Error in configuring SSL

Similar Messages

• Error while configuring SSL in OID 11g - LDAP 50 Insufficient Access rights

  HI,
  I am trying to configure SSL in OID 11g.As per the doc http://download.oracle.com/docs/cd/E12839_01/oid.1111/e10029/ssl.htm#CBHGBGAF ,i tried creating a Self-Signed Wallte using Fusion Middleware control,But i am getting an error LDAP 50: Insufficient access rights".I logged into Fusion Middle Ware control as Weblogic user.Is anybody faced this issue?.Thanks in advance.

  I am not sure how you tried, but I would recommend to do the following...
  1. Add the 'user1' to "OU=Franchisees,ou=People,dc=company,dc=com"
  2. Delete the 'user1' from 'OU=Internal,ou=People,dc=company,dc=com'

• Urgent Please..Error while configuring SSL protocol

  Hi,
  I am facing problems when I am trying to configure my WLS 6.0(on
  Win 2000) for SSL protocol.I have used the CSR generator to generate
  CSR & I have got a trial SSL id from VeriSign.I have now got the
  following files:
  hercules-key.der(private key generated by CSR generator)
  cert.pem (digital certificate from VeriSign)
  When I configured the server console with
  Server Key file name =./config/mydomain/hercules-key.der
  Server Certificate file name=./config/mydomain/cert.pem
  Server Certificate chain file name=./config/mydomain/cert.pem
  & restarted the server with the following command:
  startWeblogic -Dweblogic.management.pkpassword=<the pwd I gave>
  I am getting the following error:
  <Mar 19, 2001 11:20:11 AM PST> <Alert> <WebLogicServer> <Security
  configuration
  problem with certificate file ./hercules-key.der, java.io.EOFException>
  java.io.EOFException
  at weblogic.security.Utils.inputByte(Utils.java:133)
  at weblogic.security.ASN1.ASN1Header.inputTag(ASN1Header.java:125)
  at weblogic.security.ASN1.ASN1Header.input(ASN1Header.java:119)
  at weblogic.security.RSAPrivateKey.input(RSAPrivateKey.java:119)
  at weblogic.security.RSAPrivateKey.<init>(RSAPrivateKey.java:91)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:393)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
  at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:939)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  Please tell me where I went wrong.Do I need to make any more changes
  in the console.
  Thanks in advance.. Sita

  The Server Certificate File Name should point to the cert that establishes
  the server's identity.
  The Server Certificate Chain File Name should contain as its first member
  the cert used to sign the server's cert, the second member should contain a
  cert used to sign the first cert in the file, etc. until the last cert in
  the chain which should be self-signed. The Server Certificate Chain File
  Name is required to have at least one cert in it (and if there is only one
  it must be self-signed, ie a root CA cert and it must be the cert that was
  used to sign the server's certificate).
  If you got the trial cert from Verisign their email to you should have told
  you how to obtain a root CA from them to use.
  "Sita Mulomudi" <[email protected]> wrote in message
  news:[email protected]...
  >
  Hi,
  I am facing problems when I am trying to configure my WLS 6.0(on
  Win 2000) for SSL protocol.I have used the CSR generator to generate
  CSR & I have got a trial SSL id from VeriSign.I have now got the
  following files:
  hercules-key.der(private key generated by CSR generator)
  cert.pem (digital certificate from VeriSign)
  When I configured the server console with
  Server Key file name =./config/mydomain/hercules-key.der
  Server Certificate file name=./config/mydomain/cert.pem
  Server Certificate chain file name=./config/mydomain/cert.pem
  & restarted the server with the following command:
  startWeblogic -Dweblogic.management.pkpassword=<the pwd I gave>
  I am getting the following error:
  <Mar 19, 2001 11:20:11 AM PST> <Alert> <WebLogicServer> <Security
  configuration
  problem with certificate file ./hercules-key.der, java.io.EOFException>
  java.io.EOFException
  at weblogic.security.Utils.inputByte(Utils.java:133)
  at weblogic.security.ASN1.ASN1Header.inputTag(ASN1Header.java:125)
  at weblogic.security.ASN1.ASN1Header.input(ASN1Header.java:119)
  at weblogic.security.RSAPrivateKey.input(RSAPrivateKey.java:119)
  at weblogic.security.RSAPrivateKey.<init>(RSAPrivateKey.java:91)
  atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:393)
  atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
  atweblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:939)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  Please tell me where I went wrong.Do I need to make any more changes
  in the console.
  Thanks in advance.. Sita

