Error 90548: Disabling SSL constraint checking
I'm trying to setup some LDAPAuthenticators (WLS 10.1) to connect securely with SSL. All the servers have valid keystores they use already, so I just switched to port 636, checked the SSLEnabled box, and setup a user and credential to connect as. But when the Admin server starts, it gives the error:
<090548> The certificate chain received from peer contained a V3 CA certificate which was missing the basic constraints extension.
Looking at the error codes, it says a work around is "...disable the basic constraints checking to allow the certificate chain to be accepted..." but I cannot find this anywhere in the admin console. Does anyone know what property this is talking about?
Mike
Update
Found out it's a command line switch: -Dweblogic.security.SSL.enforceConstraints=off
http://edocs.bea.com/wls/docs100/secmanage/ssl.html#wp1194486
Edited by: prattm on Feb 4, 2009 7:51 PM
Any one has any idea??/
Similar Messages
-
I'm getting "Init: SSL call to NZ function nzos_OpenWallet failed with error 29248" error in log file HTTP_Server~1 while starting OHS (using opmnctl startall).
I created a Wallet with auto login option checked. I was able to create certificate Request and got a certificate from verisign (14 days Validity). I imported Root certificate and intermediate certificate from verisign into the wallet and then successfully imported the trial certificate. After saving the wallet in default location I got 2 files (cwallet.sso and ewallet.p12) there.
Configuration in opmn.xml is :
<ias-component id="HTTP_Server">
<process-type id="HTTP_Server" module-id="OHS">
<environment>
<variable id="PERL5LIB" value="D:\product\10.1.3\OracleAS_1\Apache\Apache\mod_perl\site\5.8.3\lib\MSWin32-x86-multi-thread;$ORACLE_HOME\perl\5.8.3\lib;$ORACLE_HOME\perl\site\5.8.3\lib"/>
<variable id="PHPRC" value="D:\product\10.1.3\OracleAS_1\Apache\Apache\conf"/>
<variable id="PATH"
value="$ORACLE_HOME\Perl\5.8.3\bin\MSWin32-x86-multi-thread" append="true"/>
</environment>
<module-data>
<category id="start-parameters">
<data id="start-mode" value="ssl-enabled"/>
</category>
</module-data>
<process-set id="HTTP_Server" numprocs="1"/>
</process-type>
</ias-component>
my httpd.conf file is as follows:
## httpd.conf -- Apache HTTP server configuration file
# Based upon the NCSA server configuration files originally by Rob McCool.
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://www.apache.org/docs/> for detailed information about
# the directives.
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
# After this file is processed, the server will look for and process
# D:\product\10.1.3\OracleAS_1\Apache\Apache/conf/srm.conf and then D:\product\10.1.3\OracleAS_1\Apache\Apache/conf/access.conf
# unless you have overridden these with ResourceConfig and/or
# AccessConfig directives here.
# The configuration directives are grouped into three basic sections:
# 1. Directives that control the operation of the Apache server process as a
# whole (the 'global environment').
# 2. Directives that define the parameters of the 'main' or 'default' server,
# which responds to requests that aren't handled by a virtual host.
# These directives also provide default values for the settings
# of all virtual hosts.
# 3. Settings for virtual hosts, which allow Web requests to be sent to
# different IP addresses or hostnames and have them handled by the
# same Apache server process.
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do not begin
# with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
# with ServerRoot set to "D:\product\10.1.3\OracleAS_1\Apache\Apache" will be interpreted by the
# server as "D:\product\10.1.3\OracleAS_1\Apache\Apache/logs/foo.log".
# NOTE: Where filenames are specified, you must use forward slashes
# instead of backslashes (e.g., "c:/apache" instead of "c:\apache").
# If a drive letter is omitted, the drive on which Apache.exe is located
# will be used by default. It is recommended that you always supply
# an explicit drive letter in absolute paths, however, to avoid
# confusion.
### Section 1: Global Environment
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests it can handle or where it
# can find its configuration files.
# ServerType is either inetd, or standalone. Inetd mode is only supported on
# Unix platforms.
ServerType standalone
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
# Do NOT add a slash at the end of the directory path.
ServerRoot "D:\product\10.1.3\OracleAS_1\Apache\Apache"
# PidFile: The file in which the server should record its process
# identification number when it starts.
PidFile logs/httpd.pid
# ScoreBoardFile: File used to store internal server process information.
# Not all architectures require this. But if yours does (you'll know because
# this file will be created when you run Apache) then you must ensure that
# no two invocations of Apache share the same scoreboard file.
ScoreBoardFile logs/httpd.scoreboard
# In the standard configuration, the server will process httpd.conf (this
# file, specified by the -f command line option), srm.conf, and access.conf
# in that order. The latter two files are now distributed empty, as it is
# recommended that all directives be kept in a single file for simplicity.
# The commented-out values below are the built-in defaults. You can have the
# server ignore these files altogether by using "/dev/null" (for Unix) or
# "nul" (for Win32) for the arguments to the directives.
#ResourceConfig conf/srm.conf
#AccessConfig conf/access.conf
# Timeout: The number of seconds before receives and sends time out.
Timeout 300
# SendBufferSize: controls setsockopt() call made to set send buffer size on
# all sockets. Default OS value on most Windows platforms is too small.
# Larger values can help if the average page size served by OHS is
# large (~64 k)
SendBufferSize 16384
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
KeepAlive On
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
MaxKeepAliveRequests 100
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
KeepAliveTimeout 15
# Apache on Win32 always creates one child process to handle requests. If it
# dies, another child process is created automatically. Within the child
# process multiple threads handle incoming requests. The next two
# directives control the behaviour of the threads and processes.
# MaxRequestsPerChild: the number of requests each child process is
# allowed to process before the child dies. The child will exit so
# as to avoid problems after prolonged use when Apache (and maybe the
# libraries it uses) leak memory or other resources. On most systems, this
# isn't really needed, but a few (such as Solaris) do have notable leaks
# in the libraries. For Win32, set this value to zero (unlimited)
# unless advised otherwise.
# NOTE: This value does not include keepalive requests after the initial
# request per connection. For example, if a child process handles
# an initial request and 10 subsequent "keptalive" requests, it
# would only count as 1 request towards this limit.
MaxRequestsPerChild 0
# Number of concurrent threads (i.e., requests) the server will allow.
# Set this value according to the responsiveness of the server (more
# requests active at once means they're all handled more slowly) and
# the amount of system resources you'll allow the server to consume.
ThreadsPerChild 50
# Server-pool size regulation. Rather than making you guess how many
# server processes you need, Apache dynamically adapts to the load it
# sees --- that is, it tries to maintain enough server processes to
# handle the current load, plus a few spare servers to handle transient
# load spikes (e.g., multiple simultaneous requests from a single
# Netscape browser).
# It does this by periodically checking how many servers are waiting
# for a request. If there are fewer than MinSpareServers, it creates
# a new spare. If there are more than MaxSpareServers, some of the
# spares die off. The default values are probably OK for most sites.
#MinSpareServers 5
#MaxSpareServers 20
# Limit on total number of servers running, i.e., limit on the number
# of clients who can simultaneously connect --- if this limit is ever
# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
# It is intended mainly as a brake to keep a runaway server from taking
# the system with it as it spirals down...
#MaxClients 150
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the <VirtualHost>
# directive.
#Listen 3000
#Listen 12.34.56.78:80
# BindAddress: You can support virtual hosts with this option. This directive
# is used to tell the server which IP address to listen to. It can either
# contain "*", an IP address, or a fully qualified Internet domain name.
# See also the <VirtualHost> and Listen directives.
#BindAddress *
# Dynamic Shared Object (DSO) Support
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available before they are used.
