How do I add a trusted certificate to my server?

Hi,
I'm running WebLogic 9.2.2 on Solaris 9. I have two WL instances -- rhonti2 and rhonti. I am trying to make an HTTPS connection from rhonti2 to rhonti, but getting the error you see below. How do I make one machine trust the other? Thanks, - Dave
javax.xml.rpc.ServiceException: Failed to parse WSDL https://rhonti:4040/NPSEnumWebService/1.0/service?WSDL weblogic.wsee.wsdl.Wsdl Exception: Failed to read wsdl file from url due to -- javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain received from rhonti - 147.191.71.90 was not trusted causing SSL handshake failure.
at weblogic.wsee.jaxrpc.ServiceImpl.throwServiceException(ServiceImpl.java:163)
at weblogic.wsee.jaxrpc.ServiceImpl.loadWsdlDefinition(ServiceImpl.java:446)
at weblogic.wsee.jaxrpc.ServiceImpl.<init>(ServiceImpl.java:108)
at npsenum.client.delegate.NPSEnumWebService_Impl.<init>(NPSEnumWebService_Impl.java:21)
at npsenum.client.delegate.NPSEnumWebService_Impl.<init>(NPSEnumWebService_Impl.java:17)
at npsenum.client.delegate.NPSEnumClientDelegate.getEnumService(NPSEnumClientDelegate.java:93)
at npsenum.client.delegate.NPSEnumClientDelegate.deleteEnumTNRoutingRecord(NPSEnumClientDelegate.java:160)
at com.comcast.safariview.cedarpoint.providers.CPProvider.deleteEnumTNRoutingRecord(CPProvider.java:597)
at com.comcast.safariview.cedarpoint.providers.CPProvider.deleteSubscriber(CPProvider.java:430)
at com.comcast.safariview.cedarpoint.ejb.sb.CPQueryBean.deleteSubscriber(CPQueryBean.java:135)
at com.comcast.safariview.cedarpoint.ejb.sb.CPQueryBean_c1mfhc_EOImpl.deleteSubscriber(CPQueryBean_c1mfhc_EOImpl.java:1007)
at com.comcast.safariview.cedarpoint.ejb.sb.CPQueryBean_c1mfhc_EOImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:550)
at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:224)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:440)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:436)
at weblogic.rmi.internal.BasicServerRef.access$300(BasicServerRef.java:58)
at weblogic.rmi.internal.BasicServerRef$BasicExecuteRequest.run(BasicServerRef.java:975)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
Caused by: weblogic.wsee.wsdl.WsdlException: Failed to read wsdl file from url due to -- javax.net.ssl.SSLKeyException: [Security:0                          90477]Certificate chain received from rhonti - 147.191.71.90 was not trusted causing SSL handshake failure.
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:313)
at weblogic.wsee.wsdl.WsdlDefinitions.parse(WsdlDefinitions.java:362)
at weblogic.wsee.wsdl.WsdlFactory.parse(WsdlFactory.java:50)
at weblogic.wsee.jaxrpc.ServiceImpl.loadWsdlDefinition(ServiceImpl.java:437)
... 20 more
Caused by: javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain received from rhonti - 147.191.71.90 was not trusted c ausing SSL handshake failure.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:153)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:367)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:149)
at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:59)
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
... 23 more

Well, I've taken a look at your screenshot and it seems you're mixing up the places where the configuration has to be done.
The stuff you added is taken into account only if you start your server with the NodeManager (which is probably not the case since there some information missing).
Then your conf has to be done in the start script.
Or, you can leave your scripts untouched and play with keystores. It's not hard but you better have to know what you're doing if you don't want to mess with your server.
I wrote an article which gives the basis on keystores : http://m-button.blogspot.com/2008/11/how-to-configure-weblogic-to-use-ssl.html
Take a look at it as well.
Last solution, which could be a good one if you're in development, you may turn off the security check that seems to get on your nerves.
To do so, go on each server, and disable the hostname verifier :
http://edocs.bea.com/wls/docs100/ConsoleHelp/taskhelp/security/DisableHostNameVerification.html
Tell me if you need more help.
(I may be a lil slow to answer since I'm pretty busy these days ... but I'll do my best)
Regards.

