Enabling SSL on OAS 10g (9.0.4)

Hi,
I want to know the method to enable SSL in OAS to use https for accessing our application.
Appreciate your help.
Regards,
Younis

Have you checked the [url http://download.oracle.com/docs/cd/B10464_05/index.htm]documentation, especially the Oracle Application Server 10g Administration Guide? There are lots of SSL references in this document.
But why are you using 9.0.4? This release has already been desupported by Oracle a long time ago.

Similar Messages

Enabling SSL for Oracle Enterprise Manager 10.1.3.1 is Failing!!!

Hi All,
I have followed the steps described in
http://download-uk.oracle.com/docs/cd/B31017_01//core.1013/b28940/em_app.htm#BABCEEAH.
However when I am trying to start the application server using 'opmnctl startall' the server is not starting and some timeout is getting generated in the log file.
Is it that enabling SSL will only make the EM console secured? Then how to enable SSL for other soa components like - BPEL,ESB,OWSM? Are there any documentations available?
Also please let me know how can I enable SSL for Oracle Application server console?
Please any advice will be appreciated. I am in the middle of a project delivery.
Thanks

Hi,
Let me first highlight the installation that I have done. I have installed SOA components with 'basic installation' mode.
The log file under <ORACLE_SOA_HOME>/opmn/config/ has generated the following stack:-
08/07/25 11:03:34 Start process
08/07/25 11:03:37 WARNING: XMLApplicationServerConfig.overwriteSiteConfigPort Port assignment is ignored: web-site not found in the server OC4JServiceInfo id: default-web-site protocol: http hostname: null port: 8890 description: null
08/07/25 11:03:37 WARNING: XMLApplicationServerConfig.overwriteSiteConfigPort Port assignment is ignored: web-site not found in the server OC4JServiceInfo id: secure-web-site protocol: https hostname: null port: 1156 description: null
08/07/25 11:03:47 log4j:WARN No appenders could be found for logger (wsif).
08/07/25 11:03:47 log4j:WARN Please initialize the log4j system properly.
08/07/25 11:03:53 WARNING: OC4J Service: ascontrol-web-site with protocol: https and port: 1156 was not declared in opmn.xml
08/07/25 11:03:53 Oracle Containers for J2EE 10g (10.1.3.1.0) initialized
08/07/25 11:03:53 WARNING: OC4J will not send ONS ProcReadyPort messages to opmn for service: OC4JServiceInfo id: default-web-site protocol: http hostname: null port: 8890 description: null
08/07/25 11:03:53 default-web-site hostname was null
08/07/25 11:03:53 WARNING: OC4J will not send ONS ProcReadyPort messages to opmn for service: OC4JServiceInfo id: secure-web-site protocol: https hostname: null port: 1156 description: null
08/07/25 11:03:53 secure-web-site hostname was null
On the command prompt I am getting the following error:-
opmn id=CALTP8BB32:6203
0 of 1 processes started.
ias-instance id=home.CALTP8BB32.cts.com
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ias-component/process-type/process-set:
default_group/home/default_group/
Error
--> Process (index=1,uid=301928631,pid=2944)
failed to start a managed process after the maximum retry limit
Log:
D:\product\SOASuite\opmn\logs\\default_group~home~default_group~1.log
--------------------------------------------------------------+---------
ias-component | process-type | pid | status
--------------------------------------------------------------+---------
OC4JGroup:default_group | OC4J:home | N/A | Down
ASG | ASG | N/A | Down
Please let me know where am I going wrong?
Thanks,
Mandrita.

WebCache Down (OAS 10g - 10.1.2.0.2)