# Please read the file README.DSO in the Apache 1.3 distribution for more
# details about the DSO mechanism and run `apache -l' for the list of already
# built-in (statically linked and thus always available) modules in your Apache
# binary.
# Note: The order in which modules are loaded is important. Don't change
# the order below without expert advice.
# Example:
# LoadModule foo_module libexec/mod_foo.dll
LoadModule mime_magic_module modules/ApacheModuleMimeMagic.dll
LoadModule mime_module modules/ApacheModuleMime.dll
LoadModule dbm_auth_module modules/ApacheModuleAuthDBM.dll
LoadModule digest_auth_module modules/ApacheModuleAuthDigest.dll
LoadModule anon_auth_module modules/ApacheModuleAuthAnon.dll
LoadModule cern_meta_module modules/ApacheModuleCERNMeta.dll
LoadModule digest_module modules/ApacheModuleDigest.dll
LoadModule expires_module modules/ApacheModuleExpires.dll
LoadModule headers_module modules/ApacheModuleHeaders.dll
LoadModule proxy_module modules/ApacheModuleProxy.dll
LoadModule speling_module modules/ApacheModuleSpeling.dll
LoadModule status_module modules/ApacheModuleStatus.dll
LoadModule info_module modules/ApacheModuleInfo.dll
LoadModule usertrack_module modules/ApacheModuleUserTrack.dll
LoadModule vhost_alias_module modules/ApacheModuleVhostAlias.dll
LoadModule agent_log_module modules/ApacheModuleLogAgent.dll
LoadModule referer_log_module modules/ApacheModuleLogReferer.dll
LoadModule perl_module modules/ApacheModulePerl.DLL
LoadModule fastcgi_module modules/ApacheModuleFastCGI.dll
LoadModule php4_module modules/ApacheModulePHP4.dll
LoadModule onsint_module modules/ApacheModuleOnsint.dll
LoadModule wchandshake_module modules/ApacheModuleWchandshake.dll
ClearModuleList
AddModule mod_so.c
AddModule mod_onsint.c
AddModule mod_mime_magic.c
AddModule mod_mime.c
AddModule mod_access.c
AddModule mod_auth.c
AddModule mod_negotiation.c
AddModule mod_include.c
AddModule mod_autoindex.c
AddModule mod_dir.c
AddModule mod_cgi.c
#AddModule mod_userdir.c
AddModule mod_alias.c
AddModule mod_env.c
AddModule mod_log_config.c
AddModule mod_asis.c
AddModule mod_imap.c
AddModule mod_actions.c
AddModule mod_setenvif.c
AddModule mod_isapi.c
AddModule mod_vhost_alias.c
AddModule mod_log_referer.c
AddModule mod_log_agent.c
AddModule mod_auth_anon.c
AddModule mod_auth_dbm.c
AddModule mod_auth_digest.c
AddModule mod_cern_meta.c
AddModule mod_digest.c
AddModule mod_expires.c
AddModule mod_headers.c
AddModule mod_proxy.c
AddModule mod_speling.c
AddModule mod_info.c
AddModule mod_status.c
AddModule mod_usertrack.c
AddModule mod_perl.c
AddModule mod_fastcgi.c
AddModule mod_php4.c
AddModule mod_wchandshake.c
<IfDefine SSL>
LoadModule ossl_module modules/ApacheModuleOSSL.DLL
</IfDefine>
# ExtendedStatus controls whether Apache will generate "full" status
# information (ExtendedStatus On) or just basic information (ExtendedStatus
# Off) when the "server-status" handler is called. The default is Off.
ExtendedStatus On
### Section 2: 'Main' server configuration
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
# Port: The port to which the standalone server listens. Certain firewall
# products must be configured before Apache can listen to a specific port.
# Other running httpd servers will also interfere with this port. Disable
# all firewall, security, and other services if you encounter problems.
# To help diagnose problems use the Windows NT command NETSTAT -a
Port 7777
Listen 7777
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents.
ServerAdmin [email protected]
# ServerName allows you to set a host name which is sent back to clients for
# your server if it's different than the one the program would get (i.e., use
# "www" instead of the host's real name).
# Note: You cannot just invent host names and hope they work. The name you
# define here must be a valid DNS name for your host. If you don't understand
# this, ask your network administrator.
# If your host doesn't have a registered DNS name, enter its IP address here.
# You will have to access it by its address (e.g., http://123.45.67.89/)
# anyway, and this will make redirections work in a sensible way.
# 127.0.0.1 is the TCP/IP local loop-back address, often named localhost. Your
# machine always knows itself by this address. If you use Apache strictly for
# local testing and development, you may use 127.0.0.1 as the server name.
ServerName IFLMUD5DLHY4G.i-flex.com
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
DocumentRoot "D:\product\10.1.3\OracleAS_1\Apache\Apache\htdocs"
# Each directory to which Apache has access, can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
# First, we configure the "default" to be a very restrictive set of
# permissions.
<Directory />
Options FollowSymLinks MultiViews
AllowOverride None
</Directory>
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
# This should be changed to whatever you set DocumentRoot to.
<Directory "D:\product\10.1.3\OracleAS_1\Apache\Apache\htdocs">
# This may also be "None", "All", or any combination of "Indexes",
# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
# Note that "MultiViews" must be named explicitly --- "Options All"
# doesn't give it to you.
Options FollowSymLinks MultiViews
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"
AllowOverride None
# Controls who can get stuff from this server.
Order allow,deny
Allow from all
</Directory>
# UserDir: The name of the directory which is appended onto a user's home
# directory if a ~user request is received.
# Under Win32, we do not currently try to determine the home directory of
# a Windows login, so a format such as that below needs to be used. See
# the UserDir documentation for details.
<IfModule mod_userdir.c>
UserDir "D:\product\10.1.3\OracleAS_1\Apache\Apache\users\"
</IfModule>
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#<Directory /home/*/public_html>
# AllowOverride FileInfo AuthConfig Limit
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
# <Limit GET POST OPTIONS PROPFIND>
# Order allow,deny
# Allow from all
# </Limit>
# <LimitExcept GET POST OPTIONS PROPFIND>
# Order deny,allow
# Deny from all
# </LimitExcept>
#</Directory>
# DirectoryIndex: Name of the file or files to use as a pre-written HTML
# directory index. Separate multiple entries with spaces.
<IfModule mod_dir.c>
DirectoryIndex index.html
</IfModule>
# AccessFileName: The name of the file to look for in each directory
# for access control information.
AccessFileName .htaccess
# The following lines prevent .htaccess files from being viewed by
# Web clients. Since .htaccess files often contain authorization
# information, access is disallowed for security reasons. Comment
# these lines out if you want Web visitors to see the contents of
# .htaccess files. If you change the AccessFileName directive above,
# be sure to make the corresponding changes here.
# Also, folks tend to use names such as .htpasswd for password
# files, so this will protect those as well.
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
# CacheNegotiatedDocs: By default, Apache sends "Pragma: no-cache" with each
# document that was negotiated on the basis of content. This asks proxy
# servers not to cache the document. Uncommenting the following line disables
# this behavior, and proxies will be allowed to cache the documents.
#CacheNegotiatedDocs
# UseCanonicalName: (new for 1.3) With this setting turned on, whenever
# Apache needs to construct a self-referencing URL (a URL that refers back
# to the server the response is coming from) it will use ServerName and
# Port to form a "canonical" name. With this setting off, Apache will
# use the hostname:port that the client supplied, when possible. This
# also affects SERVER_NAME and SERVER_PORT in CGI scripts.
UseCanonicalName On
# TypesConfig describes where the mime.types file (or equivalent) is
# to be found.
<IfModule mod_mime.c>
TypesConfig conf/mime.types
</IfModule>
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
DefaultType text/plain
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
# mod_mime_magic is not part of the default server (you have to add
# it yourself with a LoadModule [see the DSO paragraph in the 'Global
# Environment' section], or recompile the server and include mod_mime_magic
# as part of the configuration), so it's enclosed in an <IfModule> container.
# This means that the MIMEMagicFile directive will only be processed if the
# module is part of the server.
<IfModule mod_mime_magic.c>
MIMEMagicFile conf/magic
</IfModule>
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
HostnameLookups Off
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you do define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
ErrorLog "|D:\product\10.1.3\OracleAS_1\Apache\Apache\bin\rotatelogs logs/error_log 43200"
# LogLevel: Control the number of messages logged to the error.log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
# Alternate "common" format to use when fronted by webcache:
# LogFormat "%{ClientIP}i %l %u %t \"%r\" %>s %b %h" common_webcache
# When webcache is forwarding requests to OHS, %h becomes the IP of
# the originating webcache server and the real client IP is stored
# in the ClientIP header. The common_webcache format can be used
# in place of the common format when using webcache but with one
# important caveat: if clients are capable of bypassing webcache
# then it is possible to spoof the client IP by manually setting
# the ClientIP header so the %h field should be monitored in such
# an environment. Another alternative to specifying the ClientIP
# header directly in a LogFormat is to use the "UseWebCacheIp"
# directive:
# UseWebCacheIp On
# When this is specified, %h is derived internally from the ClientIP
# header and the access log format does not need to be modified.
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you do
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and not in this file.
CustomLog "|D:\product\10.1.3\OracleAS_1\Apache\Apache\bin\rotatelogs logs/access_log 43200" common
# If you would like to have agent and referer logfiles, uncomment the
# following directives.
#CustomLog logs/referer.log referer
#CustomLog logs/agent.log agent
# If you prefer a single logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#CustomLog logs/access.log combined
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (error documents, FTP directory listings,