Similar Messages

  • How do you add a gift certificate to your account?

    How do you add a gift certificate to your account?
    AJBG

    I think its the same process as adding an itunes card just go to redeem and type in the code.

  • How can I add a new certificate to be used with SFTP

    Hi,
    I wanted to know how to add a new certificate (from MS server) so it can be used by sftp. I tried certtool, but got error messages. It's a DSA cert, and I need to secure ftp to this site.
    Thanks in advance

    Hi Bob,
    > Certs, keys same difference;
       Do you regularly state your own misconceptions as if they are fact? Your lack of precision and detail make even correcting those misconceptions problematic but I'll assume that you're referring to X.509 certificates and try. X.509 certificates contain keys but they are hardly the same thing. Most important, the X.509 specification implies a mechanism of distribution and usage entirely different from the manner in which OpenSSH handles keys internally.
       The SSH applications of SSH Communications, Inc. have X.509 certificate support builtin but I don't know if they have a client for Mac OS X. Roumen Petrov has written patches for OpenSSH that are purported to allow it to use X.509 certificates. A thread on comp.security.ssh contains a link to the source code of a utility for extracting keys from X.509 certificates and reformatting them for use with OpenSSH.
       Using the correct terminology is not only conducive to fruitful communication, it helps in using Google to search for relevant reference material. Hopefully being armed with the correct terminology will help you find the information to accomplish whatever it is you're trying to do.
    Gary
    ~~~~
       Marvelous! The super-user's going to boot me!
       What a finely tuned response to the situation!

  • How do I add a trusted connection one time in firefox?

    I have a user who is trying to access my department's external site. The pages that she is trying to access pulls data from a different domain (One in our DMZ) than the external host domain. This DMZ domain is a trusted domain and pulling data from this domain has worked well for years on multiple browsers without incident. Now for every other page that hits this internal DMZ server the user is getting "This connection is not trusted" and has to go through the manual exception dance to see her data. We host hundreds of pages and having to do this for each one is going to drive people to grab another browser quickly. I got this user working on Chrome without a problem and have tested it in IE without problem.
    I have recreated the cert8.db file in her profile and run into the same problem after reboot.
    How do I add a trusted connection for this domain one time?

    This should add the permanent exception:
    [https://support.mozilla.org/en-US/kb/connection-untrusted-error-message#w_bypassing-the-warning Connection Untrusted Error Message: Bypassing the Warning]
    However if it is not staying until the next time that the user opens up Firefox, is it possible that they are in permanent private browsing? [[Private Browsing - Browse the web without saving information about the sites you visit]] - that should have instructions to get in and out of it.

  • How can I add a trusted application to my Verizon Fios Firewall?

    How can I add a trusted application to my Verizon Fios Firewall? I access these settings via browser at  192.168.1.1

    I'm having dropped connection problems while using VyprVPN. My Usenet tech support said,
    "For good measure, it may be a wise idea to set VyprVPN itself as a trusted application in your firewall/antivirus programs, or temporarily disable those programs to see if the issue persists. It could be that one of those programs is closing the port after a certain amount of time. If you are behind a router, bypassing it and connecting straight to your modem may rule out timing-related port issues there as well."
    I was able to work with my A/V program, but can't figure out how to set it truste/port forward on the router/firewall.

  • How should I add an automated procedure to my server

    Hi,
    I have Mac OS X Server 10.3.9 running on a eMac.
    I wondered how could I add and automated procedure to my server, I explain.
    I have a dyn IP provider (no-ip.com) who accepts IP updates via http GET request with a URL like this : http://dynupdate.no-ip.com/dns?username=[email protected]&
    password=mytestpassword&hostname=mytest.testdomain.com
    Is there a way to get this line executed every 5 minutes with the server ?
    Sorry for my bad english but regards to those who are able to answer
    eMac   Mac OS X (10.3.9)   Server

    I succeded with the curl method
    applaus ;o)
    Now I'm working with crontab and I try to understand it
    The system crontab is /etc/crontab. Edit it with the command line editor of your choice. If you happen to do not know one, the simpelst one imo is pico.
    Try it out with pico testfile.
    For the crontab syntax see my first post. You have to add a line like:
    0 0 * * * philippe curl "http://..../"
    This would start curl once a day at midnight.
    Thanks for the help very useful
    Points, points, points.... ;o)
    -Ralph

  • How do you know if trust certificate error about imap.aol server is the result of an imposter or the "real" aol imap server?