• Error while configuring ssl

  i got private key and certificate from versign and i install rootca also.
  Server Key file name =./config/mydomain/mmm-key.der
  Server Certificate file name=./config/mydomain/cert.pem
  Server Certificate chain file name=./config/mydomain/getcacert.pem
  while restarting the server i got the following error
  roblem with certificate file config/mydomain/mmm-key.der, java.io
  .EOFException>
  java.io.EOFException
  at weblogic.security.Utils.inputByte(Utils.java:133)
  at weblogic.security.ASN1.ASN1Header.inputTag(ASN1Header.java:125)
  at weblogic.security.ASN1.ASN1Header.input(ASN1Header.java:119)
  at weblogic.security.RSAPrivateKey.input(RSAPrivateKey.java:119)
  at weblogic.security.RSAPrivateKey.<init>(RSAPrivateKey.java:91)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:397)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:300)
  at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1045)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:480)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:202)
  at weblogic.Server.main(Server.java:35)

  Hi Muthu,
  I suspect this is a problem with your root ca file.
  The way to test this is to create a dummy file.
  Make a blank ascii file -- say a blank file called getcacert.pem
  start your WebLogic server.
  If it starts correctly (without the exception) then the problem is definitely
  with your rootca file. It may be in the wrong format or something..
  The blank rootca should allow your server to start, and use SSL, if indeed the
  rootca is the source of your problem
  Cheers
  Joe Jerry
  muthu wrote:
  i got private key and certificate from versign and i install rootca also.
  Server Key file name =./config/mydomain/mmm-key.der
  Server Certificate file name=./config/mydomain/cert.pem
  Server Certificate chain file name=./config/mydomain/getcacert.pem
  while restarting the server i got the following error
  roblem with certificate file config/mydomain/mmm-key.der, java.io
  .EOFException>
  java.io.EOFException
  at weblogic.security.Utils.inputByte(Utils.java:133)
  at weblogic.security.ASN1.ASN1Header.inputTag(ASN1Header.java:125)
  at weblogic.security.ASN1.ASN1Header.input(ASN1Header.java:119)
  at weblogic.security.RSAPrivateKey.input(RSAPrivateKey.java:119)
  at weblogic.security.RSAPrivateKey.<init>(RSAPrivateKey.java:91)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:397)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:300)
  at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1045)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:480)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:202)
  at weblogic.Server.main(Server.java:35)

• Incorrect Block Length error when configuring SSL

  Hello, gurus:
  I am messing around with SSL configurations on WebLogic 6.0.2. I have generated
  a CSR, and located my non-password protected private key and CSR files to the
  /config/[my_test_domain] folder. I have received my test cert from VeriSign, which
  I have saved to /config/[my_test_domain] as cert.pem. Lastly, I copied off of
  VeriSign's site an Intermediate CA certificate (or Server Cert Chain), and saved
  that at ca.pem.
  Now when I attempt to start WebLogic, I am seeing the following Alert messages:
  ==============================================================
  <2001/08/07 12:03:04:JST> <Alert> <WebLogicServer> <&#12475;&#12461;&#12517;&#12522;&#12486;&#12451;
  &#12467;&#12531;&#12501;&#12451;&#12464;&#12524;&#12540;
  &#12471;&#12519;&#12531; weblogic.security.AuthenticationException: Incorrect
  block length 64 (mod
  ulus length 128) possibly incorrect SSLServerCertificateChainFileName set for
  th
  is server certificate &#12395;&#30683;&#30462;&#12364;&#12354;&#12426;&#12414;&#12377;&#12290;>
  weblogic.security.AuthenticationException: Incorrect block length 64 (modulus
  le
  ngth 128) possibly incorrect SSLServerCertificateChainFileName set for this serv
  er certificate
  at weblogic.security.X509.verifySignature(X509.java:251)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
  at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  ==============================================================
  BTW, I am doing all of this on a Japanese (EUC_JP) OS, so I apologize if part
  of the above message is rendered illegible.
  Anyhow, does anyone have any idea as to what is bombing?
  Thanks in advance,
  Brooke

  Can you elaborate on what you did to get the root ca cert from verisign's repository
  page and
  convert it to DER format using OpenSSL? I've been trying to figure out how to do
  this for about
  a week now... I finally got verisign support to just email me a root ca cert but I
  would like to know
  what you did.. Did you just cut & paste the class 1 root ca from the repository page
  (http://www.verisign.com/repository/root.html) to a file? Where did you get OpenSSL
  and what
  did you do to convert the file to a DER? I looked at the OpenSSL site but I couldn't
  figure it out.
  Any help on this would be greatly appreciated. I can't believe how much time I have
  wasted
  looking into this...
  Kirk Everett
  Brooke wrote:
  "Brooke" <[email protected]> wrote:
  ...Lastly, I copied off of VeriSign's site an Intermediate CA
  certificate (or Server Cert Chain), and saved that as ca.pem.
  ..... And that was the whole problem. After doing more search of the resources here,
  I discovered that the Server Certificate Chain File Name needed the Root Server
  CA cert from VeriSign. The solution was to copy VeriSign's Root Server CA cert
  from their repository page, and then use OpenSSL to transform that into a .der
  file. Using this .der file as the Server Certificate Chain File did the trick.

