IHat : connecting to an SSL-enabled opmn notifcation server

Similar Messages

• What should be done in certmap.conf for 2-way SSL support from a standalone Java application to an SSL enabled LDAP Server

  To support certficate based client authentication using 2-way SSL from a standalone java application which uses JNDI and JSSE1.0.2 to connect to an SSL enabled LDAP Server how do we configure the certmap.conf?Is there any additional setup required at the LDAP Server side apart from enablinf SSL with the option"Required Client Authentication" enabled.The 2 way SSL handshake goes through but the access log file (After configuring the certmap.conf for the issuer DN of the client certficate etc..)shows SSL failed to LDAP DN?But inspite of this access log error the Java client does get an SSL Connection object with which it is able to connect to the LDAP.IS the certmap.conf file being looked up by the LDAP Server at all?

  have you out.flush() and out.close() before you call connection.getInputStream()?

• Problems in accessing an SSL enabled site through Weblogic 6.1

  Hi,
  We want to connect to an SSL enabled site (https://test.SalesForce.com) through Weblogic 6.1. We are using JDK1.3.1_08 and Apache axis.
  We have followed the appropriate steps explained in the URL -
  http://www.pankaj-k.net/WSOverSSL/WSOverSSL-HOWTO.html
  As mentioned in the above link, we made the configurations in JDK 1.3.1_08 to put the jsse.jar and other important JARs in jre\lib\ext folder and also updated the java security file to add the proper "Provider".
  After that we tried to execute the test application to connect to an SSL site specified in it. It is a stand alone Java application and connects to the site and reads the bytes of the home page and displays them on the console.
  When we tried to connect the SalesForce test site, we figured out that we were able to connect to the site and were able to read entire stream of bytes.
  Then we copied the same code in a sample JSP, set the JDK1.3.1_06 as the JAVA_HOME for Weblogic6.1 and tried to connect to our test site through that JSP.
  We observed that it is connecting to the site but reading just a few initial bytes and not the entire stream.
  When we tried the same steps with Weblogic8.1 and JDK1.4.2_X, it works fine and reads the entire page with Weblogic8.1 as client.
  So, we observed that the standalone application works fine with JDK1.3.1_08, it also works fine on the the Weblogic 8.1 and JDK1.4.2_x combination, but when we use Weblogic6.1 and JDK1.3.1_08, it does not work properly.
  Is there any setup issue in Weblogic 6.1 regarding connecting to a SSL enabled site?
  Our actual problem scenario is a bit different than this, but we are sure that it is related to this situation and a solution to this problem can resolve the actual problem.
  Another question we have is do we need to configure SSL in Weblogic 6.1 and also care for installing certificates evenif Weblogic 6.1 in this case is a mere client?
  We have tried to connect to the same site using Weblogic 8.1 and JDK1.4.2_X. We did not require any kind of certicates in that case. Hence I want to clear my doubt.
  Please help.

  Hello,
  Just wondering if you ever found a solution to this problem. We are suffering just about the exact same issue, where our environment with WebLogic 6.1 SP4 cannot access an SSL enabled site, but our WebLogic 8.1 SP2 upgrade environment can. The only difference we've been able to pinpoint is that our 6.1 server connects via TLS1.0 (SSL3.1) and our 8.1 server connects via SSLv3 (SSL3.0). Does anyone know how to control which version of SSL WebLogic 6.1 uses?

• Can port 25 be used for SSL-enable SMTP server ?

  Hi,
  Our customer is using port 25 for a SSL-enabled SMTP server without certificate. When our email client tried to connect to it, the following exception thrown:
  DEBUG SMTP: exception reading response: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
  Since we don't want to ask our customer to change their port configuration unless absolutely necessary, we did some tests with our own SSL-enabled SMTP server that uses certificate. Here is what I got:
  1) with port 25, got the same exception as above;
  2) with port 465, worked fine;
  3) with any other randomly pick up valid port, worked fine.
  This made me wonder if 25 is for non SSL SMTP server ONLY. By the way, I'm using Javamail 1.3.4 and JSDK 1.4.2_02. My question is whether we can configure javamail so that port 25 can be used by SSL-enabled SMTP server?
  Your help will be appreciated.

  Yes, port 25 is intended for non-SSL servers only, although that doesn't
  prevent a client from making a plain text connection and then using the
  STARTTLS command to switch the connection to SSL/TLS. JavaMail 1.4
  supports that usage.
  You can configure JavaMail to use port 25 for SSL connections if you
  really want to. JavaMail 1.3.x requires you configure an appropriate
  socket factory to get SSL connections; you can configure whatever port
  you want for use with that socket factory.