# mod_status and mod_info output etc., but not CGI generated documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
ServerSignature On
# Apache parses all CGI scripts for the shebang line by default.
# This comment line, the first line of the script, consists of the symbols
# pound (#) and exclamation (!) followed by the path of the program that
# can execute this specific script. For a perl script, with perl.exe in
# the C:\Program Files\Perl directory, the shebang line should be:
#!c:/program files/perl/perl
# Note you mustnot_ indent the actual shebang line, and it must be the
# first line of the file. Of course, CGI processing must be enabled by
# the appropriate ScriptAlias or Options ExecCGI directives for the files
# or directory in question.
# However, Apache on Windows allows either the Unix behavior above, or can
# use the Registry to match files by extention. The command to execute
# a file of this type is retrieved from the registry by the same method as
# the Windows Explorer would use to handle double-clicking on a file.
# These script actions can be configured from the Windows Explorer View menu,
# 'Folder Options', and reviewing the 'File Types' tab. Clicking the Edit
# button allows you to modify the Actions, of which Apache 1.3 attempts to
# perform the 'Open' Action, and failing that it will try the shebang line.
# This behavior is subject to change in Apache release 2.0.
# Each mechanism has it's own specific security weaknesses, from the means
# to run a program you didn't intend the website owner to invoke, and the
# best method is a matter of great debate.
# To enable the this Windows specific behavior (and therefore -disable- the
# equivilant Unix behavior), uncomment the following directive:
#ScriptInterpreterSource registry
# The directive above can be placed in individual <Directory> blocks or the
# .htaccess file, with either the 'registry' (Windows behavior) or 'script'
# (Unix behavior) option, and will override this server default option.
# Aliases: Add here as many aliases as you need (with no limit). The format is
# Alias fakename realname
<IfModule mod_alias.c>
# Note that if you include a trailing / on fakename then the server will
# require it to be present in the URL. So "/icons" isn't aliased in this
# example, only "/icons/"..
Alias /icons/ "D:\product\10.1.3\OracleAS_1\Apache\Apache\icons/"
Alias /javacachedocs/ "D:\product\10.1.3\OracleAS_1\javacache\javadoc/"
<IfModule mod_perl.c>
Alias /perl/ "D:\product\10.1.3\OracleAS_1\Apache\Apache/cgi-bin/"
</IfModule>
<Directory "icons">
Options MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the realname directory are treated as applications and
# run by the server when requested rather than as documents sent to the client.
# The same rules about trailing "/" apply to ScriptAlias directives as to
# Alias.
ScriptAlias /cgi-bin/ "D:\product\10.1.3\OracleAS_1\Apache\Apache\cgi-bin/"
# "D:\product\10.1.3\OracleAS_1\Apache\Apache/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
<Directory "D:\product\10.1.3\OracleAS_1\Apache\Apache\cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
</IfModule>
# End of aliases.
# Redirect allows you to tell clients about documents which used to exist in
# your server's namespace, but do not anymore. This allows you to tell the
# clients where to look for the relocated document.
# Format: Redirect old-URI new-URL
# Directives controlling the display of server-generated directory listings.
<IfModule mod_autoindex.c>
# FancyIndexing is whether you want fancy directory indexing or standard
# Note, add the option TrackModified to the IndexOptions default list only
# if all indexed directories reside on NTFS volumes. The TrackModified flag
# will report the Last-Modified date to assist caches and proxies to properly
# track directory changes, but it does not work on FAT volumes.
IndexOptions FancyIndexing
# AddIcon* directives tell the server which icon to show for different
# files or filename extensions. These are only displayed for
# FancyIndexed directories.
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
# DefaultIcon is which icon to show for files which do not have an icon
# explicitly set.
DefaultIcon /icons/unknown.gif
# AddDescription allows you to place a short description after a file in
# server-generated indexes. These are only displayed for FancyIndexed
# directories.
# Format: AddDescription "description" filename
#AddDescription "GZIP compressed document" .gz
#AddDescription "tar archive" .tar
#AddDescription "GZIP compressed tar archive" .tgz
# ReadmeName is the name of the README file the server will look for by
# default, and append to directory listings.
# HeaderName is the name of a file which should be prepended to
# directory indexes.
# If MultiViews are amongst the Options in effect, the server will
# first look for name.html and include it if found. If name.html
# doesn't exist, the server will then look for name.txt and include
# it as plaintext if found.
ReadmeName README
HeaderName HEADER
# IndexIgnore is a set of filenames which directory indexing should ignore
# and not include in the listing. Shell-style wildcarding is permitted.
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
</IfModule>
# End of indexing directives.
# Document types.
<IfModule mod_mime.c>
# AddEncoding allows you to have certain browsers (Mosaic/X 2.1+) uncompress
# information on the fly. Note: Not all browsers support this.
# Despite the name similarity, the following Add* directives have nothing
# to do with the FancyIndexing customization directives above.
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz
# AddLanguage allows you to specify the language of a document. You can
# then use content negotiation to give a browser a file in a language
# it can understand.
# Note 1: The suffix does not have to be the same as the language
# keyword --- those with documents in Polish (whose net-standard
# language code is pl) may wish to use "AddLanguage pl .po" to
# avoid the ambiguity with the common suffix for perl scripts.
# Note 2: The example entries below illustrate that in quite
# some cases the two character 'Language' abbriviation is not
# identical to the two character 'Country' code for its country,
# E.g. 'Danmark/dk' versus 'Danish/da'.
# Note 3: In the case of 'ltz' we violate the RFC by using a three char
# specifier. But there is 'work in progress' to fix this and get
# the reference data for rfc1766 cleaned up.
# Danish (da) - Dutch (nl) - English (en) - Estonian (ee)
# French (fr) - German (de) - Greek-Modern (el)
# Italian (it) - Korean (kr) - Norwegian (no)
# Portugese (pt) - Luxembourgeois* (ltz)
# Spanish (es) - Swedish (sv) - Catalan (ca) - Czech(cz)
# Polish (pl) - Brazilian Portuguese (pt-br) - Japanese (ja)
# Russian (ru)
AddLanguage ar .ar
AddLanguage da .dk .da
AddLanguage nl .nl
AddLanguage en .en
AddLanguage et .ee
AddLanguage fi .fi
AddLanguage fr .fr
AddLanguage de .de
AddLanguage el .el
AddLanguage es .es_ES .es
AddLanguage he .he .iw
AddLanguage hu .hu
AddCharset ISO-8859-8 .iso8859-8
AddLanguage it .it
AddLanguage ja .ja
AddCharset ISO-2022-JP .jis
AddLanguage ko .ko
AddLanguage kr .kr
AddCharset ISO-2022-KR .iso-kr
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddCharset ISO-8859-2 .iso-pl
AddLanguage pt .pt
AddLanguage pt-br .pt_BR .pt-br
AddLanguage ltz .lu
AddLanguage ca .ca
AddLanguage sk .sk
AddLanguage sv .sv
AddLanguage th .th
AddLanguage tr .tr
AddLanguage cz .cz .cs
AddLanguage ro .ro
AddLanguage ru .ru
AddLanguage zh-cn .zh_CN
AddLanguage zh-tw .zh_TW
AddCharset Big5 .Big5 .big5
AddCharset WINDOWS-1251 .cp-1251
AddCharset CP866 .cp866
AddCharset ISO-8859-5 .iso-ru
AddCharset KOI8-R .koi8-r
AddCharset UCS-2 .ucs2
AddCharset UCS-4 .ucs4
AddCharset UTF-8 .utf8
# LanguagePriority allows you to give precedence to some languages
# in case of a tie during content negotiation.
# Just list the languages in decreasing order of preference. We have
# more or less alphabetized them here. You probably want to change this.
<IfModule mod_negotiation.c>
LanguagePriority ar en da nl et fi fr de el it ja ko kr no pl pt pt-br ro ru ltz ca es sk sv th tr zh-cn zh-tw zh-cn
</IfModule>
# AddType allows you to tweak mime.types without actually editing it, or to
# make certain files to be certain types.
# For example, the PHP 3.x module (not part of the Apache distribution - see
# http://www.php.net) will typically use:
#AddType application/x-httpd-php3 .php3
#AddType application/x-httpd-php3-source .phps
# And for PHP 4.x, use:
AddType application/x-httpd-php .php .phtml
AddType application/x-httpd-php-source .phps
AddType application/x-tar .tgz
# AddHandler allows you to map certain file extensions to "handlers",
# actions unrelated to filetype. These can be either built into the server
# or added with the Action command (see below)
# If you want to use server side includes, or CGI outside
# ScriptAliased directories, uncomment the following lines.
# To use CGI scripts:
#AddHandler cgi-script .cgi
# To use server-parsed HTML files
#AddType text/html .shtml
#AddHandler server-parsed .shtml
# Uncomment the following line to enable Apache's send-asis HTTP file
# feature
#AddHandler send-as-is asis
# If you wish to use server-parsed imagemap files, use
#AddHandler imap-file map
# To enable type maps, you might want to use
#AddHandler type-map var
</IfModule>
# End of document types.
# Action lets you define media types that will execute a script whenever
# a matching file is called. This eliminates the need for repeated URL
# pathnames for oft-used CGI file processors.
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location
# MetaDir: specifies the name of the directory in which Apache can find
# meta information files. These files contain additional HTTP headers
# to include when sending the document
#MetaDir .web
# MetaSuffix: specifies the file name suffix for the file containing the
# meta information.
#MetaSuffix .meta
# Customizable error response (Apache style)
# these come in three flavors
# 1) plain text
#ErrorDocument 500 "The server made a boo boo.