• Error while Configuring  environment parameters

  Hi,
  I am installling Oracle Utilities Business Intelligence 2.3.2 version . I am getting error while configuring Environment Paramameters
  Database- Oracle 11g R2
  OS- Windows Server 2008
  1. Environment Description
  Environment Description: DEV01
  2. Business Application Server Configuration
  Business Server Host: 01HW342889
  WebLogic Server Name: myserver
  Business Server Application Name: SPLService
  MPL Admin Port Number: 6502
  MPL Automatic startup: false
  3. Web Application Server Configuration
  Web Server Host: 01HW342889
  Web Server Port Number: 6500
  WebLogic SSL Port Number: 6501
  Web Context Root: ouaf
  WebLogic JNDI User ID: systemjndi
  WebLogic JNDI Password: ENC(tEky0TX65m0nDNIlnX
  CcwlbnXl2b1kMnvE8DD0wfI1Y=)
  WebLogic Admin System User ID: {3DES}gg8gG+5N+gwJBPWG
  IhRRuQ==
  WebLogic Admin System Password: {3DES}gg8gG+5N+gwJBPWG
  IhRRuQ==
  WebLogic Server Name: myserver
  Web Server Application Name: SPLWeb
  Application Admin User ID: appladmin
  Application Admin Password: ENC(OrIg4HyDLxi2kQ6uSs
  cBz4cubUr2U5BbRl75SY2pP6Q=)
  Expanded Directories: false
  Application Viewer Module: true
  4. Database Configuration
  JDBC Name: oubi-jdbc
  MPL Database User ID: SPLADMV2
  MPL Database Password: ENC(mfG7quacTagw5qEvov
  oaQIRpnogRvroY4NcXp6WZCZo=)
  XAI Database User ID: SPLADMV2
  XAI Database Password: ENC(tNfRJUthvYQR990TzW
  314nXU+5jWBuYBDs5AgT5qG7g=)
  Batch Database User ID: SPLADMV2
  Batch Database Password: ENC(L5BXr/lXp/riShr9Lp
  kFDsgUIjDm5I6TJU5Suz0Wy/k=)
  JDBC Database User ID: SPLADMV2
  JDBC Database Password: {3DES}L43JfrbOrCtupkwm
  4I/Adw==
  Database Name: DEV1
  Database Server: 01HW342889
  Database Port: 1701
  ONS Server Configuration:
  Database Override Connection String:
  Oracle Client Character Set NLS_LANG: AMERICAN_AMERICA.UTF8
  5. General Configuration Options
  Batch RMI Port: 6509
  Batch Mode: CLUSTERED
  Coherence Cluster Name: OUBICLUSTER1
  Coherence Cluster Address: 172.25.138.45
  Coherence Cluster PORT: 6508
  Coherence Cluster Mode: dev
  Each item in the above list should be configured for a successful install.
  Choose option (1,2,3,4,5, <P> Process, <X> Exit): P
  --> Calculating additional variables ... done.
  --> Writing variables to E:\OUBI2\ouaf\temp\FW.V4.0.2\tmp\2011-06-10-0954\ENVIRO
  N.INI ... done.
  Can't open E:\OUBI2\ouaf\temp\FW.V4.0.2\install_FW_E:\OUBI2\ouaf\DEV01.log for o
  utput at E:\OUBI2\ouaf\temp\FW.V4.0.2\data\bin\perllib/SPL/splLog.pm line 190.
  "ERROR - Detected while running install.plx."
  Thks,
  Mohan

  This is a common error people get when configuring Repository Service in Admin Console...
  Main reason for this is that there is an incompatible bit versions of Oracle Database and Informatica Server and windows. Try to reinstall Oracle DB or Infa Server and tryconfiguring the same it will work
  Or it could be parameter issues if it is linux...
  Please mark helpful this post

• Configure SSL in J2SE Plain adapter

  I tryed to configure SSL in J2SE Plain adapter. (7.0)
  I've generated a certificate file "certif_file.cer" and
  while I put in GUIBrowserEngine Property File the following
  line:
  HTTP.SSLcertificate=F:\tech_adapter_70\certif_file.cer
  I've got the following error message:
  16:19:10 : Error(s) in GUIBrowserEngine configuration
  parameters found:
  ERROR: Certificate file 'F: ech_adapter_70certif_file.cer' not
  found, must quit!
  It seems that something wrong with my definition of full path
  to this file. But I do not find from SAP Library any solution
  about this problem.
  Could you help me?

