IHat : connecting to an SSL-enabled opmn notifcation server
I'm having trouble connecting iHat to an app server
instance, where the opmn.xml file contains
<notification-server>
<port local="6100" remote="6200" request="6003"/>
<log-file path="$ORACLE_HOME/opmn/logs/ons.log" level="4" rotation-size="1500000"/>
<ssl enabled="true" wallet-file="$ORACLE_HOME/opmn/conf/ssl.wlt/default"/>
</notification-server>
In the ons.log I get errors
... :6200 SSL handshake failed
Has anyone had any success working around this problem?
Thanks
- Charles Poulsen
Clear the cache and the cookies from sites that cause problems.
"Clear the Cache":
* Tools > Options > Advanced > Network > Offline Storage (Cache): "Clear Now"
"Remove Cookies" from sites causing problems:
* Tools > Options > Privacy > Cookies: "Show Cookies"
Similar Messages
-
To support certficate based client authentication using 2-way SSL from a standalone java application which uses JNDI and JSSE1.0.2 to connect to an SSL enabled LDAP Server how do we configure the certmap.conf?Is there any additional setup required at the LDAP Server side apart from enablinf SSL with the option"Required Client Authentication" enabled.The 2 way SSL handshake goes through but the access log file (After configuring the certmap.conf for the issuer DN of the client certficate etc..)shows SSL failed to LDAP DN?But inspite of this access log error the Java client does get an SSL Connection object with which it is able to connect to the LDAP.IS the certmap.conf file being looked up by the LDAP Server at all?
have you out.flush() and out.close() before you call connection.getInputStream()?
-
Problems in accessing an SSL enabled site through Weblogic 6.1
Hi,
We want to connect to an SSL enabled site (https://test.SalesForce.com) through Weblogic 6.1. We are using JDK1.3.1_08 and Apache axis.
We have followed the appropriate steps explained in the URL -
http://www.pankaj-k.net/WSOverSSL/WSOverSSL-HOWTO.html
As mentioned in the above link, we made the configurations in JDK 1.3.1_08 to put the jsse.jar and other important JARs in jre\lib\ext folder and also updated the java security file to add the proper "Provider".
After that we tried to execute the test application to connect to an SSL site specified in it. It is a stand alone Java application and connects to the site and reads the bytes of the home page and displays them on the console.
When we tried to connect the SalesForce test site, we figured out that we were able to connect to the site and were able to read entire stream of bytes.
Then we copied the same code in a sample JSP, set the JDK1.3.1_06 as the JAVA_HOME for Weblogic6.1 and tried to connect to our test site through that JSP.
We observed that it is connecting to the site but reading just a few initial bytes and not the entire stream.
When we tried the same steps with Weblogic8.1 and JDK1.4.2_X, it works fine and reads the entire page with Weblogic8.1 as client.
So, we observed that the standalone application works fine with JDK1.3.1_08, it also works fine on the the Weblogic 8.1 and JDK1.4.2_x combination, but when we use Weblogic6.1 and JDK1.3.1_08, it does not work properly.
Is there any setup issue in Weblogic 6.1 regarding connecting to a SSL enabled site?
Our actual problem scenario is a bit different than this, but we are sure that it is related to this situation and a solution to this problem can resolve the actual problem.
Another question we have is do we need to configure SSL in Weblogic 6.1 and also care for installing certificates evenif Weblogic 6.1 in this case is a mere client?
We have tried to connect to the same site using Weblogic 8.1 and JDK1.4.2_X. We did not require any kind of certicates in that case. Hence I want to clear my doubt.
Please help.Hello,
Just wondering if you ever found a solution to this problem. We are suffering just about the exact same issue, where our environment with WebLogic 6.1 SP4 cannot access an SSL enabled site, but our WebLogic 8.1 SP2 upgrade environment can. The only difference we've been able to pinpoint is that our 6.1 server connects via TLS1.0 (SSL3.1) and our 8.1 server connects via SSLv3 (SSL3.0). Does anyone know how to control which version of SSL WebLogic 6.1 uses? -
Can port 25 be used for SSL-enable SMTP server ?
Hi,
Our customer is using port 25 for a SSL-enabled SMTP server without certificate. When our email client tried to connect to it, the following exception thrown:
DEBUG SMTP: exception reading response: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
Since we don't want to ask our customer to change their port configuration unless absolutely necessary, we did some tests with our own SSL-enabled SMTP server that uses certificate. Here is what I got:
1) with port 25, got the same exception as above;
2) with port 465, worked fine;
3) with any other randomly pick up valid port, worked fine.
This made me wonder if 25 is for non SSL SMTP server ONLY. By the way, I'm using Javamail 1.3.4 and JSDK 1.4.2_02. My question is whether we can configure javamail so that port 25 can be used by SSL-enabled SMTP server?
Your help will be appreciated.Yes, port 25 is intended for non-SSL servers only, although that doesn't
prevent a client from making a plain text connection and then using the
STARTTLS command to switch the connection to SSL/TLS. JavaMail 1.4
supports that usage.
You can configure JavaMail to use port 25 for SSL connections if you
really want to. JavaMail 1.3.x requires you configure an appropriate
socket factory to get SSL connections; you can configure whatever port
you want for use with that socket factory. -
Facing issue when LDAPSync is enabled for OIM-AD integration with SSL enabled
Hi
We are performing LDAPSync for OIM AD real time sync.We have done all configuration as per oracle documentation on LDAPSync for OIM 11gR2 : http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/oid_oim.htm The OIM environment we tested is the latest OIM version OIM 11gR2 PS1 (11.1.2.1.0).
