Epm Inplace upgradation with SSL enabled
Hello Experts,
We have plan to inplace upgradation of hyperion product 933 to EPM 122 with SSL enabled.
My questions regarding to this concerns are:-
1)Is it possible to make inplace upgradation 933 to 122 with SSL enabled?
2)What will be the risks for this plan
3)And suggest pros and cons for this
Please reply my questions soon.. and suggest me what will be better,Suggest ideas for this.
Thanks in advance,
980137 wrote:
Please reply my questions soon.. and suggest me what will be better,Suggest ideas for this.
I think you should discuss your upgrade options with a consultant instead of trying to get answers to those sort of questions on a forum.
Cheers
John
http://john-goodwin.blogspot.com/
Similar Messages
-
Starting Server with SSL Enabled
I want to start iplanet directory server 5.1 with SSL Enabled, but It always ask me PIN Token.
I write slapd-test-pin.txt file as following :
slapd-test-pin.txt
-------begin-----------
Token:test123456
-------end ------------
I put the slapd-test-pin.txt into /usr/iplanet/server/alias
then, I restart directory server from command line.
/usr/iplanet/servers/slapd-test/stop-slapd
/usr/iplanet/servers/slapd-test/start-slapd
What's wrong ?
Thank you !!!!I have a similar problem. I actually do set the correct format of certidcate db password file but the server stll does not start but reports the following:
[26/Sep/2003:17:21:11 -0400] - Sun-ONE-Directory/5.2 B2003.143.0014 (32-bit) starting up
[26/Sep/2003:17:21:11 -0400] - ERROR<12362> - Connection - conn=-1 op=-1 msgId=-1 - PR_Bind() on address <all interfaces> port <636> failed : error -5966 (Access Denied.).
I installed the certificate correctly. It was obtained from VeriSign with a ds 5.2 generated request.
Any ideas?
Thanks in advance! -
WCF service fronted with SSL enabled NGINX load balancer shows HTTP based WSDL url instead of HTTPS
Hi,
I have WCF service hosted using IIS 8.5 on application server. And application servers are fronted with NGINX load balancer with SSL enabled. Backend communication protocol between NGINX to application server is http.
When customer visits public domain url (https://xxx.com/service.svc), they can see the WSDL url with http://xxx.com/service.svc?wsdl.
What change should I make so that WSDL url will have https instead of http ?
This is service side configuration.
<system.serviceModel>
<services>
<service name="Service.IService">
<endpoint address="" binding="basicHttpBinding" bindingNamespace="http://xyz.com/Service" name="Service_Endpoint" contract="Service.IService" />
</service>
</services>
<bindings>
<basicHttpBinding />
</bindings>
<client />
<behaviors>
<serviceBehaviors>
<behavior>
<serviceThrottling maxConcurrentCalls="5000" maxConcurrentInstances="2147483647" maxConcurrentSessions="5000" />
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
Thanks in advance !!Hi,
For this scenario, you could just enable SSL in IIS to get HTTPS endpoints. If your service is exposed at https then you configure the same using “httpsGetEnabled”:
<behaviors>
<serviceBehaviors>
<behavior
name="MyServiceTypeBehaviors"
>
<serviceMetadata
httpGetEnabled="true"
/>
</behavior>
</serviceBehaviors>
</behaviors>
For more information, you could refer to:
http://www.codeproject.com/Articles/327260/What-s-new-in-WCF-Automatic-HTTPS-endpoint-for
http://blogs.msdn.com/b/brajens/archive/2007/04/26/accessing-description-metadata-wsdl-of-wcf-web-service.aspx
Regards -
How do i restart slapd with SSL enabled?
I am running 5.2 with patch 3 for solaris 8. I want to restart slapd using the restart-slapd command. However the problem is, with SSL enabled, I need to manually intervene and enter in the token password. Is there any way to get around this?
This wouldnt be an issue if i didnt have to automate the slapd restarts.
Thanks.
-SowserIf you haven't already, create a file as <serverRoot>/alias/slapd-<instance>-pin.txt and add the following to it
Internal (Software) Token:yourcertdbpasswd
Once done you will be able to avoid any manual intervention. This procedure is documented in the Admin guide -
HFM and Workspace upgrade with SSL from 931 to 933
Hi,
We have upgraded our HFM and workspace components from 931 to 933.