  Hi Boris,
  Please try to give the full path using backslash '/' :
  e.g.  F:/tech_adapter_70/certif_file.cer
  I hope it will work.
            The J2SE Adapter Engine uses SSL only for communication line encryption, not for client and server authentications. Since this is a drawback with respect to security, you should use the J2EE Adapter Engine in insecure environments.
                           All configuration data for the Plain J2SE Adapter Engine is maintained in flat property files.The file for the engine administration data itself is located in the following directory:
  <installation directory>/tech_adapter/BaseConfiguration
  The file for the adapter configuration data is located in the following directory:
  <installation directory>/tech_adapter/Configuration
                     The adapters of the Plain J2SE Adapter Engine are configured locally and not in the Integration  Directory. Exchanged messages are also stored directly in the file system.
  Therefore, ensure that only the operating system user, who has started and therefore owns the adapter engine process, can read the property files and has access to the directories used for message exchange.
  *Pls: Reward points if helpful*
  Regards,
  Jyoti
  Edited by: Jyoti Acharya on Dec 19, 2007 5:05 PM

• [solved] dovecot errors after renewing SSL certificate

  System:
  OS X Server (Mountain Lion) 2.2
  Using a single SSL Certificate for all services.
  Symptom:
  Users can't log into their IMAP accounts hosted on OS X Server (Mountain Lion) after renewing SSL Certificate
  Diagnostics:
  Give you an indication whether it's this problem. Some or all may apply:
  Log shows all kinds of dovecot errors. e.g.
  dovecotd[nnn]: master: Error: service(config): command startup failed, throttling
  config: Fatal: Error in configuration file /Library/Server/Mail/Config/dovecot/dovecot.conf: ssl enabled, but ssl_cert not set
  dovecotd[nnn]: master: Error: service(config): command startup failed, throttling
  /Library/Server/Mail/Config/dovecot/conf.d/10-ssl.conf shows commented out lines:
  ssl_cert
  ssl_key
  ssl_ca
  Solution:
  Go to the Certificates pane of the Server App  and choose Secure Services Using: Custom
  Set IMAP and POP server certificates to to None
  Keep an eye on what the server App is doing to /Library/Server/Mail/Config/dovecot/conf.d/10-ssl.conf
  Now set Secure Services Using: <My single SSL Certificate for all services>
  Keep an eye on what the server App is doing to /Library/Server/Mail/Config/dovecot/conf.d/10-ssl.conf and you should now see all the ssl* settings as you would expect, and pointing to the correct SSL certificate  in /etc/certificates
  Hope this works for you too!

  I had something similar happen. When I do anything with SSL certificates it deletes any regular websites. Only the sites that are setup for https are listed.
  Couldn't understand why my website wasn't working and it turned out that the system had deleted it. The web server had multiple host set and I had to rebuild all the ones that had used port 80. All the ones that use 443 were fine.
  Hope this helps.

• Do i have to configure ssl on cisco unified provisioning manager for it to work. I am running BE6000 9.X

  Do i have to configure ssl on cisco unified provisioning manager for it to work

  Here is the code
  #include <userint.h>
  #include "iface.h"
  #define DAQmxErrChk(functionCall) if( DAQmxFailed(error=(functionCall)) ) goto Error; else    
  int write_onoff(uInt8 HL, const char linename[])
    int         error=0;              // error code (initialized to zero i.e. no error)
    TaskHandle  taskHandle=0;            // task ID for DAQmx
    char        errBuff[2048]={'\0'}; // error message
    // DAQmx Configure Code
    SetWaitCursor(1);
    DAQmxErrChk(DAQmxCreateTask("", &taskHandle));
    DAQmxErrChk(DAQmxCreateDOChan(taskHandle, linename, "", DAQmx_Val_ChanPerLine ));
    // DAQmx Start Code
    DAQmxErrChk(DAQmxStartTask(taskHandle));
    // DAQmx Write Code
    DAQmxErrChk(DAQmxWriteDigitalU8(taskHandle, 1, 1, 10.0, DAQmx_Val_GroupByChannel, &HL, NULL, NULL));
    Error:
      SetWaitCursor(0);
      if (DAQmxFailed(error)) DAQmxGetExtendedErrorInfo(errBuff, 2048);
      if (taskHandle!=0)
        // DAQmx Stop Code
        DAQmxStopTask(taskHandle);
        DAQmxClearTask(taskHandle);
      if (DAQmxFailed(error)) MessagePopup("DAQmx Error", errBuff);  
    return error;  
  } // end write_digital_line
  int CVICALLBACK test (int panel, int control, int event, void *callbackData, int eventData1, int eventData2)
    uInt8 onoff=0;
    if (event==EVENT_COMMIT)
      GetCtrlVal(panel, control, &onoff);
      write_onoff(onoff, "Dev1/port0/line0");
    return 0;  // return 0 to tell the system the message has been handled    

