Epm Inplace upgradation with SSL enabled

Hello Experts,
We have plan to inplace upgradation of  hyperion product 933 to EPM 122 with SSL enabled.
My questions regarding to this concerns are:-
1)Is it possible to make inplace upgradation 933 to 122 with SSL enabled?
2)What will be the risks for this plan
3)And suggest pros and cons for this
Please reply my questions soon.. and suggest me what will be better,Suggest ideas for this.
Thanks in advance,

980137 wrote:
Please reply my questions soon.. and suggest me what will be better,Suggest ideas for this.
I think you should discuss your upgrade options with a consultant instead of trying to get answers to those sort of questions on a forum.
Cheers
John
http://john-goodwin.blogspot.com/

Similar Messages

  • Starting Server with SSL Enabled

    I want to start iplanet directory server 5.1 with SSL Enabled, but It always ask me PIN Token.
    I write slapd-test-pin.txt file as following :
    slapd-test-pin.txt
    -------begin-----------
    Token:test123456
    -------end ------------
    I put the slapd-test-pin.txt into /usr/iplanet/server/alias
    then, I restart directory server from command line.
    /usr/iplanet/servers/slapd-test/stop-slapd
    /usr/iplanet/servers/slapd-test/start-slapd
    What's wrong ?
    Thank you !!!!

    I have a similar problem. I actually do set the correct format of certidcate db password file but the server stll does not start but reports the following:
    [26/Sep/2003:17:21:11 -0400] - Sun-ONE-Directory/5.2 B2003.143.0014 (32-bit) starting up
    [26/Sep/2003:17:21:11 -0400] - ERROR<12362> - Connection - conn=-1 op=-1 msgId=-1 - PR_Bind() on address <all interfaces> port <636> failed : error -5966 (Access Denied.).
    I installed the certificate correctly. It was obtained from VeriSign with a ds 5.2 generated request.
    Any ideas?
    Thanks in advance!

  • WCF service fronted with SSL enabled NGINX load balancer shows HTTP based WSDL url instead of HTTPS

    Hi,
    I have WCF service hosted using IIS 8.5 on application server. And application servers are fronted with NGINX load balancer with SSL enabled. Backend communication protocol between NGINX to application server is http. 
    When customer visits public domain url (https://xxx.com/service.svc), they can see the WSDL url with http://xxx.com/service.svc?wsdl. 
    What change should I make so that WSDL url will have https instead of http ? 
    This is service side configuration.
    <system.serviceModel>
        <services>
          <service name="Service.IService">
            <endpoint address="" binding="basicHttpBinding" bindingNamespace="http://xyz.com/Service" name="Service_Endpoint" contract="Service.IService" />
          </service>
        </services>
        <bindings>
          <basicHttpBinding />
        </bindings>
        <client />
        <behaviors>
          <serviceBehaviors>
            <behavior>
              <serviceThrottling maxConcurrentCalls="5000" maxConcurrentInstances="2147483647" maxConcurrentSessions="5000" />
              <serviceMetadata httpGetEnabled="true" />
              <serviceDebug includeExceptionDetailInFaults="true" />
            </behavior>
          </serviceBehaviors>
        </behaviors>
        <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
      </system.serviceModel>
    Thanks in advance !!

    Hi,
    For this scenario, you could just enable SSL in IIS to get HTTPS endpoints. If your service is exposed at https then you configure the same using “httpsGetEnabled”:
    <behaviors>
    <serviceBehaviors>
    <behavior
    name="MyServiceTypeBehaviors"
    >
    <serviceMetadata
    httpGetEnabled="true"
    />
         </behavior>
    </serviceBehaviors>
    </behaviors>
    For more information, you could refer to:
    http://www.codeproject.com/Articles/327260/What-s-new-in-WCF-Automatic-HTTPS-endpoint-for
    http://blogs.msdn.com/b/brajens/archive/2007/04/26/accessing-description-metadata-wsdl-of-wcf-web-service.aspx
    Regards

  • How do i restart slapd with SSL enabled?

