/UI/Login
  com.sun.am.policy.am.library.loginURL = https://id01.core.development.net:443/amserver/UI/Login
  After operating these changes, everything continued to work fine...but then, I checked with a network sniffer what data is being sent to IS:
  - The login and naming data were over SSL
  - Policy and session items were plain HTTP
  My questions are:
  1. How to enable SSL for policy evaluation requests?
  2. How to enable SSL for sessionservice requests?
  3. What are the changes required on the server/client?
  Many thanks,
  Dan

  There might a better different forum for this question.

• Enabling SSL on SAP NetWeaver 7.0 ABAP Trial Version

  Hello,
  I installed the SAP NetWeaver 7.0 ABAP Trial Version and am trying to use the class cl_http_client to GET an xml file over ssl.
  The method cl_http_client_receive returns error "http_communication_failure", the get_last_error method returns "110", which isn't a valid http/1.1 statuscode for as far as I know.
  I 'think' the reason for this problem is the fact that there is no ssl certificate installed on my test system, does anyone know if this really is the problem, and if so, if it is possible to enable ssl on the trial system?

  Which HTTP header do you set up when issuing the GET?  Which method do you use, BYURL or BYDESTINATION?  SSL is only used when you set 'SCHEME' to value '2'.
  In order to activate SSL, you need to specify 'SSL_ID' within CL_HTTP_CLIENT=>CREATE.  This ID links to an SSL client certificate shown in transaction STRUST (display all client cert IDs via 'Environment').  In STUST, you can also create new SSL client certs.  However, to be able to run STRUST in this way, you first have to obtain the SAP Cryptographic Library from SAP Service Marketplace and install it in you system.
  Regards,
  Birger

• Strange error when enabling SSL on Oracle HTTP Server

  Hi,
  In our production environment Oracle HTTP Server starts fine when SSL is disabled.
  We've enabled SSL in our dev/uat environments using instructions from the Oracle Documentation. It was pretty straightforward.
  When i tried to do the same in our production environment, the Oracle HTTP Server wouldnt restart. I've had a look around the forums and havent seen anyone report the same error we are seeing in the logfile.
  $ORACE_HOME/opmn/bin/opmnctl verbose startproc ias-component=HTTP_Server
  HTTP/1.1 200 OK
  Content-Length: 0
  Content-Type: text/html
  Response: Ping succeeded.
  opmnctl: starting opmn managed processes...
  HTTP/1.1 204 No Content
  Content-Length: 718
  Content-Type: text/html
  Response: 0 of 1 processes started.
  <?xml version='1.0' encoding='ISO-8859-1'?>
  <response>
  <opmn id="ubrf1200:6201" http-status="204" http-response="0 of 1 processes started.">
  <ias-instance id="IAS-X-ubrf1200.6299">
  <ias-component id="HTTP_Server">
  <process-type id="HTTP_Server">
  <process-set id="HTTP_Server">
  <process id="350814320" pid="29207" status="Stopped" index="1" log="$ORACE_HOME/opmn/logs/HTTP_Server~1" operation="request" result="failure">
  <msg code="-21" text="failed to start a managed process after the maximum retry limit">
  </msg>
  </process>
  </process-set>
  </process-type>
  </ias-component>
  </ias-instance>
  </opmn>
  </response>
  The HTTP_Server~1 log contains the below error:
  09/08/16 13:24:40 Start process
  $ORACLE_HOME/Apache/Apache/bin/apachectl startssl: execing httpd
  VirtualHost configuration:
  127.0.0.1:7201 127.0.0.1 ($ORACLE_HOME/Apache/Apache/conf/dms.conf:21)
  I've compared dms.conf from all 3 of dev/uat/prod
  diff dev-dms.conf dms.conf
  15c15
  < Redirect /dms0/AggreSpy http://127.0.0.1:7200/dmsoc4j/AggreSpy
  Redirect /dms0/AggreSpy http://127.0.0.1:7201/dmsoc4j/AggreSpy
  18,19c18,19
  < Listen 127.0.0.1:7200
  < OpmnHostPort http://127.0.0.1:7200
  Listen 127.0.0.1:7201
  OpmnHostPort http://127.0.0.1:7201
  21c21
  < <VirtualHost 127.0.0.1:7200>
  <VirtualHost 127.0.0.1:7201>30c30
  No Apache logs are being written to when we try starting the Oracle HTTP Server with ssl enabled.
  Has anyone experienced this problem before? Any idea how we can get this working?
  Thanks,
  Stephen

  Noticed that when it starts with apachectl startssl, it doesnt like any <VirtualHost directive
  The line in the dms.conf file that it errors out at is :
  <VirtualHost 127.0.0.1:7201>
  When i added a redirect the httpd.conf file, it errors out at the <VirtualHost line also
  Any idea why the Oracle HTTP Server wouldnt like <VirtualHost directives when running startssl?