# n.b. the single leading (") marks it as text, it does not get output
# 2) local redirects
#ErrorDocument 404 /missing.html
# to redirect to local URL /missing.html
#ErrorDocument 404 /cgi-bin/missing_handler.pl
# N.B.: You can redirect to a script or a document using server-side-includes.
# 3) external redirects
#ErrorDocument 402 http://some.other_server.com/subscription_info.html
# N.B.: Many of the environment variables associated with the original
# request will not be available to such a script.
# Customize behaviour based on the browser
<IfModule mod_setenvif.c>
# The following directives modify normal HTTP response behavior.
# The first directive disables keepalive for Netscape 2.x and browsers that
# spoof it. There are known problems with these browser implementations.
# The second directive is for Microsoft Internet Explorer 4.0b2
# which has a broken HTTP/1.1 implementation and does not properly
# support keepalive when it is used on 301 or 302 (redirect) responses.
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
# The following directive disables HTTP/1.1 responses to browsers which
# are in violation of the HTTP/1.0 spec by not being able to grok a
# basic 1.1 response.
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
</IfModule>
# End of browser customization directives
# Allow server status reports, with the URL of http://servername/server-status
# Change the ".your_domain.com" to match your domain to enable.
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from localhost IFLMUD5DLHY4G.i-flex.com IFLMUD5DLHY4G
</Location>
# Allow remote server configuration reports, with the URL of
# http://servername/server-info (requires that mod_info.c be loaded).
# Change the ".your_domain.com" to match your domain to enable.
#<Location /server-info>
# SetHandler server-info
# Order deny,allow
# Deny from all
# Allow from .your_domain.com
#</Location>
# There have been reports of people trying to abuse an old bug from pre-1.1
# days. This bug involved a CGI script distributed as a part of Apache.
# By uncommenting these lines you can redirect these attacks to a logging
# script on phf.apache.org. Or, you can record them yourself, using the script
# support/phf_abuse_log.cgi.
#<Location /cgi-bin/phf*>
# Deny from all
# ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi
#</Location>
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#<IfModule mod_proxy.c>
# ProxyRequests On
# <Directory proxy:*>
# Order deny,allow
# Deny from all
# Allow from .your_domain.com
# </Directory>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
# ProxyVia On
# To enable the cache as well, edit and uncomment the following lines:
# (no cacheing without CacheRoot)
# CacheRoot "D:\product\10.1.3\OracleAS_1\Apache\Apache\proxy"
# CacheSize 5
# CacheGcInterval 4
# CacheMaxExpire 24
# CacheLastModifiedFactor 0.1
# CacheDefaultExpire 1
# NoCache a_domain.com another_domain.edu joes.garage_sale.com
#</IfModule>
# End of proxy directives.
### Section 3: Virtual Hosts
# VirtualHost: If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
# Please see the documentation at <URL:http://www.apache.org/docs/vhosts/>
# for further details before you try to setup virtual hosts.
# You may use the command line option '-S' to verify your virtual host
# configuration.
# Use name-based virtual hosting.
#NameVirtualHost *
#NameVirtualHost 12.34.56.78:80
#NameVirtualHost 12.34.56.78
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#<VirtualHost *>
# ServerAdmin [email protected]
# DocumentRoot /www/docs/dummy-host.example.com
# ServerName dummy-host.example.com
# ErrorLog logs/dummy-host.example.com-error_log
# CustomLog logs/dummy-host.example.com-access_log common
#</VirtualHost>
#<VirtualHost default:*>
#</VirtualHost>
# Required for cgi perl scripts that are run from /cgi-bin/.
SetEnv PERL5LIB "D:\product\10.1.3\OracleAS_1\perl\5.8.3\lib;D:\product\10.1.3\OracleAS_1\perl\site\5.8.3\lib"
<IfModule mod_perl.c>
# Perl Directives
# PerlWarn On
# PerlFreshRestart On
# PerlSetEnv PERL5OPT Tw
# PerlSetEnv PERL5LIB "D:\product\10.1.3\OracleAS_1\perl\5.8.3\lib;D:\product\10.1.3\OracleAS_1\perl\site\5.8.3\lib"
PerlModule Apache
# PerlModule Apache::Status
PerlModule Apache::Registry
# PerlModule Apache::CGI
# PerlModule Apache::DBI
# PerlRequire
<Location /perl>
SetHandler perl-script
PerlHandler Apache::Registry
AddHandler perl-script .pl
Options +ExecCGI
PerlSendHeader On
</Location>
# <Location /perl-status>
# SetHandler perl-script
# PerlHandler Apache::Status
# order deny,allow
# deny from all
# allow from localhost
# </Location>
</IfModule>
#Protect WEB-INF directory
<DirectoryMatch /WEB-INF/>
Order deny,allow
Deny from all
</DirectoryMatch>
# Setup of FastCGI module
<IfModule mod_fastcgi.c>
Alias /fastcgi/ "D:\product\10.1.3\OracleAS_1\Apache\Apache\fastcgi/"
ScriptAlias /fcgi-bin/ "D:\product\10.1.3\OracleAS_1\Apache\Apache\fcgi-bin/"
<Directory "D:\product\10.1.3\OracleAS_1\Apache\Apache\fcgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
SetHandler fastcgi-script
<IfModule mod_ossl.c>
SSLOptions +StdEnvVars
</IfModule>
</Directory>
</IfModule>
# Include the mod_oc4j configuration file
include "D:\product\10.1.3\OracleAS_1\Apache\Apache\conf\mod_oc4j.conf"
# Include the mod_dms configuration file
include "D:\product\10.1.3\OracleAS_1\Apache\Apache\conf\dms.conf"
# Loading rewrite_module here so it loads before mod_oc4j
LoadModule rewrite_module modules/ApacheModuleRewrite.dll
# Include the SSL definitions and Virtual Host container
include "D:\product\10.1.3\OracleAS_1\Apache\Apache\conf\ssl.conf"
# Include the mod_osso configuration file
#include "D:\product\10.1.3\OracleAS_1\Apache\Apache\conf\mod_osso.conf"
# Include the Oracle configuration file for custom settings
include "D:\product\10.1.3\OracleAS_1\Apache\Apache\conf\oracle_apache.conf"
my ssl.conf is as follows:
<IfDefine SSL>
## SSL Global Context
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First either `none'
# or `dbm:/path/to/file' for the mechanism to use and
# second the expiring timeout (in seconds).
#SSLSessionCache none
#SSLSessionCache dbm:logs\ssl_scache
#SSLSessionCache shmht:logs\ssl_scache(512000)
SSLSessionCache shmcb:logs\ssl_scache(512000)
# SessionCache Timeout:
# This directive sets the timeout in seconds for the information stored
# in the global/inter-process SSL Session Cache. It can be set as low as
# 15 for testing, but should be set to higher values like 300 in real life.
SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual explusion semaphore the
# SSL engine uses internally for inter-process synchronization.
SSLMutex sem
# Logging:
# The home of the dedicated SSL protocol logfile. Errors are
# additionally duplicated in the general error log file. Put
# this somewhere where it cannot be used for symlink attacks on
# a real server (i.e. somewhere where only root can write).
# Log levels are (ascending order: higher ones include lower ones):
# none, error, warn, info, trace, debug.
SSLLog logs\ssl_engine_log
SSLLogLevel warn
## SSL Virtual Host Context
# NOTE: this value should match the SSL Listen directive set previously in this
# file otherwise your virtual host will not respond to SSL requests.
# Some MIME-types for downloading Certificates and CRLs
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
## SSL Support
## When we also provide SSL we have to listen to the
## standard HTTP port (see above) and to the HTTPS port
# NOTE: if virtual hosts are used and you change a port value below
# from the original value, be sure to update the default port used
# for your virtual hosts as well.
Listen 443
<VirtualHost IFLMUD5DLHY4G.i-flex.com:443>
# General setup for the virtual host
DocumentRoot "D:\product\10.1.3\OracleAS_1\Apache\Apache\htdocs"
ServerName IFLMUD5DLHY4G.i-flex.com
#ServerAdmin [email protected]
ErrorLog "|D:\product\10.1.3\OracleAS_1\Apache\Apache\bin\rotatelogs logs/error_log 43200"
TransferLog "|D:\product\10.1.3\OracleAS_1\Apache\Apache\bin\rotatelogs logs/access_log 43200"
Port 443
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
SSLCipherSuite ALL:!ADH:!EXPORT56:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
# Server Wallet:
# The server wallet contains the server's certificate, private key
# and trusted certificates. Set SSLWallet at the wallet directory
# using the syntax: file:<path-to-wallet-directory>
SSLWallet D:\product\10.1.3\OracleAS_1\Apache\Apache\conf\ssl.wlt\default\ewallet.p12
#SSLWalletPassword iflex2007
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath conf\ssl.crl
#SSLCARevocationFile conf\ssl.crl\ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional and require
SSLVerifyClient optional
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o CompatEnvVars:
# This exports obsolete environment variables for backward compatibility
# to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this
# to provide compatibility to existing CGI scripts.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions FakeBasicAuth ExportCertData CompatEnvVars StrictRequire
<Files ~ "\.(cgi|shtml)$">
SSLOptions +StdEnvVars
</Files>
<Directory "D:\product\10.1.3\OracleAS_1\Apache\Apache\cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent "MSIE" nokeepalive ssl-unclean-shutdown
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog "|D:\product\10.1.3\OracleAS_1\Apache\Apache\bin\rotatelogs logs/ssl_request_log 43200" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
</IfDefine>
Please help me rectifying this error.
Thanks a lot in advance.Hi,
Found a note explaining the significance of these errors.
It says:
"NZE-28862: SSL connection failed
Cause: This error occurred because the peer closed the connection.
