Enable SSL over iWS4.1SP7 & iAS 6.0SP2
Hi,
I am running iPlanet Web Server (WS4.1SP7)with two instances running, with one instance runing in "Encryption" mode for SSL access.
Both instances access the same WAR modules in iPlanet Application Server (iAS6SP2).
I have successfully installed the SSL cert in the iWS encryted instance.
However, SSL access was available across the whole site, we want the Login module (login.war) with SSL enabled only.
I have enabled "secure session" for the login.war Web Application module. However iWS won't automatically switch to SSL mode.
So far I only came up with this solution:
Set-up URL prefixes (https://mysite/) in iWS with /NASApp/login/ so that all access to http://mysite/NASApp/login will redirect to https://mysite/NASApp/login
(I don't think this is a good idea as the whole site still have SSL enabled (i.e. https://mysite/index.html)
What are the correct steps to configure SSL access (directory level) in iWS and iAS?
Are there any documents to follow?
Thanks,
Kasnol Abrinski
I have read the SSO admin guide, and performed the steps for enabling SSL on the SSO, and followed the steps to configure mod_osso with virtual host on port 4443 as mentioned in the admin guide.
The case now is that when I call my form (which is developed by forms developer suite 10g and deployed on the forms server which is SSO enabled) , it calls the SSO module on port 7777 using http (the default behaviour).
on a URL that looks like this :
http://myhostname:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
and gives the error :
( Forbidden
You don't have permisission to access /sso/auth on this server at port 7777)
when I manually change the URL to :
https://myhostname:4443/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
the SSO works correctly.
The question is :
How can I change this default behaviour and make it call SSO on port 4443 using https instead ?
Any ideas ?
Thanks in advance
Similar Messages
-
Getting error when trying to enable ssl over pop3
We are using SunOne Messaging Server v5.2 on Solaris 9
We followed the below steps:
1. Create a trust database password for "Internal (Software) Token"
2. Obtain a certificate
3. Install the certificate along with CA certificate.
4. The certificate is installed with the name "Server_Cert" and is shown as trusted in the "Certificate Management"
5. configured ssl over pop3 using configutil
6. stop and start the services.
The Configutil changes made are as below:
nsserversecurity = on
encryption.rsa.nssslactivation = on
encryption.rsa.nssslpersonalityssl = Server_Cert
encryption.rsa.nsssltoken = "Internal (Software)"
service.pop.enablesslport = yes
service.pop.sslport = 995
We saved the below in the sslpassword.conf:
Internal (Software) Token:mypassword
After restarting the services, pop3 over ssl is not working.We also checked "netstat -an -P tcp | grep 995" and it shows nothing.
The logs are showing the below error:
"[22/Apr/2006:15:46:58 -0300] mail popd[26352]: General Error: SSL initialization error: Didn't find certificate Server_Cert (-8157)"
Please advice a solution for the same. I am unable to figure out the problem.
Your help will be highly aperciated .
Regards
EhabHi,
have you checked whether the cert is in the certsdb using certutil?
thanks
ndrb -
Failed to use LDAP over SSL MUTUAL AUTHENTICATION with some Directory enable SSL.
In iPlanet Web Server, Enterprise Edition Administration's guide, chapter 5: secure your web server - Using SSL and TLS protocol specifying that the Administrator server camn communicate LDAP over SSL with some Directory enable SSL.
Is there any way to configure iplanet Administration server to talk ldap/ssl in mutual authentication mode with some directory?Hi,
Sorry, I could not understand what your are trying to do with iWS.
Could you please berifly explain your question. So that I can help you.
Regards,
Dakshin.
Developer Technical Support
Sun Microsystems
http://www.sun.com/developers/support. -
Enable HTTP Over SSL: New documentation
Hi,
Fyi, a new article has been published in the CQ5.5 documentation:
Enabling HTTP Over SSL
hope that helps
scottEnable ssl for HTTP
In the administration guide, you shoud find this
you have to modify ssl.conf to enable ssl, as well in th eopmn.xml there is an option for enable ssl. but more accurant check the guide.
http://download.oracle.com/docs/cd/B14099_19/core.1012/b13995/sslmid.htm#CHDDGBGF -
Hi All,
I have followed the steps described in
http://download-uk.oracle.com/docs/cd/B31017_01//core.1013/b28940/em_app.htm#BABCEEAH.