    I am running 5.2 with patch 3 for solaris 8. I want to restart slapd using the restart-slapd command. However the problem is, with SSL enabled, I need to manually intervene and enter in the token password. Is there any way to get around this?
    This wouldnt be an issue if i didnt have to automate the slapd restarts.
    Thanks.
    -Sowser

    If you haven't already, create a file as <serverRoot>/alias/slapd-<instance>-pin.txt and add the following to it
    Internal (Software) Token:yourcertdbpasswd
    Once done you will be able to avoid any manual intervention. This procedure is documented in the Admin guide

  • HFM and Workspace upgrade with SSL from 931 to 933

    Hi,
    We have upgraded our HFM and workspace components from 931 to 933.
    Webserver:Apache and AppServer : Weblogic 9.1
    We already had SSL enable with 931 but some anohter vendor has done it Now after upgrade to 933 we cannot directly use https .Can anybody please let me know how to reconfigure SSL after performing the upgrade?
    We have hyp_ssl_pdf but that doesnt give proper clue,what stpes to be followed.
    Would be great if somebody can throw light upon the procedure and steps to be followed.
    Thanks.

    Hi 3017122,
    The certificate specified by the "TrustedCAFile" parameter does not contain a valid certificate chain.
    Solution:
    1. Connect to https://<YourServer>/HyperionFinancialManagement - the secure sign (padlock) should appear on the browser showing that the connection was secure (bottom right for Internet Explorer 6.0).
    2. Double click the secure sign and go to the "Certificates Path" tab
    3. Make note of the chains
    4. Create a new TrustedCAFile with all those chains
    see http://e-docs.bea.com/wls/docs92/pdf/secmanage.pdf on page 128 and following
    5. Validate it with WebLogic's "java utils.ValidateCertChain" utility
    see http://e-docs.bea.com/wls/docs92/pdf/secmanage.pdf on page 149
    6. Modify the HYSL-Weblogic.conf parameter TrustedCAFile to point to the new certificate
    7. Restart Apache, Planning and Workspace services
    Drope me an email and I'll send you doc...
    Good Luck,
    -David

  • Facing issue when LDAPSync is enabled for OIM-AD integration with SSL enabled

    Hi
    We are performing LDAPSync for OIM AD real time sync.We have done all configuration as per oracle documentation on LDAPSync for OIM 11gR2 : http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/oid_oim.htm The OIM environment we tested is the latest OIM version OIM 11gR2 PS1 (11.1.2.1.0).
    WE have performed LDAPSync enablement on postinstallation of OIM .So we dont have OVD , we have configured libOVD as mentioned in this doc.
    We have performed following  steps mentioned in this document  in our OIM environment.
    3.1 Enabling Post installation LDAP Synchronization
    3.3 Creating Identity Virtualization Library (libOVD) Adapters and Integrating With Oracle Identity Manager
    As attribute like password  might be not getting updated in AD from OIM , we have configured SSL enabled integration in LDAP sync as mentioned in above document.
    We implemented this step  3.4.1 Enabling SSL Between Identity Virtualization Library (libOVD) and Microsoft Active Directory,
    but here it is not properly mentioned that about how to import public key certificate of AD into OIM envirioment for SSL.
    We are getting following error message in logs : Looking at logs it looks like the import of AD SSL certificate did not happen properly in OIM environment. But ,we have imported it using keytool and OVD keystore ...please let us know if we are missing any configuration in this process.Above oracle document is not pretty clear on this.
    <Dec 7, 2013 12:22:53 AM IST> <Warning> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.BackendJNDI> <OVD-40118> <Could not automatically detect binary attribute list: simple bind failed: 10.88.164.231:636.>
    <Dec 7, 2013 12:22:53 AM IST> <Warning> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.JNDIConnectionPool> <OVD-60024> <Connection error: simple bind failed: 10.88.164.231:636.>
    <Dec 7, 2013 12:22:53 AM IST> <Error> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.BackendJNDI> <OVD-60143> <[#LDAP2]  Unable to create connection to ldap://[10.88.164.231]:636 as null.
    javax.naming.CommunicationException: simple bind failed: 10.88.164.231:636 [Root exception is javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]
    at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
    at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
    at javax.naming.InitialContext.init(InitialContext.java:223)
    at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
    at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.createCtx(JNDIConnectionPool.java:463)
    at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.create(JNDIConnectionPool.java:494)
    at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.<init>(JNDIConnectionPool.java:156)
    at oracle.ods.virtualization.engine.backend.jndi.RemoteServer.getJNDIConnectionPool(RemoteServer.java:163)
    at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:984)
    at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:927)
    at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.getHolder(ConnectionHandle.java:415)
    at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.search(ConnectionHandle.java:250)
    at oracle.ods.virtualization.engine.backend.jndi.JNDIEntrySet.initialize(JNDIEntrySet.java:219)
    at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.get(BackendJNDI.java:728)
    at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:303)
    at oracle.ods.virtualization.engine.chain.BasePlugin.get(BasePlugin.java:89)
    at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
    at oracle.ods.virtualization.engine.chain.BasePlugin.get(BasePlugin.java:89)
    at oracle.ods.virtualization.engine.chain.plugins.usermanagement.UserManagement.get(UserManagement.java:742)
    at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
    at oracle.ods.virtualization.engine.chain.PluginChain.runGet(PluginChain.java:211)
    at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:351)
    at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:316)
    ...more
    Caused By: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1731)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1692)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1675)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1601)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:94)
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
    at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:414)
    at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:387)
    at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332)
    at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
    at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
    at javax.naming.InitialContext.init(InitialContext.java:223)
    at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
    at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.createCtx(JNDIConnectionPool.java:463)
    at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.create(JNDIConnectionPool.java:494)
    at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.<init>(JNDIConnectionPool.java:156)
    at oracle.ods.virtualization.engine.backend.jndi.RemoteServer.getJNDIConnectionPool(RemoteServer.java:163)
    at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:984)
    at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:927)
    ...more
    Caused By: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:57)
    at sun.security.validator.Validator.getInstance(Validator.java:161)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:108)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:204)
    at oracle.ods.virtualization.engine.util.OVDTrustManager.checkServerTrusted(OVDTrustManager.java:99)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1198)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:89)
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
    Let us know for any helpful pointers on this
    Thanks in advance,
    RPB25