Action: Enable Oracle Net tracing on both sides and examine the trace output. Contact Oracle Customer support with the trace output."
For further details you may refer the Note: 244527.1 - Explanation of "SSL call to NZ function nzos_Handshake failed" error codes
Thanks & Regards,
Sindhiya V. -
How to disable Outlook for checking for IMAP/POP3 Certificate Name Mismatch?
I have outlook clients that are connected to an IMAP/POP3 server that's off-site provided by company A.
Company A requires me to enter imap.companya.com for imap server address and 993 for the port.
I must also enable SSL for the connection.
When I do this, Outlook pops up an error message (shown below), that must be reacted to every time it checks for mail.
The reason is that the certificate is for myserver.companya123.com and that's different than imap.companya.com but company A wont change it. They said I need to disable my email programs certificate check so it doesn't keep prompting
me. Now I can do this with my iphone, and other email programs without incident. But I cannot find where to disable it in outlook.
If I change the imap server address in my account settings for outlook to instead use myserver.company a123.com, outlook can't connect and as the vendor said I must use imap.companya.com as the imap server address.
I need to be able to connect via SSL (so nobody can swipe my password over the wire) but not have to react 1000x a day to the certificate warnings.
I don't want to use Eudora, or another email client that allows me to easily disable the warning. I want to use outlook. How do I set outlook so it doesn't keep popping up these certificate server name mismatch warnings?
I spent days searching for a fix, and it seems there are fixes via the registry for just about every type of certificate issue, but NOT THIS PARTICULAR ONE.
I am hoping someone knows exactly what I am talking about and knows of a easy fix. I must use SSL so please don't tell me to disable SSL.
What I need is to disable outlook from presenting that alert. That's what I need to do. No other solution will suffice. I hope outlook does not have a product limitation that prevents such a thing from being done. I am ok with a registry fix if need be, but
being able to disable outlook from presenting certificate name mismatch alerts is critical. Hope its possible! Thanks!Hi,
I would suggest we try the registry key mentioned in this
article (Method 4) to configure Outlook to allow the connection to the mismatched domain name, and see if it works:
HKEY_CURRENT_USER\Software\Microsoft\Office\<var>xx</var>.0\Outlook\AutoDiscover\RedirectServers
Let me know if this doesn't work.
Regards,
Ethan Hua
Forum Support
Come back and mark the replies as answers if they help and unmark them if they provide no help.
If you have any feedback on our support, please click
here -
Can I disable a constraint in a stored procedure
Hi,
I wish to disable a constraint and then enable after I do a certain insert into a database, In my procedure I put the 'ALTER ..DISABLE' command straight after the begin and the the 'ALTER..ENABLE' just before the exit command but I keep getting a compile error. Any suggestions?Since ALTER TABLE is DDL, you would have to use dynamic SQL in order to call it from PL/SQL, i.e.
BEGIN
EXECUTE IMMEDIATE 'ALTER TABLE ... DISABLE';
<<do something>>
EXECUTE IMMEDIATE 'ALTER TABLE ... ENABLE';
END;Of course, since you're executing DDL, you'll be implicitly committing after both dynamic SQL statements.
A better approach, though, may be declare the constraint to be deferrable and do
EXECUTE IMMEDIATE 'ALTER SESSION SET CONSTRAINTS = DEFERRED'since that doesn't implicitly commit. You can also avoid having to hard-code constraint names in strings in your code. Plus, the constraints will be automatically checked when you commit.
Justin -
Delete or disable ssl and https on exchange web url
Hi,
I disable by clear check box on Default Web Site --> SSL Settiings --> Require SSL
and also inseret my domain name example: http://mail.myexchange.com/owa in Exchange admin center Console --> Servers --> Virtual Directory --> owa
and also i change <add key="UseHttpsForWacUrl" value="true" /> to <add key="UseHttpsForWacUrl" value="false" /> in C:\Program Files\Microsoft\Exchange
Server\V15\ClientAccess\Owa\web
But, after this steps for removing https on my url i can use it. and after loggin in https mode i can delete https on my url manually but did't work good and i get this error when i want see my email body "Error: Your
request can't be completed right now. Please try again later."Hi S.Ali,
Have you restarted IIS after changing all the settings?
If not, please try to restart iis and check again.
Best regards,
Niko Cheng
TechNet Community Support -
Error with forign key constraints
hi
I have a .sql file which contains about 180 tables scripts . TO disable the contraints i ran the below script first
begin
for v in (select constraint_name, table_name from user_constraints where constraint_type = 'R')
loop
execute immediate
'alter table ' || v.table_name || ' disable constraint ' || v.constraint_name;
end loop;
end;
and then the .sql file by giving @filename.sql .Some of the scripts are getting executed but the one's having forign key references it is showing containt error foreign key check. but when i ran the above script ie the one to disable the foreign key check again and then ran each of these table scripts which showed error before manually it gets executed .why is this so? can anyone help me in solving this problem
Thanking you in advance
DinnyI have a .sql file which contains table scripts and i some of these tables there is foreign key referencesing other tables so when i am ruuning the script it is showing such tables(ie the tables that i am refering to) is not existing for eg below is one of the script from the .sql file
create table t_system_groups (
group_id NUMBER(11) not null,
group_name VARCHAR2(255) not null,
group_desc VARCHAR2(255),
parent_id NUMBER(11) default '0',
full_path VARCHAR2(255) default NULL,
CONSTRAINT pk_group_id_t_system_groups PRIMARY KEY (group_id),
CONSTRAINT uk_group_name_t_system_groups UNIQUE (group_name),
CONSTRAINT fk_t_system_groups FOREIGN KEY (parent_id) REFERENCES t_system_groups (group_id) ON DELETE CASCADE
Since i have run the script for disabling the constraints before running the .sql file then why is it showing such as error. also showing errors with drop table having references
for eg:
SQL> begin
2 for v in (select constraint_name, table_name from user_constraints where constraint_type = 'R'
3 loop
4 execute immediate
5 'alter table ' || v.table_name || ' disable constraint ' || v.constraint_name;
6 end loop;
7
8 end;
9 /
PL/SQL procedure successfully completed.
SQL> drop table t_system_groups;
drop table t_system_groups
ERROR at line 1:
ORA-02449: unique/primary keys in table referenced by foreign keys
Regards
dinny -
Apple Mail 8.2 disables SSL to POP3 server (Securityrisk)
Hi,
Setup
Computer:
OSX 10.10.2
Mail 8.2 (2070.6)
Mail server A
POP3 port 995 SSL
(Non SSL - port 110 - is disabled due to security reasons)
Mail server B
POP3 port 110
POP3 port 995 SSL
Summary
OSX Mail client removes SSL support on non regular intervals for POP3 connections. For the connections that support regular non SSL POP3 (port 110) this reduces the security, but the mail is available. This was noticed by me because one ISP has locked down their POP3 server to SSL only due to security reasons. After reenabling SSL on the connection (Mail -> Preferences -> Accounts -> Account in question -> Advanced) the connection remains with SSL support for a while, then it is removed again. As OS X Mail has no token to identify SSL or regular port 110 connection this is transparant to the user, unless the server does not support regular POP3, at which time a error is generated.
Comments
1) This seems to be a security related issue with mail where OS X mail downgrades from SSL connection to regular port 110 POP3 traffic
2) If corrected the connection is downgraded again within a couple of days, if not sooner.
3) Connections to POP3 servers supporting port 110 are "unaffected" with the exception of the security issue of a downgrade
4) Connections to POP3 servers that only support SSL - port 995 - are not able to complete until SSL has been reenabled manualy.
5) Downgrade bug has been seen only on my machine, so it might not be something mainstream. Machine is updated to latest patches.
Questions
1) As this has only been observed on my machine, has anybody else seen this POP3 SSL downgrade bug?Same problem. The following information is from Symantec:
To disable SSL\TLS
Open Apple Mail.
Click the Mail menu and select Preferences.
Select your mail account on the left under Accounts, then click the Advanced tab.
Confirm the check box labeled "use SSL" is not checked next to ports. If necessary remove the checkmark.
Click the Account Information tab and select Edit Server list from the drop down next to Outgoing Mail Server.
Click the Advanced tab and confirm there is not a checkmark next to Use Secure Socket Layer(SSL).
Click OK and close the accounts. Window and choose to save.
Click Save to update your settings.
Restart Apple Mail.
This does work for a while but eventually Mail reverts to enabling Use SSL and disabling Allow Insecure Authentication but only one some of my addresses but not all. Some accounts POP logs-in but not SMTP. -
Temporarily disable Digital Signature Checks to Install MS SQL Server 2008 with no Internet Access
I am attempting to install a licensed copy of MS SQL Server 2008 in a Private Enclave that does NOT have Internet access on a Win2008 R2 SP1 server (that is VM - thus I can't reboot and press F8 to select "Disable Driver Signature Enforcement"
). The installation fails with an error of the vc_red.cab file being found either corrupt or a bad digital signature. The file is good, but the signature has an expiration of 2011. I understand that a DOTNET SDK v1.1 program called setreg.exe
will enable disabling the digital signature check, but I am not permitted to use that program.
I might be permitted to use the "Signtool.exe" utility, but it is not clear what command sequences are necessary to disable and then re-enable the Digital Signature checks.