However when I am trying to start the application server using 'opmnctl startall' the server is not starting and some timeout is getting generated in the log file.
Is it that enabling SSL will only make the EM console secured? Then how to enable SSL for other soa components like - BPEL,ESB,OWSM? Are there any documentations available?
Also please let me know how can I enable SSL for Oracle Application server console?
Please any advice will be appreciated. I am in the middle of a project delivery.
ThanksHi,
Let me first highlight the installation that I have done. I have installed SOA components with 'basic installation' mode.
The log file under <ORACLE_SOA_HOME>/opmn/config/ has generated the following stack:-
08/07/25 11:03:34 Start process
08/07/25 11:03:37 WARNING: XMLApplicationServerConfig.overwriteSiteConfigPort Port assignment is ignored: web-site not found in the server OC4JServiceInfo id: default-web-site protocol: http hostname: null port: 8890 description: null
08/07/25 11:03:37 WARNING: XMLApplicationServerConfig.overwriteSiteConfigPort Port assignment is ignored: web-site not found in the server OC4JServiceInfo id: secure-web-site protocol: https hostname: null port: 1156 description: null
08/07/25 11:03:47 log4j:WARN No appenders could be found for logger (wsif).
08/07/25 11:03:47 log4j:WARN Please initialize the log4j system properly.
08/07/25 11:03:53 WARNING: OC4J Service: ascontrol-web-site with protocol: https and port: 1156 was not declared in opmn.xml
08/07/25 11:03:53 Oracle Containers for J2EE 10g (10.1.3.1.0) initialized
08/07/25 11:03:53 WARNING: OC4J will not send ONS ProcReadyPort messages to opmn for service: OC4JServiceInfo id: default-web-site protocol: http hostname: null port: 8890 description: null
08/07/25 11:03:53 default-web-site hostname was null
08/07/25 11:03:53 WARNING: OC4J will not send ONS ProcReadyPort messages to opmn for service: OC4JServiceInfo id: secure-web-site protocol: https hostname: null port: 1156 description: null
08/07/25 11:03:53 secure-web-site hostname was null
On the command prompt I am getting the following error:-
opmn id=CALTP8BB32:6203
0 of 1 processes started.
ias-instance id=home.CALTP8BB32.cts.com
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ias-component/process-type/process-set:
default_group/home/default_group/
Error
--> Process (index=1,uid=301928631,pid=2944)
failed to start a managed process after the maximum retry limit
Log:
D:\product\SOASuite\opmn\logs\\default_group~home~default_group~1.log
--------------------------------------------------------------+---------
ias-component | process-type | pid | status
--------------------------------------------------------------+---------
OC4JGroup:default_group | OC4J:home | N/A | Down
ASG | ASG | N/A | Down
Please let me know where am I going wrong?
Thanks,
Mandrita. -
I installed the web tier (ohs and web cache) 11.1.1.2 on 2008 r2 64 bits. Also I patched that to 11.1.1.3 I did not think and this may
be where I went wrong, I needed to install weblogic?. I have not done anything with webcache. yet.
I had imagined I could enable ssl in apache the way it is done on other installations just by putting entries in
the ssl.conf like SSLCertificateFile and SSLCertificateKeyFile . But no. The software will not allow you to do that.
I believe the certificate has to go in a wallet (for ohs. Other fusion things want a different plan). There's multiple
wallet programs already there such as from installing the database. I find that the wallet program will not allow
me to use the csr I already created that was used to get the certificate I have gotten. oops!
So anyone know if there is a way around this so I can use the .crt and .key I have for this domain name?
This is really taking a lot of time. I suppose I could install apache, the regular one, on this machine so that I
could use an ssl connection to that and then hand it over to ohs. Since it wasn't going anywhere it wouldn't
be much of a problem the traffic wasn't encrypted.
Edited by: lake on Nov 23, 2010 7:11 PMI thought I'd never get this to work. No one should bother trying without reading the docs
1226484.1 and 1218603.1 on metalink.
While it could be that one could use a reverse proxy such as using proxypass and proxypass reverse
in an apache web server so that ssl could be configured in the other server, I saw reports of that not always working.