Webserver:Apache and AppServer : Weblogic 9.1
We already had SSL enable with 931 but some anohter vendor has done it Now after upgrade to 933 we cannot directly use https .Can anybody please let me know how to reconfigure SSL after performing the upgrade?
We have hyp_ssl_pdf but that doesnt give proper clue,what stpes to be followed.
Would be great if somebody can throw light upon the procedure and steps to be followed.
Thanks.Hi 3017122,
The certificate specified by the "TrustedCAFile" parameter does not contain a valid certificate chain.
Solution:
1. Connect to https://<YourServer>/HyperionFinancialManagement - the secure sign (padlock) should appear on the browser showing that the connection was secure (bottom right for Internet Explorer 6.0).
2. Double click the secure sign and go to the "Certificates Path" tab
3. Make note of the chains
4. Create a new TrustedCAFile with all those chains
see http://e-docs.bea.com/wls/docs92/pdf/secmanage.pdf on page 128 and following
5. Validate it with WebLogic's "java utils.ValidateCertChain" utility
see http://e-docs.bea.com/wls/docs92/pdf/secmanage.pdf on page 149
6. Modify the HYSL-Weblogic.conf parameter TrustedCAFile to point to the new certificate
7. Restart Apache, Planning and Workspace services
Drope me an email and I'll send you doc...
Good Luck,
-David -
Facing issue when LDAPSync is enabled for OIM-AD integration with SSL enabled
Hi
We are performing LDAPSync for OIM AD real time sync.We have done all configuration as per oracle documentation on LDAPSync for OIM 11gR2 : http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/oid_oim.htm The OIM environment we tested is the latest OIM version OIM 11gR2 PS1 (11.1.2.1.0).
WE have performed LDAPSync enablement on postinstallation of OIM .So we dont have OVD , we have configured libOVD as mentioned in this doc.
We have performed following steps mentioned in this document in our OIM environment.
3.1 Enabling Post installation LDAP Synchronization
3.3 Creating Identity Virtualization Library (libOVD) Adapters and Integrating With Oracle Identity Manager
As attribute like password might be not getting updated in AD from OIM , we have configured SSL enabled integration in LDAP sync as mentioned in above document.
We implemented this step 3.4.1 Enabling SSL Between Identity Virtualization Library (libOVD) and Microsoft Active Directory,
but here it is not properly mentioned that about how to import public key certificate of AD into OIM envirioment for SSL.
We are getting following error message in logs : Looking at logs it looks like the import of AD SSL certificate did not happen properly in OIM environment. But ,we have imported it using keytool and OVD keystore ...please let us know if we are missing any configuration in this process.Above oracle document is not pretty clear on this.
<Dec 7, 2013 12:22:53 AM IST> <Warning> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.BackendJNDI> <OVD-40118> <Could not automatically detect binary attribute list: simple bind failed: 10.88.164.231:636.>
<Dec 7, 2013 12:22:53 AM IST> <Warning> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.JNDIConnectionPool> <OVD-60024> <Connection error: simple bind failed: 10.88.164.231:636.>
<Dec 7, 2013 12:22:53 AM IST> <Error> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.BackendJNDI> <OVD-60143> <[#LDAP2] Unable to create connection to ldap://[10.88.164.231]:636 as null.