• Facing issue when LDAPSync is enabled for OIM-AD integration with SSL enabled

  Hi
  We are performing LDAPSync for OIM AD real time sync.We have done all configuration as per oracle documentation on LDAPSync for OIM 11gR2 : http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/oid_oim.htm The OIM environment we tested is the latest OIM version OIM 11gR2 PS1 (11.1.2.1.0).
  WE have performed LDAPSync enablement on postinstallation of OIM .So we dont have OVD , we have configured libOVD as mentioned in this doc.
  We have performed following  steps mentioned in this document  in our OIM environment.
  3.1 Enabling Post installation LDAP Synchronization
  3.3 Creating Identity Virtualization Library (libOVD) Adapters and Integrating With Oracle Identity Manager
  As attribute like password  might be not getting updated in AD from OIM , we have configured SSL enabled integration in LDAP sync as mentioned in above document.
  We implemented this step  3.4.1 Enabling SSL Between Identity Virtualization Library (libOVD) and Microsoft Active Directory,
  but here it is not properly mentioned that about how to import public key certificate of AD into OIM envirioment for SSL.
  We are getting following error message in logs : Looking at logs it looks like the import of AD SSL certificate did not happen properly in OIM environment. But ,we have imported it using keytool and OVD keystore ...please let us know if we are missing any configuration in this process.Above oracle document is not pretty clear on this.
  <Dec 7, 2013 12:22:53 AM IST> <Warning> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.BackendJNDI> <OVD-40118> <Could not automatically detect binary attribute list: simple bind failed: 10.88.164.231:636.>
  <Dec 7, 2013 12:22:53 AM IST> <Warning> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.JNDIConnectionPool> <OVD-60024> <Connection error: simple bind failed: 10.88.164.231:636.>
  <Dec 7, 2013 12:22:53 AM IST> <Error> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.BackendJNDI> <OVD-60143> <[#LDAP2]  Unable to create connection to ldap://[10.88.164.231]:636 as null.
  javax.naming.CommunicationException: simple bind failed: 10.88.164.231:636 [Root exception is javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]
  at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195)
  at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
  at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
  at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
  at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
  at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
  at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
  at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
  at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
  at javax.naming.InitialContext.init(InitialContext.java:223)
  at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
  at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.createCtx(JNDIConnectionPool.java:463)
  at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.create(JNDIConnectionPool.java:494)
  at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.<init>(JNDIConnectionPool.java:156)
  at oracle.ods.virtualization.engine.backend.jndi.RemoteServer.getJNDIConnectionPool(RemoteServer.java:163)
  at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:984)
  at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:927)
  at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.getHolder(ConnectionHandle.java:415)
  at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.search(ConnectionHandle.java:250)
  at oracle.ods.virtualization.engine.backend.jndi.JNDIEntrySet.initialize(JNDIEntrySet.java:219)
  at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.get(BackendJNDI.java:728)
  at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:303)
  at oracle.ods.virtualization.engine.chain.BasePlugin.get(BasePlugin.java:89)
  at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
  at oracle.ods.virtualization.engine.chain.BasePlugin.get(BasePlugin.java:89)
  at oracle.ods.virtualization.engine.chain.plugins.usermanagement.UserManagement.get(UserManagement.java:742)
  at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
  at oracle.ods.virtualization.engine.chain.PluginChain.runGet(PluginChain.java:211)
  at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:351)
  at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:316)
  ...more
  Caused By: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
  at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1731)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1692)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1675)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1601)
  at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:94)
  at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
  at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
  at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:414)
  at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:387)
  at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332)
  at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190)
  at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
  at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
  at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
  at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
  at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
  at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
  at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
  at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
  at javax.naming.InitialContext.init(InitialContext.java:223)
  at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
  at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.createCtx(JNDIConnectionPool.java:463)
  at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.create(JNDIConnectionPool.java:494)
  at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.<init>(JNDIConnectionPool.java:156)
  at oracle.ods.virtualization.engine.backend.jndi.RemoteServer.getJNDIConnectionPool(RemoteServer.java:163)
  at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:984)
  at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:927)
  ...more
  Caused By: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
  at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:57)
  at sun.security.validator.Validator.getInstance(Validator.java:161)
  at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:108)
  at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:204)
  at oracle.ods.virtualization.engine.util.OVDTrustManager.checkServerTrusted(OVDTrustManager.java:99)
  at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1198)
  at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
  at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
  at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
  at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:89)
  at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
  Let us know for any helpful pointers on this
  Thanks in advance,
  RPB25