Hello All,
Iam facing problems with starting WebCache on Windows 2003, here is what my event_log says :
[07/Jul/2011:18:25:59 +0300] [alert 13601] [ecid: -] Signal SIGSEGV caught
[07/Jul/2011:18:25:59 +0300] [notification 9612] [ecid: -] OracleAS Web Cache 10g (10.1.2), Build 10.1.2.0.2 050802
[07/Jul/2011:18:25:59 +0300] [notification 13002] [ecid: -] Maximum allowed incoming connections are 700
[07/Jul/2011:18:25:59 +0300] [alert 13305] [ecid: -] Failed to assign port 80: Address is already in use
[07/Jul/2011:18:25:59 +0300] [alert 9707] [ecid: -] Failed to start the server.
[07/Jul/2011:18:25:59 +0300] [alert 9609] [ecid: -] The server process could not initialize.
[07/Jul/2011:18:26:03 +0300] [notification 9612] [ecid: -] OracleAS Web Cache 10g (10.1.2), Build 10.1.2.0.2 050802
[07/Jul/2011:18:26:03 +0300] [notification 13002] [ecid: -] Maximum allowed incoming connections are 700
[07/Jul/2011:18:26:03 +0300] [alert 13305] [ecid: -] Failed to assign port 80: Address is already in use
[07/Jul/2011:18:26:03 +0300] [alert 9707] [ecid: -] Failed to start the server.
[07/Jul/2011:18:26:03 +0300] [alert 9609] [ecid: -] The server process could not initialize.
[07/Jul/2011:18:26:03 +0300] [notification 9612] [ecid: -] OracleAS Web Cache 10g (10.1.2), Build 10.1.2.0.2 050802
[07/Jul/2011:18:26:03 +0300] [notification 13002] [ecid: -] Maximum allowed incoming connections are 700
[07/Jul/2011:18:26:03 +0300] [warning 11917] [ecid: -] SSL wallet Origin Server Wallet file SYSTEM DEFAULT LOCATION (See Documentation)\ewallet.p12 does not exist.
[07/Jul/2011:18:26:03 +0300] [warning 11917] [ecid: -] SSL wallet Origin Server Wallet file SYSTEM DEFAULT LOCATION (See Documentation)\ewallet.der does not exist.
[07/Jul/2011:18:26:03 +0300] [warning 11919] [ecid: -] The SSL wallet autologin file SYSTEM DEFAULT LOCATION (See Documentation)\cwallet.sso does not exist. Wallet does not appear to be autologin wallet.
[07/Jul/2011:18:26:03 +0300] [warning 11921] [ecid: -] The origin server wallet did not open. Operating without wallet for backend. Only Diffie-Hellman anonymous connections supported to origin servers.
[07/Jul/2011:18:26:03 +0300] [warning 11922] [ecid: -] Origin Server Wallet wallet fails to open at location SYSTEM DEFAULT LOCATION (See Documentation), NZE-28759, as user SYSTEM
[07/Jul/2011:18:26:05 +0300] [alert 13601] [ecid: -] Signal SIGSEGV caught
[07/Jul/2011:18:26:05 +0300] [notification 9612] [ecid: -] OracleAS Web Cache 10g (10.1.2), Build 10.1.2.0.2 050802
[07/Jul/2011:18:26:05 +0300] [notification 13002] [ecid: -] Maximum allowed incoming connections are 700
[07/Jul/2011:18:26:05 +0300] [alert 13305] [ecid: -] Failed to assign port 80: Address is already in use
[07/Jul/2011:18:26:05 +0300] [alert 9707] [ecid: -] Failed to start the server.
[07/Jul/2011:18:26:05 +0300] [alert 9609] [ecid: -] The server process could not initialize.
I have performed following steps to overcome the problem :
This is what i have done on the first attempt :
1) replaced port 80 by 7777 in webcache.xml
2) added 'Listen 7777' in httpd.conf
3) restarted opmn
Following steps done on the second attempt :
1) replaced port 80 by 7779 in webcache.xml
2) added 'Listen 7779' in httpd.conf
3) restarted opmn
My webcache and webcacheadmin shows down in the opmnctl status.
Both above attempts were unsuccesful, Please support with a solution to above issue. We are on Windows 2003 R2, OAS 10g r2 (10.1.2.0.2). My webcache has been down for past 3 days and one thing i have noticed is that it is not writing any logs to $ORACLE_HOME\webcache\access_log. Access_log file was way too long when i checked 2 days ago so i moved the access log to a different location and re-created access_log by editing webcache.xml, i dont understand whether existing problem is due to port conflict or it is an issue with webcache unable to write to access_log. The current size of access_log is zero.
Look forward to your urgent support.
Thanks
Mir