javax.naming.CommunicationException: simple bind failed: 10.88.164.231:636 [Root exception is javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.createCtx(JNDIConnectionPool.java:463)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.create(JNDIConnectionPool.java:494)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.<init>(JNDIConnectionPool.java:156)
at oracle.ods.virtualization.engine.backend.jndi.RemoteServer.getJNDIConnectionPool(RemoteServer.java:163)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:984)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:927)
at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.getHolder(ConnectionHandle.java:415)
at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.search(ConnectionHandle.java:250)
at oracle.ods.virtualization.engine.backend.jndi.JNDIEntrySet.initialize(JNDIEntrySet.java:219)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.get(BackendJNDI.java:728)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:303)
at oracle.ods.virtualization.engine.chain.BasePlugin.get(BasePlugin.java:89)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
at oracle.ods.virtualization.engine.chain.BasePlugin.get(BasePlugin.java:89)
at oracle.ods.virtualization.engine.chain.plugins.usermanagement.UserManagement.get(UserManagement.java:742)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
at oracle.ods.virtualization.engine.chain.PluginChain.runGet(PluginChain.java:211)
at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:351)
at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:316)
...more
Caused By: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1731)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1692)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1675)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1601)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:94)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:414)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:387)
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.createCtx(JNDIConnectionPool.java:463)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.create(JNDIConnectionPool.java:494)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.<init>(JNDIConnectionPool.java:156)
at oracle.ods.virtualization.engine.backend.jndi.RemoteServer.getJNDIConnectionPool(RemoteServer.java:163)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:984)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:927)
...more
Caused By: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:57)
at sun.security.validator.Validator.getInstance(Validator.java:161)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:108)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:204)
at oracle.ods.virtualization.engine.util.OVDTrustManager.checkServerTrusted(OVDTrustManager.java:99)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1198)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:89)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
Let us know for any helpful pointers on this
Thanks in advance,
RPB25Use the steps given below to perform import public key certificate of AD into OIM envirioment for SSL
Obtain the AD Certificates from the AD Administrator.
Copy the AD Certificates to the directory /jrockit-jdk1.6.0_20/jre/lib/security
Run the following command to import all the certificates
/jrockit-jdk1.6.0_20/bin/keytool -import -alias <provide_alias> -file <file-name> -keystorecacerts -storepasschangeit
4. The CA certificates are now present in the trust store. -
Inplace upgrade with WFA 3.1RC1
HI WFA Team,Does WFA 3.1 RC1 support inplace upgrade from WFA 2.2 or later ?Reading the release notes and ISG doesnt seem to confirm the same. RegardsAdai
JoelEdstrom, This happens when your backup file is taken from a one WFA machine-box and you are restoring it on a different WFA Box i.e. another machine. Every WFA installation has a unique key for that particular OS box and the saved credentials are encrypted/decrypted using that particular key. So the new WFA instalation on a different machine will have a different key and hence after the Restore of the backup-file which is nothing but mysql dump, the saved credentials present in WFA DB can't be decrypted using this key. That's why you need to put them back again i.e. saving them now again with the new key as per on this box. So after Restoring, you need to import the key as well and you'll save yourself from this trouble. Look for how to do it in WFA Installation and Setup Guide. sinhaa
-
Urgent JMS issue with SSL-enabled cluster
Hello, dear All!
We have deployed a SAP WebAS SP13 SSL-enabled cluster (2 servers) and face the following strange behaviour:
When both servers are running our queue-based message driven beans (MDB EJBs) never get any messages.
However, JMS topic subscriber threads (not implemented as MDBs) work fine on both servers and receive JMS broadcasts. As well web-initiated JMS queue browsing works fine.
Then if only one (central) server is up, queue-based MDBs work fine and start receiving messages...
If you know or guess what might be an issue it would be greatly appreciated!
Thank you and best regards,
-YuriHi!
Yes, I solved this problem. You have to set your certificate to the LDAP server and get SSL enabled. You should also add same certificate to your jdk's cacerts file. That should help. :)
Janne -
Steps to configure Weblogic 10.3 with SSL enabled Sybase 12.5
In WLS 10.3, there is a new feature for supporting the SSL encryption on Sybase 12.5.4.
I want to connect from Weblogic 10.3 to the SSL enabled Sybase 12.5.4.
Can any one please provide the step by step instructions for how to configure on the Weblogic 10.3? Do I need to create any custom class for this?
ThanksHere is an example of connecting using the Sybase driver.
SybDriver sybDriver = (SybDriver)
Class.forName("com.sybase.jdbc3.jdbc.SybDriver").newInstance();
sybDriver.setVersion(com.sybase.jdbcx.SybDriver.VERSION_6);
DriverManager.registerDriver(sybDriver);
Connection conn = DriverManager.getConnection
("jdbc:sybase:Tds:<host>:5000?ServiceName=<dbname>",<user>,<passwd>);Not sure that the setVersion() call is absolutely necessary. -
Problem connecting to LDAP with SSL enabled
Hi,
I'm trying to connect to Active Directory with JNDI, but I got a few problems.