• Configuring SSL in Oracle Apps 11.5.10.2

  Hi,
  I am in the process of configuring SSL in oracle apps 11.5.10.2.
  I am a bit confused with the Note ID: 123718.1. Could you please clarify me on the below things?
  1. SSL can be implemented at three levels,
  (a) Oracle Web/Apache Server Level
  (b) Oracle Form Server Level
  (c) Oracle Database Level
  Can Implement SSL on any one or any two component levels? As per Note:123718.1, we MUST configure SSL for both the Oracle HTTP Server and Oracle Forms Level and these cannot be configured independently.
  2. As per the Note ID: 123718.1, Option 2.1. Certificate Provisioning for Oracle HTTP Server
  Point b in point 2 says to execute "$OPENSSL_TOP/bin/openssl sha1 or* > $HOME/.rnd"
  But which will be the OPENSSL_TOP?
  Please advise on these above two queries.
  Thanks in advance
  Regards,
  Sravan

  Thanks Hussien,
  I have completed SSL configuration at all level including database. Forms are not getting launched. I am getting below error in the Java Console.
  Java Plug-in 1.6.0_23
  Using JRE version 1.6.0_23-b05 Java HotSpot(TM) Client VM
  User home directory = C:\Documents and Settings\sdalav
  c: clear console window
  f: finalize objects on finalization queue
  g: garbage collect
  h: display this help message
  l: dump classloader list
  m: print memory usage
  o: trigger logging
  q: hide console
  r: reload policy configuration
  s: dump system and deployment properties
  t: dump thread list
  v: dump thread stack
  x: clear classloader cache
  0-5: set trace level to <n>
  proxyHost=null
  proxyPort=0
  connectMode=HTTPS
  Exception in thread "thread applet-oracle.forms.engine.Main-2" java.lang.NoClassDefFoundError: oracle/security/ssl/OracleSSLSocketFactory
       at oracle.forms.net.HTTPSStream.<init>(Unknown Source)
       at oracle.forms.net.HTTPConnection.connect(Unknown Source)
       at oracle.forms.engine.Runform.initConnection(Unknown Source)
       at oracle.forms.engine.Runform.startRunform(Unknown Source)
       at oracle.forms.engine.Main.createRunform(Unknown Source)
       at oracle.forms.engine.Main.start(Unknown Source)
       at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  Caused by: java.lang.ClassNotFoundException: oracle.security.ssl.OracleSSLSocketFactory
       at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       ... 8 more
  Caused by: java.io.IOException: open HTTP connection failed:https://sandispa.bp.com:8443/OA_JAVA/oracle/security/ssl/OracleSSLSocketFactory.class
       at sun.plugin2.applet.Applet2ClassLoader.getBytes(Unknown Source)
       at sun.plugin2.applet.Applet2ClassLoader.access$000(Unknown Source)
       at sun.plugin2.applet.Applet2ClassLoader$1.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       ... 13 more
  Thanks,
  Sravan

• NPE when configuring SSL in 9.2

  Hi all,
  I'm trying to configure SSL on WLS 9.2 mp4 but am getting a NullPointerException with no additional helpful information.
  I'm using "Custom Identity and Java Standard Trust." I think the location, type, and password of my identity keystore are correct.
  This is the output I'm getting:
  ####<Jun 7, 2011 11:02:05 AM CDT> <Debug> <SecuritySSL> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1307462525894> <000000> <SSLContextManager: initializing SSL context for channel DefaultSecure>
  ####<Jun 7, 2011 11:02:05 AM CDT> <Debug> <SecuritySSL> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1307462525894> <000000> <SSLContextManager: loading server SSL identity>
  ####<Jun 7, 2011 11:02:05 AM CDT> <Debug> <SecurityEncryptionService> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1307462525894> <000000> <1307462525894 : [ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)' : starting decrypt operation>
  ####<Jun 7, 2011 11:02:05 AM CDT> <Debug> <SecurityEncryptionService> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1307462525894> <000000> <1307462525894 : [ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)' : done with decrypt operation>
  ####<Jun 7, 2011 11:02:05 AM CDT> <Notice> <Security> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1307462525894> <BEA-090171> <Loading the identity certificate and private key stored under the alias weblogicssl from the JKS keystore file c:\projects\ssl\keystore.>
  ####<Jun 7, 2011 11:02:05 AM CDT> <Error> <WebLogicServer> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1307462525894> <BEA-000297> <Inconsistent security configuration, java.lang.NullPointerException>
  ####<Jun 7, 2011 11:02:05 AM CDT> <Error> <Server> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1307462525894> <BEA-002618> <An invalid attempt was made to configure a channel for unconfigured protocol "null".>
  I've turned on all the debug output I can find.
  I also wrote a little java program that reads the keystore and prints out its contents. Nothing looks wrong to me. I also tried using a known-good keystore from one of our other servers, both in my test app and in WL. Test app shows the same output for both stores with the exception of the things I expect to be different, like DN. WL also fails with the same error.
  Any idea what the problem is or how to debug this further?
  thanks