Hello Fabian,
I have also got following from tracedump under $ORACLE_HOME\WEBCACHE\LOGS, Hope its not some critical issue relating to server hardware itself :
<Reason>
Caught EXCEPTION_ACCESS_VIOLATION
Faulting Instruction Address: 0x414ae4
Operation Type: read
Faulting Address: 0x65686351
</Reason>
<StackTrace>
<StackFrame Caller="_wxhtres_GrowSHSB_x+cb" Type="CALLrel" Callee="_wxmmFreeF+0" Arguments="65686361 51DC88 0 3E8 400 51DCB4"/>
<StackFrame Caller="_wxhtresInit+8e" Type="CALLrel" Callee="_wxhtres_GrowSHSB_x+0" Arguments="3E8 32DB18 51CFFC 50576C 0 23 40 51D000 B7E018 0 1FE8 2000 51D02C"/>
<StackFrame Caller="_InitInstance+f8" Type="CALLrel" Callee="_Shared_Init+0" Arguments=""/>
<StackFrame Caller="_StartMain+f1" Type="CALLrel" Callee="_InitInstance+0" Arguments="400000"/>
<StackFrame Caller="_WinMain@16+13" Type="CALLrel" Callee="_StartMain+0" Arguments="400000 0 1424AD A"/>
<StackFrame Caller="_WinMainCRTStartup+12f" Type="CALLrel" Callee="_WinMain@16+0" Arguments=""/>
<StackFrame Caller="77E6F238" Type="CALLreg" Callee="00000000" Arguments=""/>
</StackTrace>
<AddressDump>
Argument/Register addr=51dc88.
Dump of memory from 0x51DC48 to 0x51DD88
0051DC40 2065736E 416D654D 20726464 3022203D 22782578 00000A3E
0051DC60 523C7325 6F707365 2065736E 416D654D 20726464 4E22203D 5620746F 64696C61
0051DC80 0A3E2F22 00000000 2F3A7622 6361726F 632F656C 70796C61 732F6F73 682F6372
0051DCA0 2F707474 74687877 2E736572 343A2263 00323437 2F3A7622 6361726F 632F656C
0051DCC0 70796C61 732F6F73 682F6372 2F707474 74687877 2E736572 343A2263 00333337
0051DCE0 2F3A7622 6361726F 632F656C 70796C61 732F6F73 682F6372 2F707474 74687877
0051DD00 2E736572 343A2263 00383137 2F3A7622 6361726F 632F656C 70796C61 732F6F73
0051DD20 682F6372 2F707474 74687877 2E736572 343A2263 00353138 63616E69 69766974
0051DD40 742D7974 6F656D69 632D7475 696B6F6F 00000065 62616E65 0064656C 63616E69
0051DD60 69766974 742D7974 6F656D69 00007475 422E5055 73776F72 002F7265 756E694C
0051DD80 00000078 4F6E7553
Argument/Register addr=32db18.
Dump of memory from 0x32DAD8 to 0x32DC18
0032DAC0 00000000 00000000
0032DAE0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0032DB00 00B7E000 00BF4000 00B43E10 00000028 00000000 0051D000 61724F20 41656C63
0032DB20 65572D53 61432D62 2D656863 2F673031 312E3031 302E322E 0000322E 00000000
0032DB40 005E5990 00000030 00000000 00527CB8 6216F340 6216F3B0 00000000 00000000
0032DB60 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0032DB80 005E5990 00000030 00000000 00527CB8 00000002 00000005 00000005 0032DB50
0032DBA0 0100323C 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0032DBC0 005E5990 00000030 00000000 00514F00 4F5C3A43 746D6172 6265775C 68636163
0032DBE0 742E5C65 0000706D 00000000 00000000 00000000 00000000 00000000 00000000
0032DC00 00E80100 00C40100 011F0210 00000028 00000000 00525EB8
Argument/Register addr=51cffc.
Dump of memory from 0x51CFBC to 0x51D0FC
0051CFA0 6D616572
0051CFC0 00000000 74786574 6C6D782F 00000000 74786574 6D74682F 0000006C 2F494743
0051CFE0 00312E31 50545448 312E312F 00000000 70747468 0000002F 00000020 00732520
0051D000 2F3A7622 6361726F 632F656C 70796C61 732F6F73 682F6372 2F707474 74687877
0051D020 2E736572 333A2263 00003631 2F3A7622 6361726F 632F656C 70796C61 732F6F73
0051D040 682F6372 2F707474 74687877 2E736572 333A2263 00003930 2F3A7622 6361726F
0051D060 632F656C 70796C61 732F6F73 682F6372 2F707474 74687877 2E736572 333A2263
0051D080 00003035 2F3A7622 6361726F 632F656C 70796C61 732F6F73 682F6372 2F707474
0051D0A0 74687877 2E736572 343A2263 00003230 2F3A7622 6361726F 632F656C 70796C61
0051D0C0 732F6F73 682F6372 2F707474 74687877 2E736572 343A2263 00003932 2F3A7622
0051D0E0 6361726F 632F656C 70796C61 732F6F73 682F6372 2F707474 74687877
Argument/Register addr=50576c.
Dump of memory from 0x50572C to 0x50586C
00505720 39312029 202C3939 35303032 724F202C 656C6361
00505740 6C41202E 6972206C 73746867 73657220 65767265 00002E64 6361724F 572D656C
00505760 432D6265 65686361 00000000 6361724F 5341656C 6265572D 6361432D 312D6568
00505780 312F6730 2E312E30 2E302E32 00000032 6361724F 4120656C 696C7070 69746163
005057A0 53206E6F 65767265 00002F72 00000000 75626564 00000067 00000000 00000000
005057C0 00000000 63617274 00000065 00000000 00000000 00000000 69746F6E 61636966
005057E0 6E6F6974 00000000 00000000 6E726177 00676E69 00000000 00000000 00000000
00505800 6F727265 00000072 00000000 00000000 00000000 72656C61 00000074 00000000
00505820 00000000 00000000 65746E69 6C616E72 00000000 00000000 00000000 0000002D
00505840 255B7325 5B205D73 25207325 00205D64 255B7325 5B205D73 25207325 5B205D64
00505860 64696365 5D2D203A 00000020
Argument/Register addr=b7e018.
Dump of memory from 0xB7DFD8 to 0xB7E118
00B7DFC0 00000000 00000000
00B7DFE0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00B7E000 0116A200 0032DB00 00B43E10 00001FE8 00000000 0051D02C 63736E6F 6E65696C
00B7E020 6C642E74 00B4006C 00B44090 62BF7CC0 00B82010 62BF7CE0 00B82010 6090BE60
00B7E040 00B8202C 6090BEF0 00B8202C 6090BBB0 00B8202C 62BF7CE0 00B82010 00B7E0CC
00B7E060 2D465455 00003631 00000000 00000000 00000000 00000000 00000000 00000000
00B7E080 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
Repeat 1 times
00B7E0C0 00000000 00000001 00000000 0000008C 0000028C 0000038C 00000000 00000000
00B7E0E0 00000000 00B44090 02020060 0000000C 004203E8 00010042 00000001 00000000
00B7E100 01B70000 00B901A0 00B90000 00000042 00030001 01010100
Argument/Register addr=400000.
Dump of memory from 0x3FFFC0 to 0x400100
003FFFC0 ******** ******** ******** ******** ******** ******** ******** ********
Repeat 1 times
00400000 00905A4D 00000003 00000004 0000FFFF 000000B8 00000000 00000040 00000000
00400020 00000000 00000000 00000000 00000000 00000000 00000000 00000000 000000E8
00400040 0EBA1F0E CD09B400 4C01B821 685421CD 70207369 72676F72 63206D61 6F6E6E61
00400060 65622074 6E757220 206E6920 20534F44 65646F6D 0A0D0D2E 00000024 00000000
00400080 1E4339BD 4D2D58F9 4D2D58F9 4D2D58F9 4D214482 4D2D58F3 4D23447A 4D2D58F1
004000A0 4D274796 4D2D58F2 4D294796 4D2D58FB 4D3E479B 4D2D58F7 4D2C58F9 4D2D5967
004000C0 4D277ECF 4D2D5948 4D297806 4D2D58E9 68636952 4D2D58F9 00000000 00000000
004000E0 00000000 00000000 00004550 0004014C 461D6E2B 00000000 00000000 030700E0
Argument/Register addr=1424ad.
Dump of memory from 0x14246D to 0x1425AD
00142460 00740072 00050003 00080174 00002ACB 00260D38
00142480 002616B8 00261B58 00030009 000C016B 5C3A4322 6D61724F 69625C74 65775C6E
001424A0 63616362 2E646568 22657865 412D2220 2D222022 4E4D504F 2D222022 22202255
001424C0 37303931 37303635 00223835 00000000 0009005E 00080160 001427C8 00142AE8
001424E0 00270000 0000000C 002AE986 00000000 00000000 00000000 00000000 00000000
00142500 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
Repeat 4 times
001425A0 00000000 00000000 00000000 00000000
</AddressDump>
<DataStructure>
<bCalypsoAdminServer value = "1"/>
<CurrentFiber MemAddr = "0x0"/>
<Fibers MemAddr = "0x5d6248">
<Fiber MemAddr = "0x5d6248">
<IsBlocked value = "false"/>
<Operation_History value=""/>
<FiberFunctionStack>
<Function Mem_Addr = "0x5d62b8">
<Name value = "Unknown Function"/>
<nState value = "0"/>
<nAbortState value = "0"/>
State Dump Not Implemented
</Function>
</FiberFunctionStack>
<Start_Time_Seconds value = "0"/>
<Start_Time_Micro value = "0"/>
<pParams value = "0x0"/>
</Fiber>
<Fiber MemAddr = "0xc34818">
<IsBlocked value = "false"/>
<Operation_History value=""/>
<FiberFunctionStack>
<Function Mem_Addr = "0xc34888">
<Name value = "Unknown Function"/>
<nState value = "0"/>
<nAbortState value = "0"/>
State Dump Not Implemented
</Function>
</FiberFunctionStack>
<Start_Time_Seconds value = "0"/>
<Start_Time_Micro value = "0"/>
<pParams value = "0x0"/>
</Fiber>
</Fibers>
<_HTTPConfig MemAddr = "Not Valid"/>
<_HTTPState MemAddr = "Not Valid"/>
</DataStructure>
</TraceDump>
Thanks
Mir