  Use the steps given below to perform import public key certificate of AD into OIM envirioment for SSL
  Obtain the AD Certificates from the AD Administrator.
  Copy the AD Certificates to the directory /jrockit-jdk1.6.0_20/jre/lib/security
  Run the following command to import all the certificates
  /jrockit-jdk1.6.0_20/bin/keytool -import -alias <provide_alias> -file <file-name> -keystorecacerts -storepasschangeit
    4. The CA certificates are now present in the trust store.

• Starting Server with SSL Enabled

  I want to start iplanet directory server 5.1 with SSL Enabled, but It always ask me PIN Token.
  I write slapd-test-pin.txt file as following :
  slapd-test-pin.txt
  -------begin-----------
  Token:test123456
  -------end ------------
  I put the slapd-test-pin.txt into /usr/iplanet/server/alias
  then, I restart directory server from command line.
  /usr/iplanet/servers/slapd-test/stop-slapd
  /usr/iplanet/servers/slapd-test/start-slapd
  What's wrong ?
  Thank you !!!!

  I have a similar problem. I actually do set the correct format of certidcate db password file but the server stll does not start but reports the following:
  [26/Sep/2003:17:21:11 -0400] - Sun-ONE-Directory/5.2 B2003.143.0014 (32-bit) starting up
  [26/Sep/2003:17:21:11 -0400] - ERROR<12362> - Connection - conn=-1 op=-1 msgId=-1 - PR_Bind() on address <all interfaces> port <636> failed : error -5966 (Access Denied.).
  I installed the certificate correctly. It was obtained from VeriSign with a ds 5.2 generated request.
  Any ideas?
  Thanks in advance!

• How do I ssl enable targets and EM in 10.1.2

  How do I ssl enable targets and EM in 10.1.2 in
  "Standalone console" (is this the correct forum?)
  These are the steps I followed
  1) emctl secure em
  This enabled ssl for EM.
  Problem is with monitoring a target - Oracle Reports
  2) The I SSL Enabled reports. Added a port in webcache and gave default wallet directory. Following works
  https://host:port/reports/rwservlet?getserverinfo
  3) In sysman/emd/targets.xml , for reports target I changed http protocol to https and also changed port
  (Report uses HTTP Fetchlet for getting metrics)
  But I am not able to monitor Oracle Reports successfully.
  I get the following in EM logs
  emias.log
  <MetricGetError ERRMSG="Error connecting to <host:port> return status = -1 " ERRID="32" ERRCODE="3">
  emagent.trc
  2005-01-05 18:29:07 Thread-2228 ERROR ssl: nzos_Handshake failed, ret=29024
  2005-01-05 18:29:07 Thread-2228 ERROR http: 652: Unable to initialize ssl connection with server, aborting connection attempt
  2005-01-05 18:29:08 Thread-2228 ERROR engine: [oracle_repserv,Ben.<host>_Reports_Server:rep_strep13,ServerPerf] : nmeegd_GetMetricData failed : Error connecting to <host>:4447 return status = -1
  Any idea how to do SSL enable targets (in particular Oracle Reports) in 10.1.2 ?

  Open and close iPhoto or GarageBand and relaunch FCP X. Sometimes just relaunching FCP X works also. You can trash FCP X preferences as well if the above doesn't work.