Otherwise if one did not install weblogic I believe the only way to configure ssl with this version of ohs is with orapki the command line
interface for handling wallets, or the gui wallet application which I found on the 11gr2 database menu under "integrated management tools". You may be able to add an existing csr to a wallet via the orapki interface.
If you were using a separate key and certificate you may be able to change them to the wallet requirements given sufficient knowledge of opensll. That was more knowledge than I had. So what I did
was start over from scratch totally. I created the csr in the wallet gui, exported it, submitted it, and got a totally new cert from our cert source.
What I used for the wallet "operations, import user certificate" was a .cer file, and it worked. The wallet already had our CA in it so I did not have to fight that battle. Hallelujah.
It is essential to check on the "Wallet" menu the "Auto Login" selection before saving it. When you save a wallet
it will be called cwallet.sso if it is autologin. If the saved file is called ewallet.p12 it is not autologin and will not
work for ohs.
After you have saved your wallet as cwallet.sso say in
"....instances\instance1\config\OHS\ohs1\mykeys"
then you would need to check the ssl.conf and it would need to be like so:
SSLWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/mykeys"
Note that is to the directory the sso file is in.
But wait there's more....
on windows 2008 r2, you need to get fire up windows explorer and navigate to your cwallet.sso file
Under properties, security you need to add SYSTEM in "group or user names" and give it all permissions possible.
Secondly, you need to go under properties, security, advanced, owner and change the owner to SYSTEM.
Without these changes it will never work because the web server cannot open the wallet.
Remember by default the logs go in
"....instances\instance1\diagnostics\logs\OHS\ohs1"
I became very familiar with them :-) -
Issue with one of the Managed server while enabling SSL.__ Issue Resovled
Weblogic version:wls 8.1sp6
SSL: internal
Environment:
1 AdminServer and 2 Managed servers. Admin and M1 are on same host. M2 is on different host. We have enabled SSL on M1 & M2 only. Configuration of M1 & M2 are identical. After restarting the servers M1 has no issue with SSL but M2 throws javax.net.ssl.SSLKeyException as shown below,
<Aug 4, 2008 12:29:01 PM BST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
<Aug 4, 2008 12:29:02 PM BST> <Info> <WebLogicServer> <BEA-000213> <Adding address: 10.96.201.249 to licensed client list>
<Aug 4, 2008 12:29:09 PM BST> <Notice> <Security> <BEA-090171> <Loading the identity certificate stored under the alias wpy-euq02 from the JKS keystore file /home/lonwpyq/ssl_cert/WPY_PAYROLLSOLUTIONSKeystore.jks.>
<Aug 4, 2008 12:29:09 PM BST> <Notice> <Security> <BEA-090170> <Loading the private key stored under the alias wpy-euq02 from the JKS keystore file /home/lonwpyq/ssl_cert/WPY_PAYROLLSOLUTIONSKeystore.jks.>
<Aug 4, 2008 12:29:09 PM BST> <Warning> <Security> <BEA-090773> <The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.>
<Aug 4, 2008 12:29:09 PM BST> <Warning> <Security> <BEA-090773> <The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.>
<Aug 4, 2008 12:29:09 PM BST> <Warning> <Security> <BEA-090773> <The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.>
<Aug 4, 2008 12:29:09 PM BST> <Error> <Cluster> <BEA-000141> <TCP/IP socket failure occurred while fetching statedump over HTTP from -6401422690190304510S:lonlxwebhost99:[16544,16544,16042,16042,16544,16042,-1,0,0]:etg:lonwpyq_16543_1.
javax.net.ssl.SSLKeyException: [Security:090773]The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:122)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:322)
at weblogic.cluster.HTTPExecuteRequest.connect(HTTPExecuteRequest.java:73)
at weblogic.cluster.HTTPExecuteRequest.execute(HTTPExecuteRequest.java:121)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)>
Please let me know where I am going wrong. Thnx in advance
Message was edited by:
Shashi_srSolution given by BEA Engineer:
<Warning> <Security> <BEA-090773> <The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.>
The reason for this was
The CA Certificate was missing a required bit (according to RFC 3280).
keyEncipherment bit is not in the KeyUsage and KeyUsage is marked as critical.