Enable SSL over iWS4.1SP7 & iAS 6.0SP2

Hi,
I am running iPlanet Web Server (WS4.1SP7)with two instances running, with one instance runing in "Encryption" mode for SSL access.
Both instances access the same WAR modules in iPlanet Application Server (iAS6SP2).
I have successfully installed the SSL cert in the iWS encryted instance.
However, SSL access was available across the whole site, we want the Login module (login.war) with SSL enabled only.
I have enabled "secure session" for the login.war Web Application module. However iWS won't automatically switch to SSL mode.
So far I only came up with this solution:
Set-up URL prefixes (https://mysite/) in iWS with /NASApp/login/ so that all access to http://mysite/NASApp/login will redirect to https://mysite/NASApp/login
(I don't think this is a good idea as the whole site still have SSL enabled (i.e. https://mysite/index.html)
What are the correct steps to configure SSL access (directory level) in iWS and iAS?
Are there any documents to follow?
Thanks,
Kasnol Abrinski

I have read the SSO admin guide, and performed the steps for enabling SSL on the SSO, and followed the steps to configure mod_osso with virtual host on port 4443 as mentioned in the admin guide.
The case now is that when I call my form (which is developed by forms developer suite 10g and deployed on the forms server which is SSO enabled) , it calls the SSO module on port 7777 using http (the default behaviour).
on a URL that looks like this :
http://myhostname:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
and gives the error :
( Forbidden
You don't have permisission to access /sso/auth on this server at port 7777)
when I manually change the URL to :
https://myhostname:4443/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
the SSO works correctly.
The question is :
How can I change this default behaviour and make it call SSO on port 4443 using https instead ?
Any ideas ?
Thanks in advance

Weblogic 10.3.2 as a replacement of OAS 10g full of Oracle Forms

hello, quick question: Can I take a entire system in Oracle Forms with OAS 10g technology and deploy them on a Weblogic 10.3.2 as an upgrade/replacement option ?
Can weblogic run Oracle forms out of the box or is there a vendor lock-in trick ?
Thanks in advance,
fabio

Out of the box, WLS is not able to run Oracle Forms.
At the time of this writing, for a complete replacement you need the following components:
- WLS 10.3.2
- OFM 11g Forms
(optional for single sign-on)
- OFM 11g OID
- AS 10.1.4 OID DAS and mod_osso
HTH,
--olaf

Enabling SSL in R12

Is it possible to enable SSL on R12 without using a valid certificate? I am currently reviewing doc 376700.1 but do not have a working instance yet.

Hi,
You can try a [free trial certificate|http://www.verisign.com/ssl/buy-ssl-certificates/free-ssl-certificate-trial/index.html] which is valid for 14 days only -- This is already mentioned in the document (under "Digital Certificate (Public Key)").
Regards,
Hussein

How to enable ssl in ohs

I installed the web tier (ohs and web cache) 11.1.1.2 on 2008 r2 64 bits. Also I patched that to 11.1.1.3 I did not think and this may
be where I went wrong, I needed to install weblogic?. I have not done anything with webcache. yet.
I had imagined I could enable ssl in apache the way it is done on other installations just by putting entries in
the ssl.conf like SSLCertificateFile and SSLCertificateKeyFile . But no. The software will not allow you to do that.
I believe the certificate has to go in a wallet (for ohs. Other fusion things want a different plan). There's multiple
wallet programs already there such as from installing the database. I find that the wallet program will not allow
me to use the csr I already created that was used to get the certificate I have gotten. oops!
So anyone know if there is a way around this so I can use the .crt and .key I have for this domain name?
This is really taking a lot of time. I suppose I could install apache, the regular one, on this machine so that I
could use an ssl connection to that and then hand it over to ohs. Since it wasn't going anywhere it wouldn't
be much of a problem the traffic wasn't encrypted.
Edited by: lake on Nov 23, 2010 7:11 PM