    Use the steps given below to perform import public key certificate of AD into OIM envirioment for SSL
    Obtain the AD Certificates from the AD Administrator.
    Copy the AD Certificates to the directory /jrockit-jdk1.6.0_20/jre/lib/security
    Run the following command to import all the certificates
    /jrockit-jdk1.6.0_20/bin/keytool -import -alias <provide_alias> -file <file-name> -keystorecacerts -storepasschangeit
      4. The CA certificates are now present in the trust store.

  • Inplace upgrade with WFA 3.1RC1

    HI WFA Team,Does WFA 3.1 RC1 support inplace upgrade from WFA 2.2 or later ?Reading the release notes and ISG doesnt seem to confirm the same. RegardsAdai

    JoelEdstrom, This happens when your backup file is taken from a one WFA machine-box and you are restoring it on a different  WFA Box i.e. another machine. Every WFA installation has a unique key for that particular OS box and the saved credentials are encrypted/decrypted using that particular key. So the new WFA instalation on a different machine will have a different key and hence after the Restore of the backup-file which is nothing but mysql dump, the saved credentials present in WFA DB can't be decrypted using this key. That's why you need to put them back again i.e. saving them now again with the new key as per on this box. So after Restoring, you need to import the key as well and you'll save yourself from this trouble. Look for how to do it in WFA Installation and Setup Guide. sinhaa  

  • Urgent JMS issue with SSL-enabled cluster

    Hello, dear All!
    We have deployed a SAP WebAS SP13 SSL-enabled cluster (2 servers) and face the following strange behaviour:
    When both servers are running our queue-based message driven beans (MDB EJBs) never get any messages.
    However, JMS topic subscriber threads (not implemented as MDBs) work fine on both servers and receive JMS broadcasts. As well web-initiated JMS queue browsing works fine.
    Then if only one (central) server is up, queue-based MDBs work fine and start receiving messages...
    If you know or guess what might be an issue it would be greatly appreciated!
    Thank you and best regards,
    -Yuri

    Hi!
    Yes, I solved this problem. You have to set your certificate to the LDAP server and get SSL enabled. You should also add same certificate to your jdk's cacerts file. That should help. :)
    Janne

  • Steps to configure Weblogic 10.3 with SSL enabled Sybase 12.5

    In WLS 10.3, there is a new feature for supporting the SSL encryption on Sybase 12.5.4.
    I want to connect from Weblogic 10.3 to the SSL enabled Sybase 12.5.4.
    Can any one please provide the step by step instructions for how to configure on the Weblogic 10.3? Do I need to create any custom class for this?
    Thanks