• Strange error when enabling SSL on Oracle HTTP Server

  Hi,
  In our production environment Oracle HTTP Server starts fine when SSL is disabled.
  We've enabled SSL in our dev/uat environments using instructions from the Oracle Documentation. It was pretty straightforward.
  When i tried to do the same in our production environment, the Oracle HTTP Server wouldnt restart. I've had a look around the forums and havent seen anyone report the same error we are seeing in the logfile.
  $ORACE_HOME/opmn/bin/opmnctl verbose startproc ias-component=HTTP_Server
  HTTP/1.1 200 OK
  Content-Length: 0
  Content-Type: text/html
  Response: Ping succeeded.
  opmnctl: starting opmn managed processes...
  HTTP/1.1 204 No Content
  Content-Length: 718
  Content-Type: text/html
  Response: 0 of 1 processes started.
  <?xml version='1.0' encoding='ISO-8859-1'?>
  <response>
  <opmn id="ubrf1200:6201" http-status="204" http-response="0 of 1 processes started.">
  <ias-instance id="IAS-X-ubrf1200.6299">
  <ias-component id="HTTP_Server">
  <process-type id="HTTP_Server">
  <process-set id="HTTP_Server">
  <process id="350814320" pid="29207" status="Stopped" index="1" log="$ORACE_HOME/opmn/logs/HTTP_Server~1" operation="request" result="failure">
  <msg code="-21" text="failed to start a managed process after the maximum retry limit">
  </msg>
  </process>
  </process-set>
  </process-type>
  </ias-component>
  </ias-instance>
  </opmn>
  </response>
  The HTTP_Server~1 log contains the below error:
  09/08/16 13:24:40 Start process
  $ORACLE_HOME/Apache/Apache/bin/apachectl startssl: execing httpd
  VirtualHost configuration:
  127.0.0.1:7201 127.0.0.1 ($ORACLE_HOME/Apache/Apache/conf/dms.conf:21)
  I've compared dms.conf from all 3 of dev/uat/prod
  diff dev-dms.conf dms.conf
  15c15
  < Redirect /dms0/AggreSpy http://127.0.0.1:7200/dmsoc4j/AggreSpy
  Redirect /dms0/AggreSpy http://127.0.0.1:7201/dmsoc4j/AggreSpy
  18,19c18,19
  < Listen 127.0.0.1:7200
  < OpmnHostPort http://127.0.0.1:7200
  Listen 127.0.0.1:7201
  OpmnHostPort http://127.0.0.1:7201
  21c21
  < <VirtualHost 127.0.0.1:7200>
  <VirtualHost 127.0.0.1:7201>30c30
  No Apache logs are being written to when we try starting the Oracle HTTP Server with ssl enabled.
  Has anyone experienced this problem before? Any idea how we can get this working?
  Thanks,
  Stephen

  Noticed that when it starts with apachectl startssl, it doesnt like any <VirtualHost directive
  The line in the dms.conf file that it errors out at is :
  <VirtualHost 127.0.0.1:7201>
  When i added a redirect the httpd.conf file, it errors out at the <VirtualHost line also
  Any idea why the Oracle HTTP Server wouldnt like <VirtualHost directives when running startssl?

• NmConnect() error when SSL enabled

  Hello,
  I am on welogic 10.3.2 and I am trying to create my domain to use SSL.
  I created a domain and Admin server with SSL enabled. Before starting the admin server. I start the nodemanager and then try the nmConnect as below and i see this error. Please help.
  nmConnect('weblogic','weblogic1','localhost','10001','../wldomain','skDomain')
  weblogic.nodemanager.NMException: Configuration error while reading domain directory
  at weblogic.nodemanager.client.NMServerClient.checkResponse(NMServerClient.java:299)
  at weblogic.nodemanager.client.NMServerClient.checkResponse(NMServerClient.java:312)
  at weblogic.nodemanager.client.NMServerClient.connect(NMServerClient.java:248)
  at weblogic.nodemanager.client.NMServerClient.checkConnected(NMServerClient.java:199)
  at weblogic.nodemanager.client.NMServerClient.checkConnected(NMServerClient.java:205)
  at weblogic.nodemanager.client.NMServerClient.getVersion(NMServerClient.java:52)
  at weblogic.management.scripting.NodeManagerService.verifyConnection(NodeManagerService.java:175)
  at weblogic.management.scripting.NodeManagerService.nmConnect(NodeManagerService.java:169)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:

  Hello,
  I am on welogic 10.3.2 and I am trying to create my domain to use SSL.
  I created a domain and Admin server with SSL enabled. Before starting the admin server. I start the nodemanager and then try the nmConnect as below and i see this error. Please help.
  nmConnect('weblogic','weblogic1','localhost','10001','../wldomain','skDomain')
  weblogic.nodemanager.NMException: Configuration error while reading domain directory
  at weblogic.nodemanager.client.NMServerClient.checkResponse(NMServerClient.java:299)
  at weblogic.nodemanager.client.NMServerClient.checkResponse(NMServerClient.java:312)
  at weblogic.nodemanager.client.NMServerClient.connect(NMServerClient.java:248)
  at weblogic.nodemanager.client.NMServerClient.checkConnected(NMServerClient.java:199)
  at weblogic.nodemanager.client.NMServerClient.checkConnected(NMServerClient.java:205)
  at weblogic.nodemanager.client.NMServerClient.getVersion(NMServerClient.java:52)
  at weblogic.management.scripting.NodeManagerService.verifyConnection(NodeManagerService.java:175)
  at weblogic.management.scripting.NodeManagerService.nmConnect(NodeManagerService.java:169)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:

• Steps to configure Weblogic 10.3 with SSL enabled Sybase 12.5

  In WLS 10.3, there is a new feature for supporting the SSL encryption on Sybase 12.5.4.
  I want to connect from Weblogic 10.3 to the SSL enabled Sybase 12.5.4.
  Can any one please provide the step by step instructions for how to configure on the Weblogic 10.3? Do I need to create any custom class for this?
  Thanks

  Here is an example of connecting using the Sybase driver.
  SybDriver sybDriver = (SybDriver)
      Class.forName("com.sybase.jdbc3.jdbc.SybDriver").newInstance();
  sybDriver.setVersion(com.sybase.jdbcx.SybDriver.VERSION_6);
  DriverManager.registerDriver(sybDriver);
  Connection conn = DriverManager.getConnection
      ("jdbc:sybase:Tds:<host>:5000?ServiceName=<dbname>",<user>,<passwd>);Not sure that the setVersion() call is absolutely necessary.

• How to disable SSLv3 on SSL enabled NodeManager (wls12.1.1 with jRockit)

  how to disable SSLv3 on SSL enabled NodeManager (wls12.1.1 with jRockit)

  Hi,
  Add the following Java option in the StartNodemanger.sh file
  Steps to disable SSLv3 protocol on Weblogic:
  1.  The weblogic.security.SSL.protocolVersion command-line argument lets you specify which protocol is used for SSL connections.
  2.  After enabling/configuring the SSL for weblogic server, append the following option to the JAVA_OPTIONS variable
          -Dweblogic.security.SSL.protocolVersion=TLS1
       NOTE: If you don’t specify the above property, by default it takes SSLv3.
  Check the below Links for more information
  http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec1046921.aspx
  http://docs.oracle.com/cd/E17904_01/web.1111/e13707/ssl.htm#SECMG494
  CVE-2014-3566 - Instructions to Mitigate the SSL v3.0 Vulnerability (aka "Poodle Attack") in Java SE
  Additional Info
  Poodle Vulnerability CVE-2014-3566
  CVE-2014-3566 - Instructions to Mitigate the SSL v3.0 Vulnerability (aka "Poodle Attack") in Java SE
  Hope it helps

• Access a SSL-enabled server

  Hi,
  I'd appreciate it if somebody gives me a response or a hint. I want to send a request to a remote SSL-enable server from my application deployed in Tomcat. Is there any way to do it (like configure Tomcat) other than developing SSL java codes? I know that my question does not make much sense but it is nice to know if there would be some settings that allow 2 servers communicate each other on SSL level. Thank you

  Hi cjmose,
  Thank you for your response.
  I'm not really sure I understand your question. I assume you mean that you have a j2ee app deployed in one container, and the business logic in that app needs to communicate with another container on a separate server via ssl?
  Yes
  In that case I imagine you need to use jsse and use either an https or sslsocket to connect to the other server and do what you need to do...
  I'm developing new codes using jsse1.0.3_04 and HTTPClient (this package claims that it supports https). However, I got an exception HTTPClient.ProtocolNotSuppException when I call
  new HTTPConnection("https", "someserver", -1);Do you know how to fix this problem? Thanks

• Configure SSL enabled communication issue

  Hi Experts,
  I'm having this wierd issue.. Installed SharePoint like for the 10th time in my life or so. But this time when I was doing this "Configure SSL enabled communication" steps the Powershell window just hangs forever.
  PS C:\FASTSearch\installer\scripts> .\SecureFASTSearchConnector.ps1 -certPath "C
  :\FASTSearch\data\data_security\cert\FASTSearchCert.pfx" -ssaName "FAST Content"
  -username "domain\user"
  Enter the certificate password: **********
  Installed certificate.
  Updated acls on certificates private keys.
  Nothing happens after that. It usually will say the below but it freezes for me.
  Updated acls on certificates private keys.
  Your FAST Search Connector has been setup to use certificate, restarting osearch14.
  Connection to contentdistributor host:port successfully validated.
  Until I restart the osearch14 manually from services. But after that the contentsource page is never opening up for me.
  I'm I missing something obvious? Or I'm I facing some premission realted issues? nctrl status shwoings everything is running. Any pointers will help.
  Thank you.
  Freddie Maize ..A story with Glory is History. Doesn’t matter whether Glory rest in the world of Demon or God. Lets create History..