I use Win2003 server, I tried the code from adler_steven (very good and works well), but I got a problem when I want to connect over TLS.
Apparently, I have to install the SSL/TLS on the machine. I tried to follow the howto http://support.microsoft.com/default.aspx?scid=kb;en-us;321051, but i got an error when i create a new certifcate :
Expected INF file section name 0xe0000000 (INF:-536870912) request.inf.
I tried differents stuff but without results.
I'm not able to install it, so when I run the code I've got the errors :
IO Exception, Problem creating object: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
It s a first time that I use the JNDI API and LDAP (Active Directory ) sorry for any incomprehension, but I really need to finish the program.
Thanks in advance
cyroulHi,
I'm trying to connect to Active Directory with JNDI, but I got a few problems.
I use Win2003 server, I tried the code from adler_steven (very good and works well), but I got a problem when I want to connect over TLS.
Apparently, I have to install the SSL/TLS on the machine. I tried to follow the howto http://support.microsoft.com/default.aspx?scid=kb;en-us;321051, but i got an error when i create a new certifcate :
Expected INF file section name 0xe0000000 (INF:-536870912) request.inf.
I tried differents stuff but without results.
I'm not able to install it, so when I run the code I've got the errors :
IO Exception, Problem creating object: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
It s a first time that I use the JNDI API and LDAP (Active Directory ) sorry for any incomprehension, but I really need to finish the program.
Thanks in advance
cyroul -
Hi,
Could any one help me here..
Cluster setup for OSB with SSL enable
1) Admin and 2 Managed server are running on same host
2) cluster domain created in development mode
2) While starting second managed server getting below error..
<Oct 4, 2010 8:04:58 AM PDT> <Error> <ClusterTimer> <BEA-000000> <Cannot contact Admin server. Therefore constructing the Cluster Authority Current time with
the time skew 0
java.rmi.RemoteException: ClusterTimerAuthority error; nested exception is:
javax.naming.CommunicationException [Root exception is java.net.ConnectException: t3s://hostname:SSLport: Destination unreachable; nest
ed exception is:
java.io.IOException: Stream closed.; No available router to destination]
at com.bea.wli.sb.init.RemoteClusterTimerAuthority.getClusterTimerAuthorityCurrentTime(RemoteClusterTimerAuthority.java:38)
at com.bea.wli.timer.ClusterTimerService.clusterTimeAuthorityCurrentTimeMillis(ClusterTimerService.java:177)
at com.bea.wli.timer.ClusterTimerService.initialize(ClusterTimerService.java:88)
at com.bea.wli.sb.init.FrameworkStarter._preStart(FrameworkStarter.java:221)
at com.bea.wli.sb.init.FrameworkStarter.access$000(FrameworkStarter.java:79)
Truncated. see log file for complete stacktrace
Thanks,
Sushma.Even I faced the same issue..but eventually the problem got resolved with below resolution:
Resolution: The managed server was not able to connect to t3s://hostname:sslport. The SSL configuration on Adminserver was wrong. After correcting SSL setting on Adminserver..i was able to resolve this error. -
OEL ldap client setup with SSL against OID using either ldaps or starttls
Hi, I've got OID 11.1.1.1.0 running with SSL enabled on port 3132. It's running in mode 2, SSL Server Authentication mode (orclsslauthentication is set to 32). I'd like to setup my OEL 5.3 and Solaris 10 ldap clients to connect to OID using SSL for user authentication. I have everything already working on the non-SSL port (3060), but I need to switch over to SSL. So far I can't get it to work on either OEL or Solaris. Does anyone out there know how to configure the client to use SSL?
Here's my /etc/ldap.conf file on OEL 5.3.
timelimit 120
bind_timelimit 120
idle_timelimit 3600
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
URI ldaps://FQDN:3132/
port 3132
ssl yes
host FQDN
base dc=DOMAIN,dc=com
pam_password clear
tls_cacertdir /etc/oracle-certs
tls_cacertfile /etc/oracle-certs/oid-test-ca.pem
tls_ciphers SSLv3
# filter to AND with uid=%s
pam_filter objectclass=posixaccount
#The search scope
scope sub
I have /etc/nsswitch.conf set to check for files first, then ldap
passwd: files ldap
shadow: files ldap
group: files ldap
Here's my /etc/openldap/ldap.conf file
URI ldaps://FQDN:3132/
BASE dc=DOMAIN,dc=com
TLS_CACERT /etc/openldap/cacerts/oid-test-ca.pem
TLS_CACERTDIR /etc/openldap/cacerts
TLS_REQCERT allow
TLS_CIPHERS SSLv3
The oid-test-ca.pem is a self-signed cert from the OID server. I also have the hash file configured.