I saw a thread that recommended using the command:
bcdedit.exe /set nointegritychecks ON
However, the comments indicated that this might not have worked.
Are there Registry settings I can use with regedit to make the necessary changes to be able to install the application? I anticipate running into this problem with other software when I do not have Internet connectivity. I already tried
downloading the Microsoft CRL files; updated the lists on the Server; and rebooted. This did not solve my problem.Hi,
As far as I know, it is not recommended to disable digital signature check.
Since we are not familair with installing MS SQL server, please also refer to SQL forums below to see if experts there have more insights regarding the matter.
https://social.technet.microsoft.com/Forums/sqlserver/en-US/home
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
(Error) ORA-00001: unique constraint (WHSE_DBA.PK_DELPHI_TRANS_FACT) violat
I have a stored proc which runs every night. The stored proc is giving a unique constraint violation.
(Error) ORA-00001: unique constraint (WHSE_DBA.PK_DELPHI_TRANS_FACT) violated.
Any idea about how to debug this.I want to create an error table on the stored proc shown below. I know I have to add something in the exceptions. Can anyone give me the commands and where to add it.
CREATE OR REPLACE PROCEDURE WHSE_DBA.DM_LD_DELPHI_TRANS_FACT
IS
-- VARIABLE DECLARATIONS
LAST_LOAD_DATE DATE;
INSERTCOUNT NUMBER:=0;
-- LOGGING VARIABLES AND CONSTANTS
TARGETTABLE CONSTANT VARCHAR2(20):='DELPHI_TRANS_FACT';
MSGUNKNOWNERR CONSTANT VARCHAR2(20):='Error';
NBRIGNOREERR CONSTANT NUMBER:=12541;
DEFDATE CONSTANT DATE:='01-OCT-2006';
ERRDESCRIPTION VARCHAR2(255);
V_DELPHI_TRANS_TOTAL NUMBER;
V_DELPHI_TRANS_FACT_TOTAL NUMBER;
BEGIN
-- LOOK UP LAST LOADED RECORD
SELECT NVL(MAX(SNAPSHOT_DATE),DEFDATE)
INTO LAST_LOAD_DATE
FROM DELPHI_TRANS_FACT;
-- * LOAD ALL DIMENSION TABLES
-- BUDGET_YR_DIMENSION
INSERT INTO BUDGET_YR_DIMENSION (BUDGET_YEAR, SNAPSHOT_DATE)
(SELECT DISTINCT BUD_YR, SYSDATE
FROM DELPHI_TRANS OUTER
WHERE NOT EXISTS
(SELECT 1
FROM BUDGET_YR_DIMENSION
WHERE BUDGET_YEAR=OUTER.BUD_YR));
-- EFF_DATE_DIMENSION
INSERT INTO EFF_DATE_DIMENSION (PAID_FIS_YEAR, PAID_QTR, EFFECTIVE_DATE, SNAPSHOT_DATE)
(SELECT DISTINCT CVT_DATE_TO_FISCAL_YEAR(EFF_DT), PD_QTR, EFF_DT, SYSDATE
FROM DELPHI_TRANS OUTER
WHERE NOT EXISTS
(SELECT 1
FROM EFF_DATE_DIMENSION
WHERE EFFECTIVE_DATE=OUTER.EFF_DT));
-- PROC_DATE_DIMENSION
INSERT INTO PROC_DATE_DIMENSION (PROCESS_DATE, SNAPSHOT_DATE)
(SELECT DISTINCT PROC_DT, SYSDATE
FROM DELPHI_TRANS OUTER
WHERE NOT EXISTS
(SELECT 1
FROM PROC_DATE_DIMENSION
WHERE PROCESS_DATE=OUTER.PROC_DT));
-- ORG_DIMENSION
INSERT INTO ORG_DIMENSION (ORG,COST_CTR,SNAPSHOT_DATE)
(SELECT DISTINCT ORG, CC_CD, SYSDATE
FROM DELPHI_TRANS OUTER
WHERE NOT EXISTS
(SELECT 1
FROM ORG_DIMENSION
WHERE ORG=OUTER.ORG));
-- BPAC DIMENSION
INSERT INTO BPAC_DIMENSION (BPAC, AFC_CD, PE_CODE, SNAPSHOT_DATE)
(SELECT DISTINCT BPAC, AFC_CD, PE, SYSDATE
FROM DELPHI_TRANS OUTER
WHERE NOT EXISTS
(SELECT 1
FROM BPAC_DIMENSION
WHERE BPAC=OUTER.BPAC));
-- FUND DIMENSION
INSERT INTO FUND_DIMENSION (FUND,APPROP_CD,LIM_CD,SNAPSHOT_DATE)
(SELECT DISTINCT FUND, APPROP_CD, APPLIM_CD, SYSDATE
FROM DELPHI_TRANS OUTER
WHERE NOT EXISTS
(SELECT 1
FROM FUND_DIMENSION
WHERE FUND=OUTER.FUND));
-- OBJ_CD_DIMENSION
INSERT INTO OBJ_CD_DIMENSION (OBJ_CD,SNAPSHOT_DATE)
(SELECT DISTINCT OC_CD, SYSDATE
FROM DELPHI_TRANS OUTER
WHERE NOT EXISTS
(SELECT 1
FROM OBJ_CD_DIMENSION
WHERE OBJ_CD=OUTER.OC_CD));
-- GLA DIMENSION
INSERT INTO GLA_DIMENSION (GLA_CD,SNAPSHOT_DATE)
(SELECT DISTINCT GLA, SYSDATE FROM DELPHI_TRANS OUTER
WHERE NOT EXISTS
(SELECT 1
FROM GLA_DIMENSION
WHERE GLA_CD=OUTER.GLA));
-- PROJECT_TASK_DIMENSION
INSERT INTO PROJECT_TASK_DIMENSION (PROJECT_NO,TASK_NO,SNAPSHOT_DATE)
(SELECT DISTINCT PROJ_NBR, TASK_NBR, SYSDATE FROM DELPHI_TRANS OUTER
WHERE NOT EXISTS
(SELECT 1
FROM PROJECT_TASK_DIMENSION
WHERE PROJECT_NO=OUTER.PROJ_NBR
AND TASK_NO=OUTER.TASK_NBR));
-- TRANS_DESC_DIMENSION
INSERT INTO TRANS_DESC_DIMENSION (DESCRIPTION,SNAPSHOT_DATE)
(SELECT DISTINCT DESCR, SYSDATE FROM DELPHI_TRANS OUTER
WHERE NOT EXISTS
(SELECT 1
FROM TRANS_DESC_DIMENSION
WHERE DESCRIPTION=OUTER.DESCR
AND OUTER.DESCR IS NOT NULL));
-- SUPPLIER_DIMENSION
INSERT INTO SUPPLIER_DIMENSION (SUPPLIER_NAME, SNAPSHOT_DATE)
(SELECT DISTINCT VENDOR_NAME, SYSDATE FROM DELPHI_TRANS OUTER
WHERE NOT EXISTS
(SELECT 1
FROM SUPPLIER_DIMENSION
WHERE SUPPLIER_NAME=OUTER.VENDOR_NAME));
-- DELPHI_INV_DIMENSION
INSERT INTO DELPHI_INV_DIMENSION (INVOICE_NO, SNAPSHOT_DATE)
(SELECT DISTINCT INV_NO, SYSDATE FROM DELPHI_TRANS OUTER
WHERE NOT EXISTS
(SELECT 1
FROM DELPHI_INV_DIMENSION
WHERE INVOICE_NO=OUTER.INV_NO));
-- DELPHI_PO_DIMENSION
INSERT INTO DELPHI_PO_DIMENSION (PO_NO, SNAPSHOT_DATE)
(SELECT DISTINCT PO_NO, SYSDATE FROM DELPHI_TRANS OUTER
WHERE NOT EXISTS
(SELECT 1
FROM DELPHI_PO_DIMENSION
WHERE PO_NO=OUTER.PO_NO));
-- TEMPORARILY DISABLE KEY FOR FASTER LOADING
DB_MISC.PRO_EXE_DDL('ALTER TABLE DELPHI_TRANS_FACT DISABLE CONSTRAINT PK_DELPH_TRANS_FACT');
-- MOVE DATA INTO TABLE
INSERT INTO DELPHI_TRANS_FACT (BPAC_KEY, ORG_KEY, FUND_KEY, OBJ_CD_KEY, GLA_KEY,
EFF_DATE_KEY, PROC_DATE_KEY, PROJECT_TASK_KEY, BUDGET_YR_KEY, DELPHI_TRANS_DESC_KEY,
BALANCE, COMMIT_AMT, UDO_AMT, AEU_AMT, AEP_AMT, OBLIGATION_AMT, SNAPSHOT_DATE,
SUPPLIER_KEY, DELPHI_INV_KEY, DELPHI_PO_KEY)
(SELECT BPAC_KEY, ORG_KEY, FUND_KEY, OBJ_CD_KEY, GLA_KEY, EFF_DATE_KEY, PROC_DATE_KEY,
PROJECT_TASK_KEY, BUDGET_YR_KEY, TRANS_DESC_KEY, SUM(BAL), SUM(COMMIT_AMT), SUM(UDO_AMT),
SUM(AEU_AMT), SUM(AEP_AMT), SUM(OBLIGATION_AMT), MAX(SYSDATE), SUPPLIER_KEY, DELPHI_INV_KEY,
DELPHI_PO_KEY
FROM BPAC_DIMENSION, ORG_DIMENSION, FUND_DIMENSION, OBJ_CD_DIMENSION, GLA_DIMENSION,
EFF_DATE_DIMENSION, PROC_DATE_DIMENSION, PROJECT_TASK_DIMENSION, BUDGET_YR_DIMENSION,
TRANS_DESC_DIMENSION, DELPHI_TRANS, SUPPLIER_DIMENSION, DELPHI_INV_DIMENSION, DELPHI_PO_DIMENSION
WHERE DELPHI_TRANS.SNAPSHOT_DATE>LAST_LOAD_DATE
-- JOIN WITH BPAC_DIMENSION
AND DELPHI_TRANS.BPAC=BPAC_DIMENSION.BPAC
-- JOIN WITH ORG_DIMENSION
AND DELPHI_TRANS.ORG = ORG_DIMENSION.ORG
-- JOIN WITH FUND_DIMENSION