As per RFC:
The keyEncipherment bit is asserted when the subject public key is
used for key transport. For example, when an RSA key is to be
used for key management, then this bit is set.
According to RFC3280, when the key will be used to encrypt other keys that are send over the wire ("key transport") the keyEncipherment bit of the KeyUsage extension must be set. If the KeyUsage extension is critical, the SSL certificate validation will check that the key can be used in the key agreement. That is, that the key can be used to encrypt the symmetric public key.
Your KeyUsage only contains the following bits:
[4]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
Since it is marked Critical, it MUST have the keyEncipherment bit.
Otherwise, it should not be marked as Critical.
So the three solutions that should work are
1) Remove keyUsage
2) Don't mark keyUsage as critical
3) If keyUsage is critical, make sure keyEncipherment bit is set. -
I would like to enable SSL to allow external users (mostly users using PDA's, cell phones, etc) to connect to our POA using IMAP. Of course I want to enable SSL for IMAP connections as otherwise it would pass their credentials in plain text.
I have IMAP running without SSL on port 143 just fine. However, I'm unable to get IMAP to listen on 993 for SSL. I've tried enabling the option using the POA object via ConsoleOne. I've also tried enabling it using the switches in the .POA startup file and neither seems to work.
I've exported the certificate using the self signed server certificate object in ConsoleOne and pointed the POA object to the certificate in the POA object configuration options and still nothing.
In the log/settings for the POA I still see...
Internet Protocol Agent Settings:
IMAP Agent: Enabled
IMAP Port for Incoming IMAP requests: 143 (Default)
IMAP over SSL: Disabled
Any help is appreciated.
Thanks,
Walter Keener
Network Administrator
Grandville Public SchoolsOK, I'm making progress. I followed your/Novell's instructions for the CSR to create the certificate and key file and IMAP via SSL appears to be up and running...
16:59:10 1FB Internet Protocol Agent Settings:
16:59:10 1FB IMAP Agent: Enabled
16:59:10 1FB IMAP Port for Incoming IMAP requests: 143 (Default)
16:59:10 1FB IMAP over SSL: Enabled
16:59:10 1FB IMAP SSL Agent: Enabled
16:59:10 1FB IMAP SSL Port for Incoming IMAP requests: 993 (Default)
However, when I try to connect to IMAP on port 993 via SSL I receive a connection error on the client side. On the POA side I see this message in he log file...
17:01:32 330 New IMAP session initiated from 10.51.10.88
17:01:32 330 *** NEW PHYS. CONNECTION, Tbl Entry=5, Socket=235
17:01:32 330 Return from IMAP [890F]
17:01:32 330 *** PHYSICAL PORT DISCONNECTED, Tbl Entry=5, Socket=235
Thanks again for any help you can provide.
Walter Keener
Network Administrator
Grandville Public Schools -
How do I enable SSL to serve swfs and non video content in FMS 4.5
I'm running FMS 4.5 with the built in Apache server on a Windows 2003 server running SP2. Our users are complaining that embedded videos in Chrome aren't displaying properly because the SWFs and some of the non video content are being delivered over http instead of https. I'm having trouble finding any documentation on how to add an SSL cert to the Apache server and enabling it to serve content over 443. I've requested my cert and am following my CA's docs on adding the cert to Apache, but I'm not seeing the VirtualDirectory referenced in the httpd.conf file. I'm relatively new to Apache configuration, so please include as much detail as possible in your answer. Thanks in advance for any assistance.
Look for httpd-hls-secure.conf file in AMS(FMS) Apache Bundle. httpd.conf includes this file. This enables SSL for key delivery for HLS. You may like to do the same for other cases.
Other than this, you have to enable the LoadModule mod_ssl in httpd.conf. -
How to enable SSL for policy service?
Hi all,
My application is using SunONE's C API to communicate with the Identity Server.
In order to enable SSL, I have changed the following lines in amconfig.properties:
com.sun.am.namingURL = https://id01.core.development.net:443/amserver/namingservice
com.sun.am.policy.am.loginURL = https://id01.core.development.net:443/amserver/UI/Login
com.sun.am.policy.am.library.loginURL = https://id01.core.development.net:443/amserver/UI/Login
After operating these changes, everything continued to work fine...but then, I checked with a network sniffer what data is being sent to IS:
- The login and naming data were over SSL
- Policy and session items were plain HTTP
My questions are:
1. How to enable SSL for policy evaluation requests?
2. How to enable SSL for sessionservice requests?
3. What are the changes required on the server/client?
Many thanks,
DanThere might a better different forum for this question.