I thought I'd never get this to work. No one should bother trying without reading the docs
1226484.1 and 1218603.1 on metalink.
While it could be that one could use a reverse proxy such as using proxypass and proxypass reverse
in an apache web server so that ssl could be configured in the other server, I saw reports of that not always working.
Otherwise if one did not install weblogic I believe the only way to configure ssl with this version of ohs is with orapki the command line
interface for handling wallets, or the gui wallet application which I found on the 11gr2 database menu under "integrated management tools". You may be able to add an existing csr to a wallet via the orapki interface.
If you were using a separate key and certificate you may be able to change them to the wallet requirements given sufficient knowledge of opensll. That was more knowledge than I had. So what I did
was start over from scratch totally. I created the csr in the wallet gui, exported it, submitted it, and got a totally new cert from our cert source.
What I used for the wallet "operations, import user certificate" was a .cer file, and it worked. The wallet already had our CA in it so I did not have to fight that battle. Hallelujah.
It is essential to check on the "Wallet" menu the "Auto Login" selection before saving it. When you save a wallet
it will be called cwallet.sso if it is autologin. If the saved file is called ewallet.p12 it is not autologin and will not
work for ohs.
After you have saved your wallet as cwallet.sso say in
"....instances\instance1\config\OHS\ohs1\mykeys"
then you would need to check the ssl.conf and it would need to be like so:
SSLWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/mykeys"
Note that is to the directory the sso file is in.
But wait there's more....
on windows 2008 r2, you need to get fire up windows explorer and navigate to your cwallet.sso file
Under properties, security you need to add SYSTEM in "group or user names" and give it all permissions possible.
Secondly, you need to go under properties, security, advanced, owner and change the owner to SYSTEM.
Without these changes it will never work because the web server cannot open the wallet.
Remember by default the logs go in
"....instances\instance1\diagnostics\logs\OHS\ohs1"
I became very familiar with them :-)

To enable SSL in Apex 3.1.2, wallet must or not

Hi Experts,
We have to enable SSL in Apex 3.1.2. We are using Companion HTTP server as a Application Server.
My question is,
To enable SSL we need to create wallet or not?
Please clarify my doubt.
Thanks
R.Sundaravel

Usually a Wallet is created at installation time with a dummy certificate for SSL.
If you are planning to use a certificate from any commercial CA, you should go ahead and create a new Wallet, then create the certificate request and send it to the CA to get your certificate.
After that change the ssl virtual host configuration to point to the new wallet.

Issue with one of the Managed server while enabling SSL.__ Issue Resovled

Weblogic version:wls 8.1sp6
SSL: internal
Environment:
1 AdminServer and 2 Managed servers. Admin and M1 are on same host. M2 is on different host. We have enabled SSL on M1 & M2 only. Configuration of M1 & M2 are identical. After restarting the servers M1 has no issue with SSL but M2 throws javax.net.ssl.SSLKeyException as shown below,
<Aug 4, 2008 12:29:01 PM BST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
<Aug 4, 2008 12:29:02 PM BST> <Info> <WebLogicServer> <BEA-000213> <Adding address: 10.96.201.249 to licensed client list>
<Aug 4, 2008 12:29:09 PM BST> <Notice> <Security> <BEA-090171> <Loading the identity certificate stored under the alias wpy-euq02 from the JKS keystore file /home/lonwpyq/ssl_cert/WPY_PAYROLLSOLUTIONSKeystore.jks.>
<Aug 4, 2008 12:29:09 PM BST> <Notice> <Security> <BEA-090170> <Loading the private key stored under the alias wpy-euq02 from the JKS keystore file /home/lonwpyq/ssl_cert/WPY_PAYROLLSOLUTIONSKeystore.jks.>
<Aug 4, 2008 12:29:09 PM BST> <Warning> <Security> <BEA-090773> <The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.>
<Aug 4, 2008 12:29:09 PM BST> <Warning> <Security> <BEA-090773> <The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.>
<Aug 4, 2008 12:29:09 PM BST> <Warning> <Security> <BEA-090773> <The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.>
<Aug 4, 2008 12:29:09 PM BST> <Error> <Cluster> <BEA-000141> <TCP/IP socket failure occurred while fetching statedump over HTTP from -6401422690190304510S:lonlxwebhost99:[16544,16544,16042,16042,16544,16042,-1,0,0]:etg:lonwpyq_16543_1.
javax.net.ssl.SSLKeyException: [Security:090773]The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:122)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:322)
at weblogic.cluster.HTTPExecuteRequest.connect(HTTPExecuteRequest.java:73)
at weblogic.cluster.HTTPExecuteRequest.execute(HTTPExecuteRequest.java:121)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)>
Please let me know where I am going wrong. Thnx in advance
Message was edited by:
Shashi_sr

Solution given by BEA Engineer:
<Warning> <Security> <BEA-090773> <The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.>
The reason for this was
The CA Certificate was missing a required bit (according to RFC 3280).
keyEncipherment bit is not in the KeyUsage and KeyUsage is marked as critical.
As per RFC:
The keyEncipherment bit is asserted when the subject public key is
used for key transport. For example, when an RSA key is to be
used for key management, then this bit is set.
According to RFC3280, when the key will be used to encrypt other keys that are send over the wire ("key transport") the keyEncipherment bit of the KeyUsage extension must be set. If the KeyUsage extension is critical, the SSL certificate validation will check that the key can be used in the key agreement. That is, that the key can be used to encrypt the symmetric public key.
Your KeyUsage only contains the following bits:
[4]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
Since it is marked Critical, it MUST have the keyEncipherment bit.
Otherwise, it should not be marked as Critical.
So the three solutions that should work are
1) Remove keyUsage
2) Don't mark keyUsage as critical
3) If keyUsage is critical, make sure keyEncipherment bit is set.