AND DELPHI_TRANS.FUND = FUND_DIMENSION.FUND
-- JOIN WITH OBJ_CD_DIMENSION
AND DELPHI_TRANS.OC_CD=OBJ_CD_DIMENSION.OBJ_CD
-- JOIN WITH GLA_DIMENSION
AND DELPHI_TRANS.GLA=GLA_DIMENSION.GLA_CD
-- JOIN WITH EFF_DATE_DIMENSION
AND DELPHI_TRANS.EFF_DT=EFF_DATE_DIMENSION.EFFECTIVE_DATE
-- JOIN WITH PROC_DATE_DIMENSION
AND DELPHI_TRANS.PROC_DT=PROC_DATE_DIMENSION.PROCESS_DATE
-- JOIN WITH PROJECT_TASK_DIMENSION
AND (DELPHI_TRANS.PROJ_NBR=PROJECT_TASK_DIMENSION.PROJECT_NO
AND DELPHI_TRANS.TASK_NBR=PROJECT_TASK_DIMENSION.TASK_NO)
-- JOIN WITH BUDGET_YR_DIMENSION
AND DELPHI_TRANS.BUD_YR=BUDGET_YR_DIMENSION.BUDGET_YEAR
-- JOIN WITH TRANS_DESC_DIMENSION
AND DELPHI_TRANS.DESCR=TRANS_DESC_DIMENSION.DESCRIPTION
-- JOIN WITH SUPPLIER_DIMENSION
AND DELPHI_TRANS.VENDOR_NAME=SUPPLIER_DIMENSION.SUPPLIER_NAME
-- JOIN WITH DELPHI_PO_DIMENSION
AND DELPHI_TRANS.PO_NO=DELPHI_PO_DIMENSION.PO_NO
-- JOIN WITH DELPHI_INV_DIMENSION
AND DELPHI_TRANS.INV_NO=DELPHI_INV_DIMENSION.INVOICE_NO
GROUP BY BPAC_KEY, ORG_KEY, FUND_KEY, OBJ_CD_KEY, GLA_KEY, EFF_DATE_KEY, PROC_DATE_KEY,
PROJECT_TASK_KEY, BUDGET_YR_KEY,TRANS_DESC_KEY, SUPPLIER_KEY, DELPHI_INV_KEY, DELPHI_PO_KEY);
-- COUNT AFFECTED RECORDS
INSERTCOUNT:=0+SQL%ROWCOUNT;
-- RE-ENABLE KEY CONSTRAINT
DB_MISC.PRO_EXE_DDL('ALTER TABLE DELPHI_TRANS_FACT ENABLE VALIDATE CONSTRAINT PK_DELPH_TRANS_FACT');
-- STORE RESULTS OF OPERATION
IF INSERTCOUNT>0 THEN
DB_MISC.LOGFAILURE_EX('none', 'none', INSERTCOUNT||' new records loaded successfully.', TARGETTABLE, 'DM_LD_DELPHI_TRANS_FACT', FALSE);
END IF;
--- COMPARE BALANCE TOTAL FROM DELPHI_TRANS TABLE AND DELPHI_TRANS_FACT TABLE
SELECT SUM(BAL) INTO V_DELPHI_TRANS_TOTAL
FROM DELPHI_TRANS ;
SELECT SUM(BALANCE) INTO V_DELPHI_TRANS_FACT_TOTAL
FROM DELPHI_TRANS_FACT ;
VALIDATE_LOAD(V_DELPHI_TRANS_TOTAL,V_DELPHI_TRANS_FACT_TOTAL);
-- EXCEPTION HANDLING ROUTINES * * * * * * * * * * * * * * * * * * * * * *
EXCEPTION
WHEN OTHERS THEN
ROLLBACK;
IF SQLCODE!=NBRIGNOREERR THEN
ERRDESCRIPTION:=SQLERRM;
-- CALL ROUTINE TO PROCESS ERROR
DB_MISC.LOGFAILURE_EX('none', 'none', ERRDESCRIPTION, TARGETTABLE, 'DM_LD_DELPHI_TRANS_FACT', TRUE);
COMMIT;
END IF;
-- END EXCEPTION HANDLING ROUTINES * * * * * * * * * * * * * * * * * * * * * *
END -
Hello,
We have a multi domain parent child AD domain infrastructure and now we upgraded our exchange from Exchange 2007 to Exchange 2013. Since last few days, we see the below error on the mailbox server event viewer.
EVENT ID : 1121
The Microsoft Exchange Mailbox Replication service was unable to process a request due to an unexpected error.
Request GUID: '93a7d1ca-68a1-4cd9-9edb-a4ce2f7bb4cd'
Database GUID: '83d028ec-439d-4904-a0e4-1d3bc0f58809'
Error: An Active Directory Constraint Violation error occurred on <domain controller FQDN>. Additional information: The name reference is invalid.
This may be caused by replication latency between Active Directory domain controllers.
Active directory response: 000020B5: AtrErr: DSID-0315286E, #1:
Our Exchange setup is in parent domain, but we keep on getting this error for various domain controllers in each child domain in the same site. We then configured one of the parent domain domain controller on Exchange. Still we are getting this error for
the configured parent domain DC.
Verified the AD replication and there is no latency or pending stuffs.
Any support to resolve this issue will be highly appreciated. Thank you in advance.
Regards,
Jnana R DashHi,
In addition to Ed's suggestion, I would like to clarify the following things for troubleshooting:
1. Please restart IIS at first.
2. If the issue persists, please ping your DC on your Exchange server to check if Exchange can communicate with DC.
Hope it helps.
Best regards,
Amy Wang
TechNet Community Support -
How to disable SSL v3 for sun os 5.6 (OAS 4.0.8), I am facing POODLE vulnerability issue?
my Website is hosted on Sun OS 5.06 (OAS 4.0.8) and using web server : Oracle_Web_Listener/4.0.8. Website is configured to use https for secure pages and it was working fine from last 10 years but suddenly i am getting complaints from my customers that they can not browse site on chrome version 40 and above and firefox 34 and above.
I searched for this issue and found that there is POODLE attack which may causing this issue. now the only solution i can see is to disable SSL v3 on server.
Can any help me out with the process or an idea, How to disable SSL V3 on this Olde server? its sun microsystem server.Hi Aamir,
This is old software, been a while since I saw one of these.
Normally when SSL was setup there were two listeners, one with SSL and one without, in a different port, so you could try to find this second port, which may work without any need to change the configuration.
Else, try to check on the OAS manager (Usually on port 8888), the HTTP listener -> WWW -> Network, if there is a setup only for the SSL port, you will need to add a new line, with the same configuration, but a different port and the security disabled.
Also, there may be some setting on the application itself for the url path. If so, when you navigate in the application it will try to redirect you back to the SSL port. In that case you will need to figure out where to change that, which depend on the application itself.
Found this page on google with the process to setup SSL on OAS 4.0, you need to do the inverse of step 5.
WoSign Support: SSL Certificates Installation Instruction - Oracle Web Server (OAS 4.0.8)
Regards,
Luis -
I cannot Disable a constraint in SQL Developer
Here is my issue:
I have created a table already named practice1.
Using SQL Developer PL/SQL try to run a loop as following:
DECLARE
COUNTER1 NUMBER(2);
BEGIN
COUNTER1 := 30;
ALTER TABLE practice1
DISABLE CONSTRAINT PRK1;
LOOP
COUNTER1 := 30;
INSERT INTO PRACTICE1
VALUES (COUNTER1, 'test7', 8, 9);
EXIT WHEN COUNTER1 >26;
END LOOP;
END;
In other words I Insert the COUNTER1 variable value as Primary Key in the tables field1 column.
I run the script successfully without the ALTER TABLE DISABLE CONTSRAINT.. command.
Everytime I run it I had to increase the starting value of Variable COUNTER1 so it will not attempt to insert a duplicate pre-existed value in Primary Key.