  Thank you for your response.
  Yes I have set the particular proerty SSLAlwaysNegoClientCert to True and it is able to establish the ssl conneciton without initiating renegotiation from IIS server side.The property has to be set the metabase.xml file.
  Thank you very much once again.
  Edited by: arpitak on Jun 23, 2010 2:10 AM

• Cannot connect using webserviceclient+ssl.jar

  Hello!
  I installed Verisign test certificate on my server and I am able to connect
  to the server using Web Service client with JSSE adapter class. Funnily
  enough, I cannot connect using WebLogic SSL library, I get an exception.
  Could someone help me understand, why I cannot connect using WebLogic SSL
  implementation?
  To connect using JSSE I use following system properties:
  java^
  -classpath
  .;abcconnect-client.jar;webserviceclient.jar;..\lib\jcert.jar;..\lib\jnet.ja
  r;..\lib\jsse.jar;^
  -Dweblogic.webservice.client.ssl.adapterclass=com.xxx.yyy.webservice.ssl.AB
  CJSSEAdapter^
  -Djavax.net.ssl.trustStore=abc.keystore^
  -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol^
  Client https://MyServer:7002/webservice/ABCConnectService?WSDL
  where abcconnect-client.jar is the client jar file, and abc.keystore
  contains getcacert.cer root CA, which I downloaded from Verisign from this
  page: https://digitalid.verisign.com/server/trial/trialStep4.htm,
  ABCJSSEAdapter is the adapter class, implementing SSLAdapter. JSSE test
  works fine.
  To connect using WebLogic SSL implementation I use following system
  properties:
  java^
  -classpath .;abcconnect-client.jar;webserviceclient+ssl.jar;^
  -Dweblogic.webservice.client.ssl.trustedcertfile=getcacert.cer^
  -Dweblogic.webservice.client.ssl.strictcertchecking=false^
  -Dweblogic.webservice.security.verbose=true^
  -Dweblogic.webservice.client.verbose=true^
  -Dbea.home=.^
  -Djava.protocol.handler.pkgs=com.certicom.net.ssl^
  Client https://MyServer:7002/webservice/ABCConnectService?WSDL
  I converted binary format of the certificate to PEM, but it did not help.
  I am getting this exception:
  [BaseWLSSLAdapter] : SSLAdapter verbose output enabled
  [BaseWLSSLAdapter] : Strict cert checking disabled by default
  [BaseWLSSLAdapter] : Trusted certificates will be loaded from getcacert.cer
  [BaseWLSSLAdapter] : Loaded local trusted certificates from
  java.io.FileInputStream@73a7ab
  [BaseWLSSLAdapter] : Disabling strict checking on adapter
  weblogic.webservice.client.WLSSLAdapter@4faf8
  [BaseWLSSLAdapter] : Set TrustManager to
  weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@78c6df
  [WLSSLAdapter] : Set HostnameVerifier to
  weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
  [BaseWLSSLAdapter] : Loaded local trusted certificates from
  java.io.FileInputStream@57c2bd
  [BaseWLSSLAdapter] : Disabling strict checking on adapter
  weblogic.webservice.client.WLSSLAdapter@323210
  [BaseWLSSLAdapter] : Set TrustManager to
  weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@74f44a
  [WLSSLAdapter] : Set HostnameVerifier to
  weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
  [BaseWLSSLAdapter] : Got new socketfactory
  javax.net.ssl.impl.SSLSocketFactoryImpl@18c56d
  [WLSSLAdapter] :
  openConnection(https://MyServer:7002/webservice/ABCConnectService?WSDL)
  returning
  weblogic.webservice.client.https.HttpsURLConnection:https://MyServer:7002/we
  bservice/ABCConnectService?WSDL
  [WLSSLAdapter] : -- using HostnameVerifier
  weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
  [WLSSLAdapter] : -- loaded certs from getcacert.cer
  java.io.IOException: Write Channel Closed, possible SSL handshaking or trust
  failure
  at com.certicom.tls.record.WriteHandler.write(Unknown Source)
  at
  com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
  Source)
  at
  com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
  at
  com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
  at
  com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Un
  known Source)
  at
  com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(U
  nknown Source)
  at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
  Source)
  at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
  at
  com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
  Source)
  at
  com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
  Source)
  at com.certicom.tls.record.WriteHandler.write(Unknown Source)
  at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
  at
  com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknown
  Source)
  at
  weblogic.webservice.client.https.HttpsURLConnection.getInputStream(HttpsURLC
  onnection.java:216)
  at
  weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(Definitio
  nFactory.java:71)
  at
  weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:62)
  at
  weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
  106)
  at
  weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
  82)
  at
  weblogic.webservice.core.rpc.ServiceImpl.<init>(ServiceImpl.java:67)
  at Client.main(Client.java:136)