-
Enabling SSL on SAP NetWeaver 7.0 ABAP Trial Version
Hello,
I installed the SAP NetWeaver 7.0 ABAP Trial Version and am trying to use the class cl_http_client to GET an xml file over ssl.
The method cl_http_client_receive returns error "http_communication_failure", the get_last_error method returns "110", which isn't a valid http/1.1 statuscode for as far as I know.
I 'think' the reason for this problem is the fact that there is no ssl certificate installed on my test system, does anyone know if this really is the problem, and if so, if it is possible to enable ssl on the trial system?Which HTTP header do you set up when issuing the GET? Which method do you use, BYURL or BYDESTINATION? SSL is only used when you set 'SCHEME' to value '2'.
In order to activate SSL, you need to specify 'SSL_ID' within CL_HTTP_CLIENT=>CREATE. This ID links to an SSL client certificate shown in transaction STRUST (display all client cert IDs via 'Environment'). In STUST, you can also create new SSL client certs. However, to be able to run STRUST in this way, you first have to obtain the SAP Cryptographic Library from SAP Service Marketplace and install it in you system.
Regards,
Birger -
Strange error when enabling SSL on Oracle HTTP Server
Hi,
In our production environment Oracle HTTP Server starts fine when SSL is disabled.
We've enabled SSL in our dev/uat environments using instructions from the Oracle Documentation. It was pretty straightforward.
When i tried to do the same in our production environment, the Oracle HTTP Server wouldnt restart. I've had a look around the forums and havent seen anyone report the same error we are seeing in the logfile.
$ORACE_HOME/opmn/bin/opmnctl verbose startproc ias-component=HTTP_Server
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/html
Response: Ping succeeded.
opmnctl: starting opmn managed processes...
HTTP/1.1 204 No Content
Content-Length: 718
Content-Type: text/html
Response: 0 of 1 processes started.
<?xml version='1.0' encoding='ISO-8859-1'?>
<response>
<opmn id="ubrf1200:6201" http-status="204" http-response="0 of 1 processes started.">
<ias-instance id="IAS-X-ubrf1200.6299">
<ias-component id="HTTP_Server">
<process-type id="HTTP_Server">
<process-set id="HTTP_Server">
<process id="350814320" pid="29207" status="Stopped" index="1" log="$ORACE_HOME/opmn/logs/HTTP_Server~1" operation="request" result="failure">
<msg code="-21" text="failed to start a managed process after the maximum retry limit">
</msg>
</process>
</process-set>
</process-type>
</ias-component>
</ias-instance>
</opmn>
</response>
The HTTP_Server~1 log contains the below error:
09/08/16 13:24:40 Start process
$ORACLE_HOME/Apache/Apache/bin/apachectl startssl: execing httpd
VirtualHost configuration:
127.0.0.1:7201 127.0.0.1 ($ORACLE_HOME/Apache/Apache/conf/dms.conf:21)
I've compared dms.conf from all 3 of dev/uat/prod
diff dev-dms.conf dms.conf
15c15
< Redirect /dms0/AggreSpy http://127.0.0.1:7200/dmsoc4j/AggreSpy
Redirect /dms0/AggreSpy http://127.0.0.1:7201/dmsoc4j/AggreSpy
18,19c18,19
< Listen 127.0.0.1:7200
< OpmnHostPort http://127.0.0.1:7200
Listen 127.0.0.1:7201
OpmnHostPort http://127.0.0.1:7201
21c21
< <VirtualHost 127.0.0.1:7200>
<VirtualHost 127.0.0.1:7201>30c30
No Apache logs are being written to when we try starting the Oracle HTTP Server with ssl enabled.
Has anyone experienced this problem before? Any idea how we can get this working?