Migration from OAS 10g to Weblogic 10.3

Hello,
I migrate large app from OAS 10g to Weblogic 10.3.
1.
The main part of the job was to prepare descriptors for Weblogic. Unfortunatelly I don't find any tool that could do the job:( There are some problems with descriptors namespaces. This schema and namespaces given in 10.3 docs are not working (not available):
http://edocs.bea.com/wls/docs103/ejb/DD_defs_reference.html
So I use the one from 10 release in weblogic-ejb-jar.xml:
weblogic-ejb-jar xmlns="http://www.bea.com/ns/weblogic/10.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.bea.com/ns/weblogic/10.0 http://www.bea.com/ns/weblogic/10.0/weblogic-ejb-jar.xsd">
and form 9 release in weblogic-cmp-rdbms-jar.xml:
<weblogic-rdbms-jar xmlns="http://www.bea.com/ns/weblogic/90" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.bea.com/ns/weblogic/90 http://www.bea.com/ns/weblogic/90/weblogic-rdbms20-persistence.xsd">
There are also some bugs in docs about ejb relations.
After fixing some schema compliance exc this step success.
2. Next the EJBComplianceChecker - its much more restrictive than OAS verification. So updates in ejb interfaces are necessary. It is not a problem with small app but when there ale a lot of code/branches to migrate it's become a problem. I have been looking for some switch that could help with this but with no result/
EJBComplianceChecker - Spec veryfication level
3. Now after EJB compliance checker done its job with success I have an exception that I do not understand:
An error occurred during activation of changes, please see the log for details.
Exception
preparing module: EJBModule(corpo_ejb.jar)
Unable to deploy EJB: corpo_ejb.jar from corpo_ejb.jar:
There are 1 nested errors:
java.io.IOException: JDT compilation error! at
weblogic.ejb.container.ejbc.CompilerForJDT.compile(CompilerForJDT.java:66)
at
weblogic.ejb.container.ejbc.EJBCompiler.doCompile(EJBCompiler.java:357)
at
JDT compilation error!
Could you please give me some point where the problem could be? I don't have any idea where to start looking for..
What are your experiences with migrations from OAS to Weblogic 10?
Thanks in advance!
Edited by: Stoigniew Sztank on Oct 10, 2008 4:00 AM
Edited by: Stoigniew Sztank on Oct 10, 2008 4:01 AM
Edited by: Stoigniew Sztank on Oct 10, 2008 4:02 AM
Edited by: Stoigniew Sztank on Oct 10, 2008 4:04 AM
Edited by: Stoigniew Sztank on Oct 10, 2008 8:05 AM

Hi Stoigniew Sztank,
I am working on migrating Enterpirse application developed using Struts, Ejb2.0, JMS. Its been deployed on OAS 10G and Websphere, but I need to deploy the application on Weblogic 10.3. It seems you have migrated a J2ee application from OAS 10G to Weblogic 10.3. Please can you list me the steps that you followed to migrate the application.
As per my understanding follwing things needsto be taken care of:-
1) Weblogic Descriptor files:
1.1 Weblogic.xml:- we added security roles and ejb-reference-description for the ejbs.
1.2 Weblogic-ejb-jar.xml for all the ejbs used in the application.
1.3 Weblogic-application.xml
1.4 Resource Adapter
2) JMS queue set up
3) JDBC set up
It would be a great help if you can let me know what are the steps to migrate the application.
Thanks and Regards
Deepak Dani

Configuring php5 with enable XML on OAS 10.1.3.x

My requirement is to enable XML on OAS 10.1.3.5.
I am not sure how to configure it, so I stated using separate PHP5.2 to configure with XML enable on the server. After installation, when I am starting the opmn services I am getting below error. I think the error with platform. Which means current OS version is 64bit and php5.2 stage is 32bit version I guess.
OAS_HOME=/u20/app/MSRV1P/apmsrv1p/oracle/product/OAS
URL : http://nacisdell277.us.oracle.com:10330/phpinfo.php
I used below command to configure :
./configure prefix=$ORACLE_HOME/php with-config-file-path=$ORACLE_HOME/Apache/Apache/conf --with-apxs=$ORACLE_HOME/Apache/Apache/bin/apxs
with-oci8=instantclient,/u20/app/MSRV1P/apmsrv1p/oracle/product/instantclient_10_2 with-config-file-path=/u20/app/MSRV1P/apmsrv1p/oracle/product/OAS/Apache/Apache/php5--enable-sigchild enable-xml enable-simplexml enable-libxml enable-dom enable-simplexml enable-xml enable-xmlreader enable-xmlwriter enable-simplexml –with-xsl -with-zlib with-xml --with-libxml-dir
Error :
/u20/app/MSRV1P/apmsrv1p/oracle/product/OAS/Apache/Apache/bin/apachectl startssl: execing httpd
Syntax error on line 247 of /u20/app/MSRV1P/apmsrv1p/oracle/product/OAS/Apache/Apache/conf/httpd.conf:
Cannot load /u20/app/MSRV1P/apmsrv1p/oracle/product/OAS/Apache/Apache/libexec/libphp5.so into server: /u20/app/MSRV1P/apmsrv1p/oracle/product/OAS/Apache/Apache/libexec/libphp5.so: wrong ELF class: ELFCLASS64
I checked in the Metalink for “configuring php5 with enable XML on OAS 10.1.3.x” but I couldn’t find anything.
Please advise me on this.
Thanks