• Enable SSL to LDAP / MS AD : Portal will not start

  Hi all ,
  We have successfully enabled portal User Authentication to MS AD/LDAP over port 389 in a EP6 SP2 portal . Portal use                                       
  Now we wish to switch to LDAP over SSL .We did the following for a Ad with SSL enabled on port 636 :
  1) Import the AD server cert into the keystore using Visual admin tool
  2) Log into portal as adminstrator > Go to UM Administration          
  3) Change DataSource to AD , Flat heirarchy                           
  4) Enter hostname of AD server , user . password , paths etc.., Enable SSL    
  5) Save config and restart portal     
  Now the Portal will not start and we get the following error messages in the 
  console_logs...any ideas ???                            
  Loading services:                                                       
    Loading service: com.sap.portal.license.runtime license                
  java.lang.NullPointerException
          at com.sap.security.core.util.imp.UMTrace.debug(UMTrace.java:      
  739)                                                                               
  at com.sap.security.core.util.imp.UMTrace.debug(UMTrace.java:      
  840)                                                                               
  at com.sap.security.core.util.imp.UMTrace.fatalT(UMTrace.java:     
  586)                                                                               
  at com.sap.security.core.persistence.datasource.imp.               
  LDAPConnectionManage                                                       
  r.initConnectionPools(LDAPConnectionManager.java:556)                      
          at com.sap.security.core.persistence.datasource.imp.               
  LDAPConnectionManage                                                       
  r.initialize(LDAPConnectionManager.java:77)

  Here's another option that might work for you:
  Check out this note: 789590.  From reading between the lines it looks like you can change your um config without the portal being up by creating a file called 'sapum.properties.upgrade'.  That note talks about modifying some logging parameters but you should be able to substitute the um parameters to change your config back to using just the portal database.
  Here's what sap explained about the process:
  "you can update single um.properties by defining a file called sapum.properties.upgrade and storing it in the
  directory \ume\. During the next startup, these properties are uploaded and update the older values from the UME properties stored in the PCD.
  Values that are not listed in the .upgrade file are not touched. The upload is done before the service is starting, so that the updated values are taken as start parameters. Again in note 789590, you can find an example for an upgrade file (in this case for updating the information on the logging settings)."
  Once you get the portal up and running, when you try to change the UM config, make sure you click on the 'Test Connection' button after you've saved the new ldap settings to make sure that everything is ok.  The ldap server might be accessable but you might have a problem with the user, password, group or user path.  Also if you're using SSL then make sure the 'Use SSL for Ldap access' is checked.
  Hope that helps.
  Regards,
  Robin.

• Enabling SSL in R12

  Is it possible to enable SSL on R12 without using a valid certificate? I am currently reviewing doc 376700.1 but do not have a working instance yet.

  Hi,
  You can try a [free trial certificate|http://www.verisign.com/ssl/buy-ssl-certificates/free-ssl-certificate-trial/index.html] which is valid for 14 days only -- This is already mentioned in the document (under "Digital Certificate (Public Key)").
  Regards,
  Hussein