Thanks,
StephenNoticed that when it starts with apachectl startssl, it doesnt like any <VirtualHost directive
The line in the dms.conf file that it errors out at is :
<VirtualHost 127.0.0.1:7201>
When i added a redirect the httpd.conf file, it errors out at the <VirtualHost line also
Any idea why the Oracle HTTP Server wouldnt like <VirtualHost directives when running startssl? -
Enable SSL to LDAP / MS AD : Portal will not start
Hi all ,
We have successfully enabled portal User Authentication to MS AD/LDAP over port 389 in a EP6 SP2 portal . Portal use
Now we wish to switch to LDAP over SSL .We did the following for a Ad with SSL enabled on port 636 :
1) Import the AD server cert into the keystore using Visual admin tool
2) Log into portal as adminstrator > Go to UM Administration
3) Change DataSource to AD , Flat heirarchy
4) Enter hostname of AD server , user . password , paths etc.., Enable SSL
5) Save config and restart portal
Now the Portal will not start and we get the following error messages in the
console_logs...any ideas ???
Loading services:
Loading service: com.sap.portal.license.runtime license
java.lang.NullPointerException
at com.sap.security.core.util.imp.UMTrace.debug(UMTrace.java:
739)
at com.sap.security.core.util.imp.UMTrace.debug(UMTrace.java:
840)
at com.sap.security.core.util.imp.UMTrace.fatalT(UMTrace.java:
586)
at com.sap.security.core.persistence.datasource.imp.
LDAPConnectionManage
r.initConnectionPools(LDAPConnectionManager.java:556)
at com.sap.security.core.persistence.datasource.imp.
LDAPConnectionManage
r.initialize(LDAPConnectionManager.java:77)Here's another option that might work for you:
Check out this note: 789590. From reading between the lines it looks like you can change your um config without the portal being up by creating a file called 'sapum.properties.upgrade'. That note talks about modifying some logging parameters but you should be able to substitute the um parameters to change your config back to using just the portal database.
Here's what sap explained about the process:
"you can update single um.properties by defining a file called sapum.properties.upgrade and storing it in the
directory \ume\. During the next startup, these properties are uploaded and update the older values from the UME properties stored in the PCD.
Values that are not listed in the .upgrade file are not touched. The upload is done before the service is starting, so that the updated values are taken as start parameters. Again in note 789590, you can find an example for an upgrade file (in this case for updating the information on the logging settings)."
Once you get the portal up and running, when you try to change the UM config, make sure you click on the 'Test Connection' button after you've saved the new ldap settings to make sure that everything is ok. The ldap server might be accessable but you might have a problem with the user, password, group or user path. Also if you're using SSL then make sure the 'Use SSL for Ldap access' is checked.
Hope that helps.
Regards,
Robin. -
Is it possible to enable SSL on R12 without using a valid certificate? I am currently reviewing doc 376700.1 but do not have a working instance yet.
Hi,
You can try a [free trial certificate|http://www.verisign.com/ssl/buy-ssl-certificates/free-ssl-certificate-trial/index.html] which is valid for 14 days only -- This is already mentioned in the document (under "Digital Certificate (Public Key)").
Regards,
Hussein -
Attempting to use SSL over RMI from a web application to a RMI server
Hi,
I am attempting to use SSL over RMI to a server. The client is the web
application that is hosted on WebLogic and that attempts to connect to the
server. There is no client or server verification at either the client or
the server end. The code works outside of WebLogic 7/8 but has the following
issues when running the web application inside weblogic:
java.rmi.ConnectException: Connection refused to host: gkhanna1; nested
exception is:
java.net.ConnectException: Connection refused: connect
java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:350)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:137)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:124)
at java.net.Socket.<init>(Socket.java:268)
at java.net.Socket.<init>(Socket.java:95)
at
sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketF
actory.java:20)
at
sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketF
actory.java:115)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:494)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:185)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:169)
at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:313)
at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
at java.rmi.Naming.lookup(Naming.java:79)
at
com.hyperion.css.spi.impl.ntlm.NTLMConnectionClient.initConnection(NTLMConne
ctionClient.java:59)
at
com.hyperion.css.spi.impl.ntlm.NTLMConnectionClient.getUsers(NTLMConnectionC
lient.java:197)
at com.hyperion.css.CSSAPIImpl.getUsers(Unknown Source)
at com.hyperion.css.CSSAPIImpl.initialize(Unknown Source)
at com.hyperion.css.CSSAPIImpl.initialize(Unknown Source)
at jsp_servlet._jsp._app1.__app1signin._jspService(__app1signin.java:133)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at
weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(Servle
tStubImpl.java:1058)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:401)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:445)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:306)
at
weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(W
ebAppServletContext.java:5445)
at
weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManage
r.java:780)
at
weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
ntext.java:3105)
at
weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
:2588)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:213)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:189)
The code at the client that initiates the connection:
socketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket) socketFactory.createSocket(host, port);
socket.setEnabledCipherSuites(CIPHERS);
socket.setEnableSessionCreation(true);
Any ideas?