Hello;
You can try installing glibc-devel to fix this.
However on my version :
Application Server Control Release 10.1.2.3.0 - PHP 5 does not seem to work. The conflict on mine is that PHP 4 came wrapped in the Oracle install and they don't play well together.
Make sure your httpd.conf does not have this in it :
LoadModule php4_module libexec/libphp4.soI'm NOT advising you to remove it if its there, I'm merely pointing to a possible conflict.
Best Regards
mseberg
Later
Glad you don't have the same version as me. Hard to find anything on this, found these ( Not exact matches )
http://php.net/manual/en/oci8.installation.php ( Search for ELF )
http://enlinea.creaelicita.cl/guia/oci8.setup.html
http://docs.oracle.com/cd/E17390_01/doc.650/e17370.pdf
Found this in the pdf : ( Similar )
If the following error is received:
*ERROR* - obssocookie: could not dlopen()
/opt/netpoint/AccessServerSDK//oblix/lib/libobaccess.so:
/opt/netpoint/AccessServerSDK//oblix/lib/libobaccess.so: wrong ELF class:
ELFCLASS32
This indicates that the 32-bit version of the Access Gate SDK was installed instead of
the required 64-bit version. Edited by: mseberg on Feb 4, 2012 5:53 AM
Still later
Another thought is the PHP forum :
PHP
Also you need the 32bit Instant Client to be able run PHP. See http://blogs.oracle.com/opal/entry/using_php_oci8_with_32-bit_php
Same OS message :
ORA-03106: fatal two-task communication protocol error
Edited by: mseberg on Feb 4, 2012 7:03 PM
Rogue Notes from my Fusion Middleware on Red Hat 5 64 bit
I downloaded php-5.3.5.tar.gz from http://www.php.net/downloads.php.
Download the OCI headers http://www.oracle.com/technetwork/middleware/ias/ociheaders-134541.tar
environment
export ORACLE_HOME=/u01/app/oracle/product/fmw/oracle_pfrd
export ORACLE_INSTANCE=/u01/app/oracle/product/fmw/fr_inst
export CONFIG_FILE_PATH=$ORACLE_INSTANCE/config/OHS/ohs1
export LD_LIBRARY_PATH=$ORACLE_HOME/lib:$ORACLE_HOME/ohs/lib:$LD_LIBRARY_PATH
Configure with Oracle Database (OCI8) support:
./configure with-apxs2=$ORACLE_HOME/ohs/bin/apxs prefix=$ORACLE_HOME with-config-file-path=$CONFIG_FILE_PATH with-oci8=$ORACLE_HOME --disable-rpath
httpd.conf
# And for PHP 5.x use:
AddType application/x-httpd-php .php .phtml
Edited by: mseberg on Feb 4, 2012 7:19 PM
Edited by: mseberg on Feb 5, 2012 11:48 AM

Can I set classpath for OAS 10g?

Hi, 
 
I have OAS on my workstation. Here are the details. 
Server : Oracle Application Server 10g Release 3 
Version : 10.1.3.1.0 SOA4 
Build : 061008.0900.00025 
Platform : Windows XP - SP2 
 
I want to set an explicit classpath for complete OAS 10g as such and not to an individual oc4j application. Will I be able to do it? 
I saw the System Properties after my server started. 
It has a name-value pair as "java.class.path oc4j.jar". 
So, I assume all my classpath settings (done thru Environment Variables from My Computer) are lost.? I want to set it explicitly during the server startup itself. Can I do that? 
I tried setting below in the opmn.xml 
<process-set id="ASG" numprocs="1"> 
<module-data> <category id="start-parameters"> <data id="start-executable" value="C:\Oracle\product\10.1.3.1\OracleAS_1\jdk\bin\java"/> <data id="start-args" value="-classpath C:\abc\properties\"/> 
I appended my properties folder after all the jar files present in that tag. 
But its not loading any of my properties files. 
 
Can someone please help me out. 
 
Regards, 
 
Prashanth Babu.

No, the iPad does not support multiple user accounts or preferences.

Enabling SSL in oracle EBS 12.0.6

Dear All,
I want to enable SSL (secure socket layer). in oracle ebs R12,
Application is 12.0.6
Web/Apache server is 10.1.3
Form and reports server 10.1.2
Database server 10.2.0.4.0
there is required any upgrade patch before enable ssl ?
Thanks & Regards
Ravi Kumar

Hi Ravi,
This is a duplicated thread, and you have raised a similar thread before..
Enabling SSL in oracle EBS 12.0.6
there is required any upgrade patch before enable ssl ?
You environment will support configuring SSL.
Please see note:
Enabling SSL in Oracle E-Business Suite Release 12 (Doc ID 376700.1)
Best Regards,

How to enable SSL optimization only for a single remote WAE and specific website?