  Thanks for the response.
  That is the correct name. I should probably change it to keystore.jks but I was following the example of the common trust store named cacerts.
  SSL is enabled with port 7002.
  JVM versions are the same.
  Keytool works fine with it. It shows 1 cert, which is what I expect. The alias is correct. I know the keystore password but I don't know the private key password. I might try generating a new pw and make sure to set and remember a pw on the key itself.
  thanks

• Unable to configure SSL certificate on Apex

  I am trying to configure ssl certificate in one apex application.
  http://docs.tpu.ru/docs/oracle/en/oas/10.1.2.0.0/web.1012/b14007/ssl.htm#i1031859
  as per the above document first step is create a wallet with SSL certificate information.
  While creating wallet i am trying to import the CA certificate and User Certificate.
  But i am not able to import the certificates properly. I am getting error messages.
  Error Message :
  User certificate installation failed
  Possible Errors;
  -- Input was not a valid certificate.
  -- No matching certificate was found
  -- CA certificate is needed for certificate chain not found please install it first.
  What could be the reason for this. and solution for this problem ?

  Yes I am using OWM ( Oracle Wallet Manager)
  First I have created a new wallet and then i did create service request.
  Then Import user certificate and import CA certitificates are enabled.
  Then tried to import the certificates above mentioned errors are coming.....
  Yes first i imported the CA certificate then i imported the user certificate using the wallet manager. I used the copy - paste certificate method while importing.
  Any how if do import user certificate first it will show an error saying install ca certificate first.
  Message was edited by:
  Santhosh Kumar T

• Configuring SSL for Real-Time Collaboration

  Hi,
  We installed OCS10gR1 because we want to use Real-Time collaboration for delivering support. At this moment we are trying to configure SSL. We already worked through the following guides :
  - Real-time collaboration admin guide
  - OCS admin guide
  - OCS Security guide
  - OPMN admin guide
  but it's still very fuzzy. It's hard to get a clear overview about the steps to follow to get SSL working for RTC. Is there some kind of "cookbook" or simple guide which describes all the steps in a clear way.
  Thank you

  Hi,
  I ran the SSLconfigTool.sh script on the Infrastructure with success but the midtierSSLConfigTool.sh script didn't come to an end. Probably, I ran the script with the wrong options. I used the following options :
  <oid hostname> gary.woerden.centric (hostname on which ocs resides)
  <oid port> 389 (default)
  <oid admin dn> I filled in orcladmin, but maybe dn=woerden,dn=centric would be better ???
  <http server SSL port> 8250 (from portlist.ini)
  <https> internet_appserver_registry (I really didn't know what value this must be)
  <hostname of the computer> gary.woerden.centric
  <True | False> False
  The output of the script midtierSSLConfigTool.sh with the options mentioned above:
  Modifying Collaboration Suite service registry
  Exception in thread "main" javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
  at oracle.ldap.util.jndi.ConnectionUtil.returnInitialLdapContext(ConnectionUtil.java:492)
  at oracle.ldap.util.jndi.ConnectionUtil.getDefaultDirCtx(ConnectionUtil.java:135)
  at oracle.ldap.util.jndi.ConnectionUtil.getDefaultDirCtx(ConnectionUtil.java:157)
  at URLUpdate.main(URLUpdate.java:32)
  Done. Please go to /opt/oracle/product/10.1.1/ocs/apps/imeeting/logs/rtcctl directory to check the log file.
  Starting the SSL Configuration Tool...
  Log file recording the current execution is '/home/oracle/SSLConfigTool_20051104_091126.log'.
  Below is the command line you have entered:
  SSLConfigTool -config_w_default -opwd ******** -ptl_dad portal -ptl_inv_pwd ********
  Executing command:
  /opt/oracle/product/10.1.1/ocs/apps/bin/ldapbind -h gary.woerden.centric -p 636 -U 1
  Querying password for Portal from OID.
  Executing command:
  /opt/oracle/product/10.1.1/ocs/apps/bin/ldapsearch -h gary.woerden.centric -p 636 -D cn=orcladmin -w ******** -U 1 -b "OrclResourceName=Portal,orclReferenceName=ocs.woerden.centric,cn=IAS Infrastructure Databases,cn=IAS,cn=Products,cn=OracleContext" -s sub "objectclass=*" orclpasswordattribute
  Exit code: 0
  Executing command:
  /opt/oracle/product/10.1.1/ocs/apps/dcm/bin/dcmctl updateConfig
  Executing command:
  /opt/oracle/product/10.1.1/ocs/apps/opmn/bin/opmnctl stopproc ias-component=dcm-daemon
  Configuring HTTPS for your ORACLE_HOME at:
  /opt/oracle/product/10.1.1/ocs/apps
  Backing up file '/opt/oracle/product/10.1.1/ocs/apps/opmn/conf/opmn.xml' to file '/opt/oracle/product/10.1.1/ocs/apps/opmn/conf/opmn.xml.orig_SSLConfigTool'.
  Backing up file '/opt/oracle/product/10.1.1/ocs/apps/Apache/Apache/conf/ssl.conf' to file '/opt/oracle/product/10.1.1/ocs/apps/Apache/Apache/conf/ssl.conf.orig_SSLConfigTool'.
  Backing up file '/opt/oracle/product/10.1.1/ocs/apps/webcache/webcache.xml' to file '/opt/oracle/product/10.1.1/ocs/apps/webcache/webcache.xml.orig_SSLConfigTool'.
  Backing up file '/opt/oracle/product/10.1.1/ocs/apps/webcache/webcache.xml' to file '/opt/oracle/product/10.1.1/ocs/apps/webcache/webcache.xml.tmp'.
  Executing command:
  /opt/oracle/product/10.1.1/ocs/apps/sso/bin/ssoreg.sh -oracle_home_path /opt/oracle/product/10.1.1/ocs/apps -site_name SSLConfigTool_ssl_ocsapps.gary.woerden.centric -config_mod_osso TRUE -mod_osso_url https://gary.woerden.centric:8250 -u root
  Backing up file '/opt/oracle/product/10.1.1/ocs/apps/j2ee/OC4J_Portal/applications/portal/portal/WEB-INF/web.xml' to file '/opt/oracle/product/10.1.1/ocs/apps/j2ee/OC4J_Portal/applications/portal/portal/WEB-INF/web.xml.orig_SSLConfigTool'.
  Backing up file '/opt/oracle/product/10.1.1/ocs/apps/portal/conf/iasconfig.xml' to file '/opt/oracle/product/10.1.1/ocs/apps/portal/conf/iasconfig.xml.orig_SSLConfigTool'.
  Executing command:
  /opt/oracle/product/10.1.1/ocs/apps/portal/conf/ptlconfig -encrypt
  Executing command:
  /opt/oracle/product/10.1.1/ocs/apps/portal/conf/ptlconfig -dad portal -pw ********
  Backing up file '/opt/oracle/product/10.1.1/ocs/apps/sysman/emd/targets.xml' to file '/opt/oracle/product/10.1.1/ocs/apps/sysman/emd/targets.xml.orig_SSLConfigTool'.
  Executing command:
  /opt/oracle/product/10.1.1/ocs/apps/dcm/bin/dcmctl updateConfig
  This last command didn't come to an end.
  Can you tell me what options are wrong and can I run the script again or should I first backup the backupped files ?
  Thanx in advance!