ThanksI don't see anything that indicates SSL was directly a factor in the
failure.
From the exception stack it looks like a more basic connectivity issue,
maybe the URL for the
RMI server is incorrect for some reason or the server was down.
It looks like you are doing something like this:
SSL client -> WLS server with servletA, servletA RMI client
(com.hyperion.css) -> RMI server
The connection failure appears to be the connection from servletA RMI client
to the RMI server.
Is that a correct picture?
Tony
"Gaurav Khanna" <[email protected]> wrote in message
news:[email protected]...
Hi,
I am attempting to use SSL over RMI to a server. The client is the web
application that is hosted on WebLogic and that attempts to connect to the
server. There is no client or server verification at either the client or
the server end. The code works outside of WebLogic 7/8 but has thefollowing
issues when running the web application inside weblogic:
java.rmi.ConnectException: Connection refused to host: gkhanna1; nested
exception is:
java.net.ConnectException: Connection refused: connect
java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:350)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:137)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:124)
at java.net.Socket.<init>(Socket.java:268)
at java.net.Socket.<init>(Socket.java:95)
at
sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketF
actory.java:20)
at
sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketF
actory.java:115)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:494)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:185)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:169)
at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:313)
at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
at java.rmi.Naming.lookup(Naming.java:79)
at
com.hyperion.css.spi.impl.ntlm.NTLMConnectionClient.initConnection(NTLMConne
ctionClient.java:59)
at
com.hyperion.css.spi.impl.ntlm.NTLMConnectionClient.getUsers(NTLMConnectionC
lient.java:197)
at com.hyperion.css.CSSAPIImpl.getUsers(Unknown Source)
at com.hyperion.css.CSSAPIImpl.initialize(Unknown Source)
at com.hyperion.css.CSSAPIImpl.initialize(Unknown Source)
at jsp_servlet._jsp._app1.__app1signin._jspService(__app1signin.java:133)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at
weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(Servle
tStubImpl.java:1058)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:401)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:445)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:306)
at
weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(W
ebAppServletContext.java:5445)
at
weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManage
r.java:780)
at
weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
ntext.java:3105)
at
weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
:2588)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:213)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:189)
The code at the client that initiates the connection:
socketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket) socketFactory.createSocket(host, port);
socket.setEnabledCipherSuites(CIPHERS);
socket.setEnableSessionCreation(true);
Any ideas?
Thanks
Maybe you are looking for
-
I could not download the upgrade to the mountain lion. my updates were taking an enormous amount of time for other programs. When I finally got the indication it was waiting to be downloaded I had to shut down. It was after 2 am and I was practically
-
The USB ports on my 30" Cinema HD display appear to not work. The monitor has not been used for almost a year, when I upgraded to a new Mac Book Pro and the 27" retina display. Now I need to move the computer back and forth between two locations us
-
Installing Windows XP Twice....?
I've already installed Windows XP on my PC, which is beside my mac. My question is, can I use the same install disc to install Windows XP in Bootcamp on my iMac? The PC must remain able to function in Windows XP. Thanks in advance to those who replie
-
I want to buy an adapter to a laptop MacBook Pro, bought in the U.S.
I want to buy an adapter to a laptop MacBook Pro, bought in the U.S., because the laptop heats up when you put in the plug and use an adapter that is not Apple range.
-
HTTP connection failed Web Clipping
Hi, I try to use webclipping to integrate content in portal but i am getting following error An exception has occurred : oracle.portal.wcs.transport.http.HttpTransportException WCS-510 -- HTTP connection failed to URL http://www.amazon.com/s/ref=nb_s