Hi guys.
I have to enable SSL optimization for a specifc HTTPS website only and for a specific remote site only (branch office).
The scenario is as follows:
Multiple sites connected via a MPLS cloud. Each site has its own WAE device (module or appliance).
There is a central manager and core WAE in the main site (central site).
There is a website accessed via HTTPS by all the remote sites. This specific website is hosted within the main site.
For only a specific branch office (remote site) we want to enable SSL optimization for this specific website.
I saw this great and useful doc, but I still have some concerns.
https://supportforums.cisco.com/docs/DOC-16452
Basically, according to I see, I should do the following if I want to enable SSL optimization with the entire environment:
- export the certificate and keys;
- enable secure store in the central manager;
- In the remote and core WAE, Check "initialize CMS secure store" and "Open CMS Secure Store";
- In the core WAE, import the CA certificate (upload PEM file);
- In the core WAE, create the SSL Accelerated Service by:
    --importing the client certificate and the key;
    -- Match interesting traffic;
    -- Put the SSL Acc Service in service;
- Finally, make sure SSL acceleration is enabled in both remote and core WAE.
The concerns:
I only need to enable SSL optimization for a specific location accessing a specific website.
Should the steps above work fine If I enable the SSL service for this specific website in the core WAE and enabling secure store only in a single remote site (brach office)?
how will the other remote locations behave?
Will they access the website normally with no SSL optimization even passing thru the core WAE?
What about the other SSL sites which have no certificate? They will be treated as normal HTTPS with no optimization, right?
If the site uses proxy, will any flow be impacted?
If the steps above do not fit my case, how can I configure SSL optimization for only one remote WAE?
Thanks in advance.
importing the client certificate and key (client.crt and client.key exported from the Web server - See more at: https://supportforums.cisco.com/docs/DOC-16452#sthash.3BKz05zU.dpu

Hi guys.
I have to enable SSL optimization for a specifc HTTPS website only and for a specific remote site only (branch office).
The scenario is as follows:
Multiple sites connected via a MPLS cloud. Each site has its own WAE device (module or appliance).
There is a central manager and core WAE in the main site (central site).
There is a website accessed via HTTPS by all the remote sites. This specific website is hosted within the main site.
For only a specific branch office (remote site) we want to enable SSL optimization for this specific website.
I saw this great and useful doc, but I still have some concerns.
https://supportforums.cisco.com/docs/DOC-16452
Basically, according to I see, I should do the following if I want to enable SSL optimization with the entire environment:
- export the certificate and keys;
- enable secure store in the central manager;
- In the remote and core WAE, Check "initialize CMS secure store" and "Open CMS Secure Store";
- In the core WAE, import the CA certificate (upload PEM file);
- In the core WAE, create the SSL Accelerated Service by:
    --importing the client certificate and the key;
    -- Match interesting traffic;
    -- Put the SSL Acc Service in service;
- Finally, make sure SSL acceleration is enabled in both remote and core WAE.
The concerns:
I only need to enable SSL optimization for a specific location accessing a specific website.
Should the steps above work fine If I enable the SSL service for this specific website in the core WAE and enabling secure store only in a single remote site (brach office)?
how will the other remote locations behave?
Will they access the website normally with no SSL optimization even passing thru the core WAE?
What about the other SSL sites which have no certificate? They will be treated as normal HTTPS with no optimization, right?
If the site uses proxy, will any flow be impacted?
If the steps above do not fit my case, how can I configure SSL optimization for only one remote WAE?
Thanks in advance.
importing the client certificate and key (client.crt and client.key exported from the Web server - See more at: https://supportforums.cisco.com/docs/DOC-16452#sthash.3BKz05zU.dpu

How to add a java option in oas 10g 9.0.4?

I need add a java option in my oas 10g...
I have an application implemented with jdeveloper 10g (10.1.2) and its need to use other jdbc libraries acording:
http://radio.weblogs.com/0118231/stories/2005/05/27/workaroundForDeployingAdf1012AppUsingIntermediaDomainsToOracleAs904.html
Using EnterpriseManager, i add a java option for the OC4J instance where my ADF 10.1.2-based application will be deployed:
[b]-Xbootclasspath/p: C:\oracle\infra\jdbc-10.1.0.4\ojdbc14.jar;C:\oracle\infra\jdbc-10.1.0.4\orai18n.jar
but now, ths oc4j instance dont init
...my opmn.xml file contains:
<process-type id="ADF_050615" module-id="OC4J">
<module-data>
<category id="start-parameters">
<data id="java-options" value="-server -Xrs -Djava.security.policy=C:\oracle\infra\j2ee\ADF_050615\config\java2.policy -Djava.awt.headless=true
 -Xbootclasspath/p: C:\oracle\infra\jdbc-10.1.0.4\ojdbc14.jar;C:\oracle\infra\jdbc-10.1.0.4\orai18n.jar"
 />
<data id="oc4j-options" value="-properties"/>
</category>
<category id="stop-parameters">
<data id="java-options" value="-Djava.security.policy=C:\oracle\infra\j2ee\ADF_050615\config\java2.policy -Djava.awt.headless=true"/>
</category>
</module-data>
</process-type>
Help me please

Rigoberto, there should be no space between "-Xbootclasspath/p:" and the path "C:\oracle\infra\jdbc-10.1.0.4\ojdbc14.jar;C:\oracle\infra\jdbc-10.1.0.4\orai18n.jar"
By the way, one can always take a look at the logs at
 $ORACLE_HOME/opmn/logs
especially those files whose names start with OC4J~ if there is some wrong with oc4j processes. Those files are the default oc4j stout and sterr. If oc4j can not init, there should be some kind of error message in them.
By the way, the following line may be deleted since no property file is specified.
 <data id="oc4j-options" value="-properties"/>
Hope this helps.

Enabling SSL on OAS 10g (9.0.4)

Similar Messages

Maybe you are looking for