  Michael,
  I guess the getcacert.cer, which is on the client side, should have the
  server's certificate followed by the root CA certificate in .pem format.
  I have it working with this format.
  Could you please try this out and let us know.
  Regards,
  Anurag
  "Michael Jouravlev" <[email protected]> wrote in message
  news:[email protected]...
  Hello!
  I installed Verisign test certificate on my server and I am able toconnect
  to the server using Web Service client with JSSE adapter class. Funnily
  enough, I cannot connect using WebLogic SSL library, I get an exception.
  Could someone help me understand, why I cannot connect using WebLogic SSL
  implementation?
  To connect using JSSE I use following system properties:
  java^
  -classpath
  .;abcconnect-client.jar;webserviceclient.jar;..\lib\jcert.jar;..\lib\jnet.ja
  r;..\lib\jsse.jar;^
  -Dweblogic.webservice.client.ssl.adapterclass=com.xxx.yyy.webservice.ssl.AB
  CJSSEAdapter^
  -Djavax.net.ssl.trustStore=abc.keystore^
  -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol^
  Client https://MyServer:7002/webservice/ABCConnectService?WSDL
  where abcconnect-client.jar is the client jar file, and abc.keystore
  contains getcacert.cer root CA, which I downloaded from Verisign from this
  page: https://digitalid.verisign.com/server/trial/trialStep4.htm,
  ABCJSSEAdapter is the adapter class, implementing SSLAdapter. JSSE test
  works fine.
  To connect using WebLogic SSL implementation I use following system
  properties:
  java^
  -classpath .;abcconnect-client.jar;webserviceclient+ssl.jar;^
  -Dweblogic.webservice.client.ssl.trustedcertfile=getcacert.cer^
  -Dweblogic.webservice.client.ssl.strictcertchecking=false^
  -Dweblogic.webservice.security.verbose=true^
  -Dweblogic.webservice.client.verbose=true^
  -Dbea.home=.^
  -Djava.protocol.handler.pkgs=com.certicom.net.ssl^
  Client https://MyServer:7002/webservice/ABCConnectService?WSDL
  I converted binary format of the certificate to PEM, but it did not help.
  I am getting this exception:
  [BaseWLSSLAdapter] : SSLAdapter verbose output enabled
  [BaseWLSSLAdapter] : Strict cert checking disabled by default
  [BaseWLSSLAdapter] : Trusted certificates will be loaded fromgetcacert.cer
  [BaseWLSSLAdapter] : Loaded local trusted certificates from
  java.io.FileInputStream@73a7ab
  [BaseWLSSLAdapter] : Disabling strict checking on adapter
  weblogic.webservice.client.WLSSLAdapter@4faf8
  [BaseWLSSLAdapter] : Set TrustManager to
  weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@78c6df
  [WLSSLAdapter] : Set HostnameVerifier to
  weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
  [BaseWLSSLAdapter] : Loaded local trusted certificates from
  java.io.FileInputStream@57c2bd
  [BaseWLSSLAdapter] : Disabling strict checking on adapter
  weblogic.webservice.client.WLSSLAdapter@323210
  [BaseWLSSLAdapter] : Set TrustManager to
  weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@74f44a
  [WLSSLAdapter] : Set HostnameVerifier to
  weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
  [BaseWLSSLAdapter] : Got new socketfactory
  javax.net.ssl.impl.SSLSocketFactoryImpl@18c56d
  [WLSSLAdapter] :
  openConnection(https://MyServer:7002/webservice/ABCConnectService?WSDL)
  returning
  weblogic.webservice.client.https.HttpsURLConnection:https://MyServer:7002/we
  bservice/ABCConnectService?WSDL
  [WLSSLAdapter] : -- using HostnameVerifier
  weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
  [WLSSLAdapter] : -- loaded certs from getcacert.cer
  java.io.IOException: Write Channel Closed, possible SSL handshaking ortrust
  failure
  at com.certicom.tls.record.WriteHandler.write(Unknown Source)
  at
  com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
  Source)
  at
  com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
  at
  com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(UnknownSource)
  at
  com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Un
  known Source)
  at
  com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(U
  nknown Source)
  at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
  Source)
  at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
  at
  com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
  Source)
  at
  com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
  Source)
  at com.certicom.tls.record.WriteHandler.write(Unknown Source)
  at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
  at
  com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknown
  Source)
  at
  weblogic.webservice.client.https.HttpsURLConnection.getInputStream(HttpsURLC
  onnection.java:216)
  at
  weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(Definitio
  nFactory.java:71)
  at
  weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:62)
  at
  weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
  106)
  at
  weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
  82)
  at
  weblogic.webservice.core.rpc.ServiceImpl.<init>(ServiceImpl.java:67)
  at Client.main(Client.java:136)