• Configuring SSL/SSF on MiniWAS

  Has anyone successfully configured SSL/SSF on the MiniWAS system?  I have downloaded both the SAP security and cryptographic libraries and placed the files in my root directory. In transaction STRUST my system PSE is in a red status, when I try to view the certuficate is prompts for a password but I have no idea what this is. If I recreate the PSE I get the same issue.
  Thanks,
  Pete

  Hi Craig,
  did you succeed on activating SSF? I tried the whole weekend to establish a correct installation of the SSF (SAPSYS.pse). In transaction strust there is always an error(error during test signature), and the system ist asking for a password?
  SM21: SSF_KRN_SIGN_BY_AS: Function Returned 5    
  1) I searched a lot of notes
  2) downloaded the newest secu-libs, installed them
  3) Recreated the .pse, deleted it, ...
  4) tried to import a manual generated SAPSYS.pse (sapsecin, also sapgenpse (try - crypto - not necessary)
  5) searched all dev_* o.k. SSF ist correcty initialized
  6) tried to set the W2K environment variables USER/SECUDIR
  I patched my SAPDB to 7.3.0.54, my kernel is 1609, Service Packs SAPKB62046, SAPKA62046.
  PS: What i really want to do is to connect to a Content Server 6.30 (signed http request)
  Regards,
  Christian