Then I decided to insert the command ALTER TABLE DISABLE CONSTRAINT in order to not have to worry to change the starting value.
I am able to disable the constraint by using the same command in isolation . If I run it as part of the script as above I get the following error:
Error report:
ORA-06550: line 5, column 1:
PLS-00103: Encountered the symbol "ALTER" when expecting one of the following:
( begin case declare end exception exit for goto if loop mod
null pragma raise return select update while with
<an identifier> <a double-quoted delimited-identifier>
<a bind variable> << continue close current delete fetch lock
insert open rollback savepoint set sql execute commit forall
merge pipe purge
06550. 00000 - "line %s, column %s:\n%s"
*Cause: Usually a PL/SQL compilation error.
*Action:
I would appreciate any suggestions.
Thank you.Your question has NOTHING to do with sql developer.
Mark this question ANSWERED and repost it in the SQL and PL/SQL forum.
https://forums.oracle.com/community/developer/english/oracle_database/sql_and_pl_sql
The problem is that you CANNOT execute DDL directly in PL/SQL. You need to use dynamic SQL to execute DDL within PL/SQL.
EXECUTE IMMEDIATE 'ALTER TABLE . . .';
If you need more help use the correct forum as shown above. -
Encountered an internal error in the SSL library
Hi,
We need to harden our environment according CIS standards. After applying those policies I am encountering following issue:
Unix/Linux agents managed by the interal Unix/Linux resource (Management Servers domain joined) pool turn grey with the
WS-Management Certificate Health in critical state. Some return healthy after a while... to fail again after a while.
When I resign the certificate through Discovery Wizard the agent turns healthy again... to return to a grey state again after a while.
Error in Health Explorer below:
ErrorMessage
WSManFault The server certificate on the destination computer (flexprod1.mydomain.net:1270) has the following errors:
Encountered an internal error in the SSL library.
While troubleshooting I found out that executing following results in an error
winrm e http://schemas.microsoft.com/wbem/wscim/1/cim-schema/2/SCX_Agent?__cimnamespace=root/scx -r:https://flexprod1.mydomain.net:1270
-u:scomuser -p:pswd -auth:basic -encoding:utf-8
WSManFault
Message = The server certificate on the destination computer (flexprod1.mydomain.net:1270) has the following errors:
Encountered an internal error in the SSL library.
Error number: -2147012721 0x80072F8F
A security error occurred
When I re-execute the command right afterwards... it succeeds! :-/ When I run the command 10 minutes afterwards, it fails again the
first time it is executed.
My guess the possibility it is related to above issue is likely.
I'm not having this issue on the gateway servers (not domain joined) where the policies are not applied.
P.s. Unfortunately I installed security and critical updates a few hours before applying the gpo so it could well be related to that
also.
Before I try to revert the changes made by the gpo... can anyone verify if a setting in the gpo can cause this issue?
Relevant part (I think) of the gpo below. Or does anyone know what this might be caused by or how to further troubleshoot this?
Thanks!
Microsoft network client: Digitally sign communications (always) Enabled
Microsoft Network Server
Policy Setting
Microsoft network server: Digitally sign communications (always) Enabled
Microsoft network server: Digitally sign communications (if client agrees) Enabled
Network Access
Policy Setting
Network access: Do not allow anonymous enumeration of SAM accounts and shares Enabled
Network Security
Policy Setting
Network security: LAN Manager authentication level Send NTLMv2 response only. Refuse LM & NTLM
Network security: Minimum session security for NTLM SSP based (including secure RPC) clients Enabled
Require NTLMv2 session security Enabled
Require 128-bit encryption Enabled
Network security: Minimum session security for NTLM SSP based (including secure RPC) servers Enabled
Require NTLMv2 session security Enabled
Require 128-bit encryption Enabled
System Cryptography
Policy Setting
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing Enabled
System Settings
Policy Setting
System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies Enabled
User Account Control
Policy Setting
User Account Control: Admin Approval Mode for the Built-in Administrator account Enabled
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode Prompt for consent for non-Windows binaries
User Account Control: Switch to the secure desktop when prompting for elevation Enabled
Other
Policy Setting
Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings Enabled
Registry Values
Policy Setting
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScreenSaverGracePeriod "0"
MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SafeDllSearchMode 1
MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting 2
MACHINE\System\CurrentControlSet\Services\Tcpip6\Parameters\DisableIPSourceRouting 2Hi Steve,
Thanks for your reply.
I've managed to pinpoint the issue to the following gpo setting:
System cryptography: Use FIPS 140 compliant cryptographic algorithms, including encryption, hashing and signing algorithms
Description: For the Schannel Security Service Provider (SSP), this security setting disables the weaker Secure Sockets Layer (SSL) protocols and supports only the Transport Layer Security (TLS) protocols as a client and as a server (if applicable). If this
setting is enabled, Transport Layer Security/Secure Sockets Layer (TLS/SSL) Security Provider uses only the FIPS 140 approved cryptographic algorithms: 3DES and AES for encryption, RSA or ECC public key cryptography for the TLS key exchange and authentication,
and only the Secure Hashing Algorithm (SHA1, SHA256, SHA384, and SHA512) for the TLS hashing requirements.
Disabled the setting in a new gpo and everything returned to normal.
Grts. -
Error:iaik.security.ssl.SSLCertificateException: Peer certificate rejected
Hi,
I am getting error com.sap.engine.interfaces.messaging.api.exception.MessagingException:
iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
When i test for digital signing and encryption using soap receiver CC
we passed all the values for soap CC
Created key store view and in that view I have generated private certificate and generated CSR using SAP CA(test ssl for 8 weeks) for the private key and also imported public key for encryption given by reciver
When i test i get the error message
I check certificates validity dates
I restarted java engine and ICM
I added the public key in trusted CA in NWA
I re created the view and added the certifcates
still the same error
how and where to check to check IAIK in NWA and how to deploy it in java engine using NWA, we are using PI7.11 (no VA)
any suggestions?Hi,
The main causes for this kind of problem are:
1. The correct server certificate could not be present in the TrustedCA keystore view of NWA. Please ensure you have done all the steps described in the URL below:
Security Configuration at Message Level
http://help.sap.com/saphelp_nwpi71/helpdata/EN/ea/c91141e109ef6fe1000000
0a1550b0/frameset.htm
2. The server certificate chain contains expired certificate. Check for it and if it's the case renew it or extend the validation.
3. The certificate chain was not in correct order. Basically the server certificate chain should be in order
Own->Intermedite->Root. To explain in detail, if your server certificate is A which is issued by an intermediate CA B and then B's certificate is issued by the C which is the root CA (having a self signed certificate).
Then your certificate chain contains 3 elements A->B->C. So you need to have the right order of certificate in the chain. If the order is B first followed by A followed by C, then the IAIK library used by PI cannot verify the server as trusted. Generate the certificate in the right order and then import this certificate in the TrustedCA keystore view and try again.
4. If the end point of the SOAP Call(Server) is configured to accept a client certificate(mandatory), then make sure that it is configured correctly in the SOAP channel and it is also within validity period.
(This certificate is the one which is sent to Server for Client authentication)
As a resource, you may need to create a new SSL Server key.
The requirement from SAP SSL client side is that the requested site has to have certificate with CN equal to the requested site. I mean if I request URL X then the CN must be CN=X.
In other words, the CN of the certificate has to be equal to the URL in the ftp request. This can be the IP address or the full name of the host.
Request the url with the IP of the SSL Server and the certificate to be with CN = IP of the server.
In any other case the SSL communication will not work.
Regards,
Caio Cagnani -
How to disable and enable Check box based upon condition
Hi,
I wants to disable/hide the check box field before the required field is filled. Kindly help meHi Mohammed,
Try to use customize InfoPath form, add rules. Go to list tab, click customize Form, then this opens the list form in InfoPath
format.
1.Select the check box field control, click add rules, select if is blank, show validation error action.
2.Then go to conditions, click column name is blank, change it to the required column you want.
3.Go to rule type, click validation, change it to formatting, select hide this control.
4.Publish the InfoPath form.
Best Regards.
Kelly Chen
TechNet Community Support
Maybe you are looking for
-
HI All, I am getting the following error Unable to Convert Integration Process into ALE Logical System... Even though i defined LS in Business Landscape and also In Adapter Specifiers of Business System... I have gone through all the weblogs and thre
-
Audio not working on macbook air
My Macbook Air, which I've only had for a couple of months, won't play any sound or audio. I was watching a video with ear phones in and I got up and jerked the earphones out, then the volume didn't work at all. I put the earphones in and out again w
-
What is the best way to export HDCam footage from Final Cut? If I export to a QuickTime movie will that QuickTime file still be HD footage? I need to get some footage to someone today so any help would be great! Also if I burn that QuickTime file to
-
How do i get text ticker to work?
Hi everyone, how do i get the text ticker to work on this template http://www.videocopilot.net/blog/?s=news+template a simple step-by-step would be great or a script. I want it to scroll like on news channels and loop. Sorry i am a NEWBIE. Thanks.
-
Hi I am calling a Remote Function Module from a web dynpro application in BW system but somehow it is not functioning properly. I want to find out if the control has actually reached the Function Module in BW system and then some error is happening