• EPMA Dimension server won't start using SSL enabled Database

  Has anyone had any luck configuring EPMA 11.1.2.2 or 11.1.2.1 EPMA Dimension server with a JDBC SSL connection? I am using the following url to configure my SSL-enabled database:
  jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=slc00qox)(PORT=1529))(CONNECT_DATA=(SERVICE_NAME=slc00qox.us.oracle.com)))
  and the Dimension server won't start. Other Foundation, Essbase and Reporting repository connections work with same URL. Getting an error in Event Log:
  Service cannot be started. Hyperion.DimensionServer.Interface.Exceptions.EPMAServiceException: Cannot initialize the Session Manager. ---> Hyperion.CommonServices.Exceptions.SessionManagerException: Session Manager could not start because database connectivity could not be established. ---> Oracle.DataAccess.Client.OracleException ORA-12537: TNS:connection closed at Hyperion.DimensionServer.SessionManager.SessionManager.InitializeSqlConnectionString()
  --- End of inner exception stack trace ---
  at Hyperion.DimensionServer.SessionManager.SessionManager.InitializeSqlConnectionString()
  at Hyperion.DimensionServer.SessionManager.SessionManager.Initialize(String configFileName, Boolean restorePastInstanceSessions, Boolean enableCaching)
  --- End of inner exception stack trace ---
  at Hyperion.DimensionServer.Service.Main.InitializeSessionManager()
  at Hyperion.DimensionServer.Service.Main.Start()
  at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
  AND
  [EPMA Server Startup] ERROR SVR_ERR_PROCESSMGR_CANT_INIT_SESSIONMGR:Cannot initialize the Session Manager.Hyperion.DimensionServer.Interface.Exceptions.EPMAServiceException: Cannot initialize the Session Manager. ---> Hyperion.CommonServices.Exceptions.SessionManagerException: Session Manager could not start because database connectivity could not be established. ---> Oracle.DataAccess.Client.OracleException ORA-12537: TNS:connection closed at Hyperion.DimensionServer.SessionManager.SessionManager.InitializeSqlConnectionString()
  --- End of inner exception stack trace ---
  at Hyperion.DimensionServer.SessionManager.SessionManager.InitializeSqlConnectionString()
  at Hyperion.DimensionServer.SessionManager.SessionManager.Initialize(String configFileName, Boolean restorePastInstanceSessions, Boolean enableCaching)
  --- End of inner exception stack trace ---
  at Hyperion.DimensionServer.Service.Main.InitializeSessionManager()
  at Hyperion.DimensionServer.Service.Main.Start()

  As you have backup you can try this:
  Restore your master database backup to another instance of SQL Server and in the "To
  database:" section of the Restore Database dialog box, use an alternate database name such as "recover_master" to avoid conflict with the master database on this instance of SQL Server. This will cause the mdf/ldf to be named "recover_master.mdf"
  and "recover_master_1.ldf". Then detach the
  recover_master database, go into the file system, copy the recover_master.mdf and recover_master_1.ldf to the instance of SQL Server with the corrupt master database. Delete the corrupt master.mdf and mastlog.ldf files, rename recover_master.mdf to master.mdf,
  and rename recover_master_1.ldf to mastlog.ldf. Now you're ready to try starting the SQL Server service again!
  http://blogs.technet.com/b/fort_sql/archive/2011/02/01/the-easiest-way-to-rebuild-the-sql-server-master-database.aspx
  Once master is online you can restore other database.