    I keep receiving a trust certificate error about imap.aol server. Says it may be the result of an imposter or the "real" aol imap server?  How do you determine if the trust certificate is for an imposter?

    Please post a direct link to the page you're having trouble with.

  • How do I add a trusted site?

    I need to know how to add a trusted site on my firefox for andriod phone.

    I have a secure site that requires specific settings. It wants me to allow ActiveX and add it to my trusted sites.
    This is a site that I use for work. Normally I use IE at the office but I have been told that it should work with firefox as well.

  • Safari & Citrix: How to undo "Do Not Trust" Certificate after clicking

    I mistakenly clicked "Do Not Trust Certificate" in the Safari pop-up Certificate Verification window (instead of "Trust") while trying to download GoToMeeting software to join a Citrix online meeting. Now I am unable to download the GoToMeeting program. How do I change this so that Safari will accept and "Trust" the certificate?

    Thank you for your quick response and for the link. I just had a quick question about exporting a certificate: Is that equivalent to deleting it so that Safari won't remember whether or not to "Trust" or "Do Not Trust" it? I am assuming this means that I would need the name of the certificate as well. What happens if I delete my certificates saved in my keychains?
    I did not get a chance to follow it because that day I ended up accessing the online meeting through Firefox. Saturday, I had another online Citrix www2.gotomeeting.com meeting so I tried using Safari again just to see what would happen. Safari didn't seem to recognize that I had selected "Do Not Trust" 4 days before and instead prompted me with the option to "Trust". I am just wondering how that happens because I didn't change anything in the keychain.

  • How do I add an objectclass to existing LDAP server entry using an ldif file?

    I am trying to fix an LDAP server that has been operating with schema check off. I need to add an objectclass to the groups so that some attributes that have been added to the groups will be "legal." From the documentation, the changetype: modify will allow the changing/adding of attributes that are already a part of the schema objects that define the entry. It does not look like I can add an objectclass with the modify operation.
    If this is the case, then how do I add an objectclass to an existing entry? Using the GUI is not possible since the directory server in question is not being managed with an admin server. Please tell me that I do not have to delete the groups and import them again with an LDIF file that has the new objectclass added.
    Kent

    See this post:
    http://softwareforum.sun.com/servlet/ProcessRequest?RHIVEID=181&RPAGEID=135&HOID=50B500000008000000636B0000&USEARCHCONTEXT_CATEGORY_0=_21_%24_7_&USEARCHCONTEXT_CATEGORY_S=0&UCATEGORY_0=_21_%24_7_&UCATEGORY_S=0

  • URG !!!!!!! How do i add the conext information to my server.xml of tomcat

    Hi ,
    I want to add the conext information to my server.xml of tomcat for my hibernate configuration.....
    the conext information is as follows ....
    <Context path="/quickstart" docBase="quickstart">
    <Resource name="jdbc/quickstart" scope="Shareable" type="javax.sql.DataSource"/>
    <ResourceParams name="jdbc/quickstart">
    <parameter>
    <name>factory</name>
    <value>org.apache.commons.dbcp.BasicDataSourceFactory</value>
    </parameter>
    <!-- DBCP database connection settings -->
    <parameter>
    <name>url</name>
    <value>jdbc:postgresql://localhost/quickstart</value>
    </parameter>
    <parameter>
    <name>driverClassName</name><value>org.postgresql.Driver</value>
    </parameter>
    <parameter>
    <name>username</name>
    <value>quickstart</value>
    </parameter>
    <parameter>
    <name>password</name>
    <value>secret</value>
    </parameter>
    <!-- DBCP connection pooling options -->
    <parameter>
    <name>maxWait</name>
    <value>3000</value>
    </parameter>
    <parameter>
    <name>maxIdle</name>
    <value>100</value>
    </parameter>
    <parameter>
    <name>maxActive</name>
    <value>10</value>
    </parameter>
    </ResourceParams>
    </Context>
    Where in my server.xml should i put