4224de9f.0 -> oid-test-ca.pem
I can run ldapsearch using ldaps and it works fine.
ldapsearch -v -d 1 -x -H ldaps://FQDN:3132 -b "dc=DOMAIN,dc=com" -D "cn=user,cn=users,dc=DOMAIN,dc=com" -w somepass -s sub objectclass=* | more
But when I run the 'getent passwd' command, it only shows me my local user accounts and none of my ldap accounts. I also can't SSH in using a ldap account.
Solaris 10 is actually a whole other beast...I'm using the native Solaris ldap client (not PADL based) and I don't think it even works with SSL unless you're using the default ports (389/636).
Does anyone out there know how to setup the client-side for ldap authentication using SSL? Any tips, howto docs, or advice are appreciated. Thanks!Hello again...
after some research and work together with Oracle Support I found out how to get it to work:
1. You have to create your own ConfigSet in OID using
SSL-Server-Authentication
(OpenSSL seems not to support SSL-encryption-only).
The following link shows on how to do that:
http://otn.oracle.com/products/oid/oidhtml/oidqs/html_masters/a_port01.htm
2. Add the following lines to your $HOME/ldaprc
TLS_CACERT /home/frank/oid-caroot.pem
TLS_REQCERT allow
TLS_CIPHERS SSLv3
ssl on
tls_checkpeer no
oid-caroot.pem is the CA-Root Certificate you got
during step 1
3. you should now be able to use ldapsearch using SSL
If you still can't connect using SSL you may have run into another issue with OpenSSL which affects systems using OpenSSL version 0.9.6d and above. The problem seems to be caused by an security fix which may not be compliant with the SSL implementation of Oracle.
I opened an Bug for that problem with RedHat. This Bug Description also includes an proposal for an Patch which solves the problem (but may introduce some security risks). See the Bug at RedHat:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123849
Bye
Frank Berger -
NmConnect() error when SSL enabled
Hello,
I am on welogic 10.3.2 and I am trying to create my domain to use SSL.
I created a domain and Admin server with SSL enabled. Before starting the admin server. I start the nodemanager and then try the nmConnect as below and i see this error. Please help.
nmConnect('weblogic','weblogic1','localhost','10001','../wldomain','skDomain')
weblogic.nodemanager.NMException: Configuration error while reading domain directory
at weblogic.nodemanager.client.NMServerClient.checkResponse(NMServerClient.java:299)
at weblogic.nodemanager.client.NMServerClient.checkResponse(NMServerClient.java:312)
at weblogic.nodemanager.client.NMServerClient.connect(NMServerClient.java:248)
at weblogic.nodemanager.client.NMServerClient.checkConnected(NMServerClient.java:199)
at weblogic.nodemanager.client.NMServerClient.checkConnected(NMServerClient.java:205)
at weblogic.nodemanager.client.NMServerClient.getVersion(NMServerClient.java:52)
at weblogic.management.scripting.NodeManagerService.verifyConnection(NodeManagerService.java:175)
at weblogic.management.scripting.NodeManagerService.nmConnect(NodeManagerService.java:169)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:Hello,
I am on welogic 10.3.2 and I am trying to create my domain to use SSL.