• Error reading configuration file

  I've setup the Adobe Access 4.0 trial license server and when I run the Validator.bat with -g -r on the Tomcat install dir \licenseserver I get an 'Error reading configuration file' message. Here is the log dump:
  [] 2012-12-20 22:46:32,176 INFO  [[Partition(flashaccessserver)].com.adobe.flashaccess.server.license.context.SimpleContex tFactory] Creating class loader for partition 'flashaccessserver' with libraries '[file:/c:/Tomcat6/licenseserver/flashaccessserver/libs/, file:/c:/Tomcat6/licenseserver/flashaccessserver/libs/flashaccess-license-server-ext-samp le.jar]'
  [] 2012-12-20 22:46:32,582 ERROR [[Partition(flashaccessserver)].com.adobe.flashaccess.server.license.tools.Validator] Failed to validate tenant deployment 'flashaccessserver/sampletenant'
  com.adobe.flashaccess.server.common.configuration.ConfigurationException: Error reading configuration file
            at com.adobe.flashaccess.server.license.configuration.commonsadapter.Constants.parseTenantCo nfigurationStream(Constants.java:139)
            at com.adobe.flashaccess.server.license.configuration.commonsadapter.TenantConfigurationImpl .<init>(TenantConfigurationImpl.java:110)
            at com.adobe.flashaccess.server.license.configuration.commonsadapter.CommonsConfigurationBas edFactory.getTenantConfiguration(CommonsConfigurationBasedFactory.java:90)
            at com.adobe.flashaccess.server.license.tools.Validator.validateTenantDeployment(Validator.j ava:255)
            at com.adobe.flashaccess.server.license.tools.Validator.validatePartitionDeployment(Validato r.java:283)
            at com.adobe.flashaccess.server.license.tools.Validator.validateGlobalDeployment(Validator.j ava:301)
            at com.adobe.flashaccess.server.license.tools.Validator.process(Validator.java:173)
            at com.adobe.flashaccess.server.license.tools.Validator.main(Validator.java:117)
  Caused by: org.apache.commons.configuration.ConfigurationException: Unable to load the configuration
            at org.apache.commons.configuration.XMLConfiguration.load(XMLConfiguration.java:863)
            at org.apache.commons.configuration.XMLConfiguration.load(XMLConfiguration.java:821)
            at com.adobe.flashaccess.server.license.configuration.commonsadapter.Constants.parseTenantCo nfigurationStream(Constants.java:134)
            ... 7 more
  Caused by: org.xml.sax.SAXParseException; lineNumber: 121; columnNumber: 16; cvc-complex-type.2.4.b: The content of element 'KeyServer' is not complete. One of '{"http://licenseserver.flashaccess.adobe.com/tenant":File}' is expected.
            at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(Unkno wn Source)
            at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.error(Unknown Source)
            at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(Unknown Source)
            at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(Unknown Source)
            at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(Unknown Source)
            at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportErro r(Unknown Source)
            at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.reportSchemaError(Unknown Source)
            at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.elementLocallyValidComplexT ype(Unknown Source)
            at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.elementLocallyValidType(Unk nown Source)
            at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.processElementContent(Unkno wn Source)
            at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.handleEndElement(Unknown Source)
            at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.endElement(Unknown Source)
            at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(Unk nown Source)
            at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDri ver.next(Unknown Source)
            at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(Unknown Source)
            at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(Unknown Source)
            at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unkno wn Source)
            at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
            at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
            at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(Unknown Source)
            at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(Unknown Source)
            at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(Unknown Source)
            at org.apache.commons.configuration.XMLConfiguration.load(XMLConfiguration.java:855)
            ... 9 more
  I'm using a relative path to my .pfx file for both the transportServerCredential and licenseServerCredential in the flashaccess-tenant.xml and my password has been scrambled using the Scrambler.bat.
  Also, when I verify setup using http://<LicenseServer>:8080/flashaccessserver/flashaccess/license/v2 I get the message 'License server is setup correctly.'
  Any ideas of why the Validator.bat can't read the configuration file?

  I agree with you that if I can successfully playback content the license serve is setup successfully. Here is what I've tried and how I've set things up:
  I have my license server setup (its the Protected Streaming version).
  I'm using Adobe Media Server as my content/packaging server. I successfully served Vanilla PHLS sample streams to the sample Adobe Access player on iOS devices.
  I have configured the Adobe Media Server to point to the license server and certificates as per the documenation and this Adobe Dev article (http://www.adobe.com/devnet/adobe-media-server/articles/content-protection-using-phds-phls .html). Since I am using a trial version of Adobe Access my .der files are the same for transport and packaging.
  I am using the local key mode to remove one more variable (I have setup a remote key server as well).
  I have placed a copy of the 'vod-policy.pol' policy file from the reference license server resources directory in my Adobe Media Server 'creds' directory and used the relative path '..creds/vod-policy.pol' in the httpd.conf file.
  When I attempt to load the sample stream http://<mymediaserver>/hls-vod/sample2_1000kbps.f4v.m3u8 using the Adobe Access sample player on my iOS device I receive the following errors in the player:
  DRM error Major[3363] minor:[0] NSError:(null)]
  From my knowledge of working with the Adobe Access Objective C library to create a PhoneGap plugin it appears that a decrypted playlist is not being returned by the Adobe Media Server. Additionally, I can find no information in the Adobe Media Server or Adobe Access logs that pertain to my setup.
  I would love to have someone from Adobe speak to the problems I am having. I find the documentation to be hit and miss and most of my successful results during this proofing process have been from piecing together disparate pieces of information and trial and error. Information on using the Adobe Media Server with Adobe Access is limited to one Devnet article (above) and the help in Adobe Media Server that doesn't explain pathing to the license server or Java policy files in any detail.
  Colour me frustrated