    Here is an example of connecting using the Sybase driver.
    SybDriver sybDriver = (SybDriver)
        Class.forName("com.sybase.jdbc3.jdbc.SybDriver").newInstance();
    sybDriver.setVersion(com.sybase.jdbcx.SybDriver.VERSION_6);
    DriverManager.registerDriver(sybDriver);
    Connection conn = DriverManager.getConnection
        ("jdbc:sybase:Tds:<host>:5000?ServiceName=<dbname>",<user>,<passwd>);Not sure that the setVersion() call is absolutely necessary.

  • Problem connecting to LDAP with SSL enabled

    Hi,
    I'm trying to connect to Active Directory with JNDI, but I got a few problems.
    I use Win2003 server, I tried the code from adler_steven (very good and works well), but I got a problem when I want to connect over TLS.
    Apparently, I have to install the SSL/TLS on the machine. I tried to follow the howto http://support.microsoft.com/default.aspx?scid=kb;en-us;321051, but i got an error when i create a new certifcate :
    Expected INF file section name 0xe0000000 (INF:-536870912) request.inf.
    I tried differents stuff but without results.
    I'm not able to install it, so when I run the code I've got the errors :
    IO Exception, Problem creating object: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
    It s a first time that I use the JNDI API and LDAP (Active Directory ) sorry for any incomprehension, but I really need to finish the program.
    Thanks in advance
    cyroul

    Hi,
    I'm trying to connect to Active Directory with JNDI, but I got a few problems.
    I use Win2003 server, I tried the code from adler_steven (very good and works well), but I got a problem when I want to connect over TLS.
    Apparently, I have to install the SSL/TLS on the machine. I tried to follow the howto http://support.microsoft.com/default.aspx?scid=kb;en-us;321051, but i got an error when i create a new certifcate :
    Expected INF file section name 0xe0000000 (INF:-536870912) request.inf.
    I tried differents stuff but without results.
    I'm not able to install it, so when I run the code I've got the errors :
    IO Exception, Problem creating object: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
    It s a first time that I use the JNDI API and LDAP (Active Directory ) sorry for any incomprehension, but I really need to finish the program.
    Thanks in advance
    cyroul

  • OSB cluster setup with SSL

    Hi,
    Could any one help me here..
    Cluster setup for OSB with SSL enable
    1) Admin and 2 Managed server are running on same host
    2) cluster domain created in development mode
    2) While starting second managed server getting below error..
    <Oct 4, 2010 8:04:58 AM PDT> <Error> <ClusterTimer> <BEA-000000> <Cannot contact Admin server. Therefore constructing the Cluster Authority Current time with
    the time skew 0
    java.rmi.RemoteException: ClusterTimerAuthority error; nested exception is:
    javax.naming.CommunicationException [Root exception is java.net.ConnectException: t3s://hostname:SSLport: Destination unreachable; nest
    ed exception is:
            java.io.IOException: Stream closed.; No available router to destination]
    at com.bea.wli.sb.init.RemoteClusterTimerAuthority.getClusterTimerAuthorityCurrentTime(RemoteClusterTimerAuthority.java:38)
    at com.bea.wli.timer.ClusterTimerService.clusterTimeAuthorityCurrentTimeMillis(ClusterTimerService.java:177)
    at com.bea.wli.timer.ClusterTimerService.initialize(ClusterTimerService.java:88)
    at com.bea.wli.sb.init.FrameworkStarter._preStart(FrameworkStarter.java:221)
    at com.bea.wli.sb.init.FrameworkStarter.access$000(FrameworkStarter.java:79)
    Truncated. see log file for complete stacktrace
    Thanks,
    Sushma.

    Even I faced the same issue..but eventually the problem got resolved with below resolution:
    Resolution: The managed server was not able to connect to t3s://hostname:sslport. The SSL configuration on Adminserver was wrong. After correcting SSL setting on Adminserver..i was able to resolve this error.