I created a domain and Admin server with SSL enabled. Before starting the admin server. I start the nodemanager and then try the nmConnect as below and i see this error. Please help.
nmConnect('weblogic','weblogic1','localhost','10001','../wldomain','skDomain')
weblogic.nodemanager.NMException: Configuration error while reading domain directory
at weblogic.nodemanager.client.NMServerClient.checkResponse(NMServerClient.java:299)
at weblogic.nodemanager.client.NMServerClient.checkResponse(NMServerClient.java:312)
at weblogic.nodemanager.client.NMServerClient.connect(NMServerClient.java:248)
at weblogic.nodemanager.client.NMServerClient.checkConnected(NMServerClient.java:199)
at weblogic.nodemanager.client.NMServerClient.checkConnected(NMServerClient.java:205)
at weblogic.nodemanager.client.NMServerClient.getVersion(NMServerClient.java:52)
at weblogic.management.scripting.NodeManagerService.verifyConnection(NodeManagerService.java:175)
at weblogic.management.scripting.NodeManagerService.nmConnect(NodeManagerService.java:169)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java: -
Applet with SSL Performance Issue
Hi All,
I tried posting this in the general java forum but I think it's more relavant in the Applet section. I have a program where JavaScript invokes an Applet which uses PrintService to retrieve a list of all the printers on the network and returns that string, the JS then does something with that String. The problem I'm seeing is that when a user tests this functionality without SSL enabled there are no issues. However, with SSL enabled, the first invocation of this functionality is successful but the second invocation always causes the CPU to spike to 50%. Any ideas what's happening here? Why is it spiking on the second call to this applet? Workarounds? Would it be possible to retrieve a list of printers directly with JS?
Thanks for your feedback.
Message was edited by:
javajiggswhat do you mean the sniffer trace is normal ?
Do you have the decrypted trace ?
It's important to know if the server sent an error message, or if the css corrupted the server response.
This should be seen in the trace.
Also, is the same client always having issue ?
Is it the only one ?
Can this client browse different webpages ?
Gilles. -
Upgrade Failed in WAE's from 4.1.5f to ver 4.2.3c with SSL Error.
Hi all,
I am in the process upgarding the OS from 4.1.5f to 4.2.3c . There was no issue upgarding the central manger.
While upgarding the other WAE's from the CM and also from the CLI there is an Alarm as below.
Alarm ID Module/Submodule Instance
1 mstore_key_retrieval cms ssl_mstore_key
2 mstore_key_failure sslao mstore_key_failure
Also the central manager shows that devices offline.
Thanks for your help
DhanaHi Dhana,
Please apply following commands from CLI on the WAEs that are hsowing up this error:
1. cms disable on WAE. commnd: CM deregister OR CMS deregister force
2. delete the device from CM
4.Apply following commands to WAE:
WAE-674-1(config)#no accelerator ssl enable
Disabled ssl accelerator.
WAE-674-1(config)#end
WAE-674-1#crypto pki managed-store initialize
All certificate/private keys in SSL managed store will be deleted and optimized SSL traffic will be interrupted. Are you sure you want to continue(yes/no)? [no]:yes
SSL managed store token file not present. Continuing with deletion of certificates in SSL managed store
Restarting SSL accelerator. Done.
WAE-674-1#conf t
WAE-674-1(config)# accelerator ssl enable
Enabled ssl accelerator
WAE-674-1(config)#cms enable
Hope this helps.
Regards.
PS: Please mark this Answered, if it resolves the issue.
Maybe you are looking for
-
How to remove a 3inch CD from the slot loading drive??
I have am external adapter for various IDE external devices. The drivers came on a 3 inch CD.I put the CD in the slot it did not appear to go all the in and it will not eject using the normal methods. Anyone run into this situation?? Bob
-
My iPhone5s vibration was good but suddenly came so weak, what's wrong with my iPhone?
I know there are a lot of types of vibrations, but I didin't change anything about two monts, and as I said suddenly my vibration gone bad, so weak. What is the problem and what to do?
-
Function Module for getting the desired date
Hi All, I need a function module where in get the date value from Current date - 540 days. i,e System Date - 540 days = ???? Thanks Suresh
-
How to print company logo in Excel/ PDF after Enhancement Pack 1?
Hi all, I realise this topic has come up time and time again but apparently this functionality has changed after Enhancement Pack 1 for BW....? My problem is simple. I have a series of reports on our portal, formatted using the WAD, and there is a c
-
ScrollRectToVisible don�t work after jpanel.add(component)
Hi, sorry if this question is allready solved but I coundn�t find a hind. I have a JPanel that is attached to an scrollPane. I add several JPanels depending on what data the user selects to this JPanel. Without intervention the Panel is then scrolled