    I don't think you should have to edit the server.xml
    at all. your app can have its own context.xml that
    obviates the need for editing server.xml
    %I did try that in many permutations. For some reason, the server.xml worked for me in 5.5 but not the context.xml. (Granted, it was late on Friday and I might have missed a step). :^)
    - Saish

  • How do I add a trusted site to FIrefox? Is there a list someplace that I can update? This is not a Java issue (ie. being able to run Java on a trusted site)

    I'm working at another company's site on their secure network. They use Microsoft's ShareCenter as a collaborative work environment and have told me I need to add their domain names (....company.com) to my list of trusted sites in Firefox in order to open the pages for their work environment.

    hello live2ski, "trusted sites" is a concept of internet explorer that doesn't exist in firefox in this form, so i'm unsure what their instructions would be referring to.
    you can edit certain permissions of a particular domain while you're on that page, right click on a blank spot and go to ''view page info > permissions''...

  • How can I add a trusted site in Safari to access our secure Sharepoint site from the internet?

    My company has a secure sharepoint site that we access from the internet that requires our Active Directory logon. The Safari on the iPad does not allow you to add the URL as a trusted site and thus it prompts you for your username and password multiple times when navigating to various content.  The solution for full blown browsers is to just add the URL as a trusted site in your browser security settings.  Is there a work around for this or will Apple perhaps add this capability to add trusted sites to the mobile version of Safari?

    Non-Windows browsers do not have a concept of a "trusted" site. In Windows, IE and Chrome do not repeatedly prompt for credentials because they use the user's login credentials on the desktop. Other devices do not have this capability. Instead,
    you need to use something like ADFS to authenticate users.
    Trevor Seward
    Follow or contact me at...
    &nbsp&nbsp
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

  • HT1679 How do you add a PKI certificate to "My Certificates?"

    I read the Apple KB article about getting certain individual certificate-requiring websites connected with PKI certificates, but it assumes the necessary certificates are already visible in the "My Certificates" category of the Keychain Access app.  What if I have a certificate from my work computer that shows up in the "Certificates" category but not the "My Certificates" category?  Is there any way to get them transferred into the "My Certificates" category so that Safari will recognize them?
    Brian Green

    I think its the same process as adding an itunes card just go to redeem and type in the code.

  • How Can I Add mod_ssl to Built In Apache Server?