• Attempting to use SSL over RMI from a web application to a RMI server

  Hi,
  I am attempting to use SSL over RMI to a server. The client is the web
  application that is hosted on WebLogic and that attempts to connect to the
  server. There is no client or server verification at either the client or
  the server end. The code works outside of WebLogic 7/8 but has the following
  issues when running the web application inside weblogic:
  java.rmi.ConnectException: Connection refused to host: gkhanna1; nested
  exception is:
  java.net.ConnectException: Connection refused: connect
  java.net.ConnectException: Connection refused: connect
  at java.net.PlainSocketImpl.socketConnect(Native Method)
  at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:350)
  at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:137)
  at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:124)
  at java.net.Socket.<init>(Socket.java:268)
  at java.net.Socket.<init>(Socket.java:95)
  at
  sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketF
  actory.java:20)
  at
  sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketF
  actory.java:115)
  at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:494)
  at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:185)
  at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:169)
  at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:313)
  at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
  at java.rmi.Naming.lookup(Naming.java:79)
  at
  com.hyperion.css.spi.impl.ntlm.NTLMConnectionClient.initConnection(NTLMConne
  ctionClient.java:59)
  at
  com.hyperion.css.spi.impl.ntlm.NTLMConnectionClient.getUsers(NTLMConnectionC
  lient.java:197)
  at com.hyperion.css.CSSAPIImpl.getUsers(Unknown Source)
  at com.hyperion.css.CSSAPIImpl.initialize(Unknown Source)
  at com.hyperion.css.CSSAPIImpl.initialize(Unknown Source)
  at jsp_servlet._jsp._app1.__app1signin._jspService(__app1signin.java:133)
  at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
  at
  weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(Servle
  tStubImpl.java:1058)
  at
  weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
  :401)
  at
  weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
  :445)
  at
  weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
  :306)
  at
  weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(W
  ebAppServletContext.java:5445)
  at
  weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManage
  r.java:780)
  at
  weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
  ntext.java:3105)
  at
  weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
  :2588)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:213)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:189)
  The code at the client that initiates the connection:
  socketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
  SSLSocket socket = (SSLSocket) socketFactory.createSocket(host, port);
  socket.setEnabledCipherSuites(CIPHERS);
  socket.setEnableSessionCreation(true);
  Any ideas?
  Thanks

  I don't see anything that indicates SSL was directly a factor in the
  failure.
  From the exception stack it looks like a more basic connectivity issue,
  maybe the URL for the
  RMI server is incorrect for some reason or the server was down.
  It looks like you are doing something like this:
  SSL client -> WLS server with servletA, servletA RMI client
  (com.hyperion.css) -> RMI server
  The connection failure appears to be the connection from servletA RMI client
  to the RMI server.
  Is that a correct picture?
  Tony
  "Gaurav Khanna" <[email protected]> wrote in message
  news:[email protected]...
  Hi,
  I am attempting to use SSL over RMI to a server. The client is the web
  application that is hosted on WebLogic and that attempts to connect to the
  server. There is no client or server verification at either the client or
  the server end. The code works outside of WebLogic 7/8 but has thefollowing
  issues when running the web application inside weblogic:
  java.rmi.ConnectException: Connection refused to host: gkhanna1; nested
  exception is:
  java.net.ConnectException: Connection refused: connect
  java.net.ConnectException: Connection refused: connect
  at java.net.PlainSocketImpl.socketConnect(Native Method)
  at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:350)
  at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:137)
  at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:124)
  at java.net.Socket.<init>(Socket.java:268)
  at java.net.Socket.<init>(Socket.java:95)
  at
  sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketF
  actory.java:20)
  at
  sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketF
  actory.java:115)
  at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:494)
  at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:185)
  at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:169)
  at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:313)
  at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
  at java.rmi.Naming.lookup(Naming.java:79)
  at
  com.hyperion.css.spi.impl.ntlm.NTLMConnectionClient.initConnection(NTLMConne
  ctionClient.java:59)
  at
  com.hyperion.css.spi.impl.ntlm.NTLMConnectionClient.getUsers(NTLMConnectionC
  lient.java:197)
  at com.hyperion.css.CSSAPIImpl.getUsers(Unknown Source)
  at com.hyperion.css.CSSAPIImpl.initialize(Unknown Source)
  at com.hyperion.css.CSSAPIImpl.initialize(Unknown Source)
  at jsp_servlet._jsp._app1.__app1signin._jspService(__app1signin.java:133)
  at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
  at
  weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(Servle
  tStubImpl.java:1058)
  at
  weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
  :401)
  at
  weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
  :445)
  at
  weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
  :306)
  at
  weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(W
  ebAppServletContext.java:5445)
  at
  weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManage
  r.java:780)
  at
  weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
  ntext.java:3105)
  at
  weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
  :2588)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:213)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:189)
  The code at the client that initiates the connection:
  socketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
  SSLSocket socket = (SSLSocket) socketFactory.createSocket(host, port);
  socket.setEnabledCipherSuites(CIPHERS);
  socket.setEnableSessionCreation(true);
  Any ideas?
  Thanks