  • OEL ldap client setup with SSL against OID using either ldaps or starttls

    Hi, I've got OID 11.1.1.1.0 running with SSL enabled on port 3132. It's running in mode 2, SSL Server Authentication mode (orclsslauthentication is set to 32). I'd like to setup my OEL 5.3 and Solaris 10 ldap clients to connect to OID using SSL for user authentication. I have everything already working on the non-SSL port (3060), but I need to switch over to SSL. So far I can't get it to work on either OEL or Solaris. Does anyone out there know how to configure the client to use SSL?
    Here's my /etc/ldap.conf file on OEL 5.3.
    timelimit 120
    bind_timelimit 120
    idle_timelimit 3600
    nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
    URI ldaps://FQDN:3132/
    port 3132
    ssl yes
    host FQDN
    base dc=DOMAIN,dc=com
    pam_password clear
    tls_cacertdir /etc/oracle-certs
    tls_cacertfile /etc/oracle-certs/oid-test-ca.pem
    tls_ciphers SSLv3
    # filter to AND with uid=%s
    pam_filter objectclass=posixaccount
    #The search scope
    scope sub
    I have /etc/nsswitch.conf set to check for files first, then ldap
    passwd: files ldap
    shadow: files ldap
    group: files ldap
    Here's my /etc/openldap/ldap.conf file
    URI ldaps://FQDN:3132/
    BASE dc=DOMAIN,dc=com
    TLS_CACERT /etc/openldap/cacerts/oid-test-ca.pem
    TLS_CACERTDIR /etc/openldap/cacerts
    TLS_REQCERT allow
    TLS_CIPHERS SSLv3
    The oid-test-ca.pem is a self-signed cert from the OID server. I also have the hash file configured.
    4224de9f.0 -> oid-test-ca.pem
    I can run ldapsearch using ldaps and it works fine.
    ldapsearch -v -d 1 -x -H ldaps://FQDN:3132 -b "dc=DOMAIN,dc=com" -D "cn=user,cn=users,dc=DOMAIN,dc=com" -w somepass -s sub objectclass=* | more
    But when I run the 'getent passwd' command, it only shows me my local user accounts and none of my ldap accounts. I also can't SSH in using a ldap account.
    Solaris 10 is actually a whole other beast...I'm using the native Solaris ldap client (not PADL based) and I don't think it even works with SSL unless you're using the default ports (389/636).
    Does anyone out there know how to setup the client-side for ldap authentication using SSL? Any tips, howto docs, or advice are appreciated. Thanks!

    Hello again...
    after some research and work together with Oracle Support I found out how to get it to work:
    1. You have to create your own ConfigSet in OID using
    SSL-Server-Authentication
    (OpenSSL seems not to support SSL-encryption-only).
    The following link shows on how to do that:
    http://otn.oracle.com/products/oid/oidhtml/oidqs/html_masters/a_port01.htm
    2. Add the following lines to your $HOME/ldaprc
    TLS_CACERT /home/frank/oid-caroot.pem
    TLS_REQCERT allow
    TLS_CIPHERS SSLv3
    ssl on
    tls_checkpeer no
    oid-caroot.pem is the CA-Root Certificate you got
    during step 1
    3. you should now be able to use ldapsearch using SSL
    If you still can't connect using SSL you may have run into another issue with OpenSSL which affects systems using OpenSSL version 0.9.6d and above. The problem seems to be caused by an security fix which may not be compliant with the SSL implementation of Oracle.
    I opened an Bug for that problem with RedHat. This Bug Description also includes an proposal for an Patch which solves the problem (but may introduce some security risks). See the Bug at RedHat:
    https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123849
    Bye
    Frank Berger

  • NmConnect() error when SSL enabled

    Hello,
    I am on welogic 10.3.2 and I am trying to create my domain to use SSL.
    I created a domain and Admin server with SSL enabled. Before starting the admin server. I start the nodemanager and then try the nmConnect as below and i see this error. Please help.
    nmConnect('weblogic','weblogic1','localhost','10001','../wldomain','skDomain')
    weblogic.nodemanager.NMException: Configuration error while reading domain directory
    at weblogic.nodemanager.client.NMServerClient.checkResponse(NMServerClient.java:299)
    at weblogic.nodemanager.client.NMServerClient.checkResponse(NMServerClient.java:312)
    at weblogic.nodemanager.client.NMServerClient.connect(NMServerClient.java:248)
    at weblogic.nodemanager.client.NMServerClient.checkConnected(NMServerClient.java:199)
    at weblogic.nodemanager.client.NMServerClient.checkConnected(NMServerClient.java:205)
    at weblogic.nodemanager.client.NMServerClient.getVersion(NMServerClient.java:52)
    at weblogic.management.scripting.NodeManagerService.verifyConnection(NodeManagerService.java:175)
    at weblogic.management.scripting.NodeManagerService.nmConnect(NodeManagerService.java:169)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:

    Hello,
    I am on welogic 10.3.2 and I am trying to create my domain to use SSL.
    I created a domain and Admin server with SSL enabled. Before starting the admin server. I start the nodemanager and then try the nmConnect as below and i see this error. Please help.
    nmConnect('weblogic','weblogic1','localhost','10001','../wldomain','skDomain')
    weblogic.nodemanager.NMException: Configuration error while reading domain directory
    at weblogic.nodemanager.client.NMServerClient.checkResponse(NMServerClient.java:299)
    at weblogic.nodemanager.client.NMServerClient.checkResponse(NMServerClient.java:312)
    at weblogic.nodemanager.client.NMServerClient.connect(NMServerClient.java:248)
    at weblogic.nodemanager.client.NMServerClient.checkConnected(NMServerClient.java:199)
    at weblogic.nodemanager.client.NMServerClient.checkConnected(NMServerClient.java:205)
    at weblogic.nodemanager.client.NMServerClient.getVersion(NMServerClient.java:52)
    at weblogic.management.scripting.NodeManagerService.verifyConnection(NodeManagerService.java:175)
    at weblogic.management.scripting.NodeManagerService.nmConnect(NodeManagerService.java:169)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:

  • Applet with SSL Performance Issue

    Hi All,
    I tried posting this in the general java forum but I think it's more relavant in the Applet section. I have a program where JavaScript invokes an Applet which uses PrintService to retrieve a list of all the printers on the network and returns that string, the JS then does something with that String. The problem I'm seeing is that when a user tests this functionality without SSL enabled there are no issues. However, with SSL enabled, the first invocation of this functionality is successful but the second invocation always causes the CPU to spike to 50%. Any ideas what's happening here? Why is it spiking on the second call to this applet? Workarounds? Would it be possible to retrieve a list of printers directly with JS?
    Thanks for your feedback.
    Message was edited by:
    javajiggs

    what do you mean the sniffer trace is normal ?
    Do you have the decrypted trace ?
    It's important to know if the server sent an error message, or if the css corrupted the server response.
    This should be seen in the trace.
    Also, is the same client always having issue ?
    Is it the only one ?
    Can this client browse different webpages ?
    Gilles.

  • Upgrade Failed in WAE's from 4.1.5f to ver 4.2.3c with SSL Error.

    Hi all,
    I am in the process upgarding the OS from 4.1.5f to 4.2.3c . There was no issue upgarding the central manger.
    While upgarding the other WAE's from the CM and also from the CLI there is an Alarm as below.
            Alarm ID                 Module/Submodule               Instance
       1 mstore_key_retrieval      cms                          ssl_mstore_key
       2 mstore_key_failure        sslao                        mstore_key_failure
    Also the central manager shows that devices offline.
    Thanks for your help
    Dhana

    Hi Dhana,
    Please apply following commands from CLI on the WAEs that are hsowing up this error:
    1. cms disable on WAE. commnd: CM deregister OR CMS deregister force
    2. delete the device from CM
    4.Apply following commands to WAE:
    WAE-674-1(config)#no accelerator ssl  enable
    Disabled ssl accelerator.
    WAE-674-1(config)#end
    WAE-674-1#crypto pki managed-store initialize
    All certificate/private keys in SSL managed store will be deleted and optimized SSL traffic will be interrupted. Are you sure you want to continue(yes/no)? [no]:yes
    SSL managed store token file not present. Continuing with deletion of certificates in SSL managed store
    Restarting SSL accelerator. Done.
    WAE-674-1#conf t
    WAE-674-1(config)# accelerator ssl  enable
    Enabled ssl accelerator
    WAE-674-1(config)#cms enable
    Hope this helps.
    Regards.
    PS: Please mark this Answered, if it resolves the issue.

Maybe you are looking for