    Hi,
    I would like to add mod_ssl as a DSO module to the Apache web server that comes with Solaris 9. However I have been unable to find any decent instructions on how to do so. Any help would be appreciated. I have included below a post I have made to a newsgroup which summarises what I have tried so far.
    ---Newsgroup Post---
    I have been following the instructions for adding mod_ssl to the integrated httpd server in Solaris that was posted here last year (a copy is included below). I am attempting to install mod_ssl onto a Solaris 9 system and I am using the relevant version of mod_ssl. It is my preferance to do it this way, retaining the included version of httpd, rather than to install the web server from another source.
    Anyway, after following the instructions below I have attepted to launch the htppd server and receive the following error message:
    Syntax error on line 252 of /etc/apache/httpd.conf:
    Cannot load /usr/apache/libexec/libssl.so into server: ld.so.1: /usr/apache/bin/httpd: fatal: relocation error: file /usr/apache/libexec/libssl.so: symbol __umoddi3: referenced symbol not found
    ./apachectl start: httpd could not be started
    Can anyone tell me how I might resolve this problem?
    Regards,
    Bernard Lineham
    ---Previous Message---
    Well, first of all, why are you using the Sun Freeware apache? Solaris 8
    ships with apache as well, and if you're up-to-date with your patches,
    you will have 1.3.26 and Sun will take care of backporting any security
    issues.
    Here is my procedure for adding SSL support to the Sun Apache:
    1. Make sure you have the the SUNWapchr and SUNWapchu packages installed.
    2. Make sure you have the latest Apache patch from Sun installed. For
    Solaris 8, that would be patch number 109234 (get the highest revision).
    3. You need to have OpenSSl installed.
    4. Now unpack the modssl-distribution (you will need the one that goes
    with your apache-version, in this case 2.8.9)
    5. ./configure with-apxs=/usr/apache/bin/apxs with-ssl=SYSTEM
    6. You should patch line 23 of pkg.sslmod/Makefile to read:
    SSL_LDFLAGS=-L$(SSL_LIBDIR) -R$(SSL_LIBDIR)
    This ensures that your modssl will be able to find openssl later on.
    7. make
    You could now take the file pkg.sslmod/libssl.so and dump it in
    /usr/apache/libexec, then add the appropriate statements to your
    httpd.conf. But for extra bonus points, we're going to make a package
    instead.
    Create a file called 'prototype' in the mod-ssl directory, with these
    contents:
    f none /usr/apache/libexec/libssl.so=pkg.sslmod/libssl.so 755 root other
    i ./pkginfo
    Create a file called 'pkginfo' in the mod-ssl directory with these contents:
    PKG=Apmodssl
    NAME=Apache modssl
    ARCH=sparc
    VERSION=2.8.9
    CATEGORY=system
    VENDOR=none
    [email protected]
    CLASSES=none
    (you might want to change the 'email' setting
    Now run 'pkgmk -o' and you will find your new package in /var/spool/pkg.
    To install (only now do we need root permissions):
    pkgadd Apmodssl
    If you were to install mod-ssl the 'regular' way (recompiling all of
    apache etc) it would modify the httpd.conf for you, quite extensively.
    This procedure (on purpose) does not modify the httpd.conf at all.
    Some of the changes you will need to activate your modssl are:
    Add a 'LoadModule ssl_module libexec/libssl.so'
    If your httpd.conf has a ClearModule statement, and then a bunch of
    AddModule statements, do as the Romans do and add:
    'Addmodule mod_ssl.c'
    Add to the type-specifications:
    'AddType application/x-x509-ca-cert .crt'
    'AddType application/x-pkcs7-crl .crl'
    'Listen 80 443'
    And a -lot- of SSL specific statments that is a bit much to reproduce
    here. Mail me if you get this far. Or run a diff between a pristine
    httpd.conf and one mangled by modssl.
    Now this all works because Sun explicitly compiled their Apache to work
    this way. If you want to know all the flags they used, install the Sun
    package SUNWapchS (and reinstall the Apache patch so your sources are up
    to date, too). Then look in /usr/src/apache/README.sfw which tells how
    they compiled their apache. The procedure above might just as well work
    for the SunFreeware version, -if- they compiled with EAPI and
    --enable-shared.<br />
    Hope this helps a bit.
    Regards, Paul Boven.

    The version of Apache that comes default with Solaris might not be compiled for that I am not positive though. I downloaded and compiled Apach 2 and compiled mod_ssl and got it working with no problems you might want to try that.

Maybe you are looking for

  • It un

    most of my applications on my macbook will not open (ichat, mail, iphoto, etc..). It tells me that the application has quit unexpectedly, mac OS X and other applications are not affected. Click relaunch to launch the application again. Click report t

  • Can't Open Adjustment Layers

    (I have Photoshop CS6 for Windows 8) Whenever I try to open an Adjustment Layer of any kind, whether it be Hue/Saturation, Brightness/Contrast, Curves, etc, Photoshop closes out. Well, not close out, but more like disappear. It will show up as runnin

  • MacBook Pro (early 2008) + Matrox TripleHead2Go Digital Clamshell Problem

    Hi there, I got a problem with my MBP and Matrox's TripleHead2Go Digital. This device connects to the MBPs DVI Port and splits the Video Signal into 3 equal parts to show them on 3 19" displays. It pretends there is only ONE ultra-widescreen display

  • Slow exporting slide show as video.  4 days less than 10%

    I am exporting a timelapse of 1900 Small Raw slide show images as video.  It can run for 4 days and not much seems to happen. I had done 1500 images in less than an hour before and they were larger files.  What can I do?

  • Ipod 4G song problem

    I have a ipod 4G 64 gb touch I just got before Thanksgiving.  It was syncing fine up untill about a month ago.  I noticed all the some of the artists were out of alphabetical order and the letter seperator was not working.  I have done system restore