WE have performed LDAPSync enablement on postinstallation of OIM .So we dont have OVD , we have configured libOVD as mentioned in this doc.
We have performed following steps mentioned in this document in our OIM environment.
3.1 Enabling Post installation LDAP Synchronization
3.3 Creating Identity Virtualization Library (libOVD) Adapters and Integrating With Oracle Identity Manager
As attribute like password might be not getting updated in AD from OIM , we have configured SSL enabled integration in LDAP sync as mentioned in above document.
We implemented this step 3.4.1 Enabling SSL Between Identity Virtualization Library (libOVD) and Microsoft Active Directory,
but here it is not properly mentioned that about how to import public key certificate of AD into OIM envirioment for SSL.
We are getting following error message in logs : Looking at logs it looks like the import of AD SSL certificate did not happen properly in OIM environment. But ,we have imported it using keytool and OVD keystore ...please let us know if we are missing any configuration in this process.Above oracle document is not pretty clear on this.
<Dec 7, 2013 12:22:53 AM IST> <Warning> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.BackendJNDI> <OVD-40118> <Could not automatically detect binary attribute list: simple bind failed: 10.88.164.231:636.>
<Dec 7, 2013 12:22:53 AM IST> <Warning> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.JNDIConnectionPool> <OVD-60024> <Connection error: simple bind failed: 10.88.164.231:636.>
<Dec 7, 2013 12:22:53 AM IST> <Error> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.BackendJNDI> <OVD-60143> <[#LDAP2] Unable to create connection to ldap://[10.88.164.231]:636 as null.
javax.naming.CommunicationException: simple bind failed: 10.88.164.231:636 [Root exception is javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.createCtx(JNDIConnectionPool.java:463)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.create(JNDIConnectionPool.java:494)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.<init>(JNDIConnectionPool.java:156)
at oracle.ods.virtualization.engine.backend.jndi.RemoteServer.getJNDIConnectionPool(RemoteServer.java:163)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:984)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:927)
at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.getHolder(ConnectionHandle.java:415)
at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.search(ConnectionHandle.java:250)
at oracle.ods.virtualization.engine.backend.jndi.JNDIEntrySet.initialize(JNDIEntrySet.java:219)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.get(BackendJNDI.java:728)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:303)
at oracle.ods.virtualization.engine.chain.BasePlugin.get(BasePlugin.java:89)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
at oracle.ods.virtualization.engine.chain.BasePlugin.get(BasePlugin.java:89)
at oracle.ods.virtualization.engine.chain.plugins.usermanagement.UserManagement.get(UserManagement.java:742)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
at oracle.ods.virtualization.engine.chain.PluginChain.runGet(PluginChain.java:211)
at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:351)
at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:316)
...more
Caused By: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1731)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1692)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1675)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1601)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:94)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:414)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:387)
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.createCtx(JNDIConnectionPool.java:463)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.create(JNDIConnectionPool.java:494)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.<init>(JNDIConnectionPool.java:156)
at oracle.ods.virtualization.engine.backend.jndi.RemoteServer.getJNDIConnectionPool(RemoteServer.java:163)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:984)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:927)
...more
Caused By: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:57)
at sun.security.validator.Validator.getInstance(Validator.java:161)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:108)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:204)
at oracle.ods.virtualization.engine.util.OVDTrustManager.checkServerTrusted(OVDTrustManager.java:99)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1198)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:89)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
Let us know for any helpful pointers on this
Thanks in advance,
RPB25Use the steps given below to perform import public key certificate of AD into OIM envirioment for SSL
Obtain the AD Certificates from the AD Administrator.
Copy the AD Certificates to the directory /jrockit-jdk1.6.0_20/jre/lib/security
Run the following command to import all the certificates
/jrockit-jdk1.6.0_20/bin/keytool -import -alias <provide_alias> -file <file-name> -keystorecacerts -storepasschangeit
4. The CA certificates are now present in the trust store. -
Starting Server with SSL Enabled
I want to start iplanet directory server 5.1 with SSL Enabled, but It always ask me PIN Token.
I write slapd-test-pin.txt file as following :
slapd-test-pin.txt
-------begin-----------
Token:test123456
-------end ------------
I put the slapd-test-pin.txt into /usr/iplanet/server/alias
then, I restart directory server from command line.
/usr/iplanet/servers/slapd-test/stop-slapd
/usr/iplanet/servers/slapd-test/start-slapd
What's wrong ?
Thank you !!!!I have a similar problem. I actually do set the correct format of certidcate db password file but the server stll does not start but reports the following:
[26/Sep/2003:17:21:11 -0400] - Sun-ONE-Directory/5.2 B2003.143.0014 (32-bit) starting up
[26/Sep/2003:17:21:11 -0400] - ERROR<12362> - Connection - conn=-1 op=-1 msgId=-1 - PR_Bind() on address <all interfaces> port <636> failed : error -5966 (Access Denied.).
I installed the certificate correctly. It was obtained from VeriSign with a ds 5.2 generated request.
Any ideas?
Thanks in advance! -
How do I ssl enable targets and EM in 10.1.2
How do I ssl enable targets and EM in 10.1.2 in
"Standalone console" (is this the correct forum?)
These are the steps I followed
1) emctl secure em
This enabled ssl for EM.
Problem is with monitoring a target - Oracle Reports
2) The I SSL Enabled reports. Added a port in webcache and gave default wallet directory. Following works
https://host:port/reports/rwservlet?getserverinfo
3) In sysman/emd/targets.xml , for reports target I changed http protocol to https and also changed port
(Report uses HTTP Fetchlet for getting metrics)
But I am not able to monitor Oracle Reports successfully.
I get the following in EM logs
emias.log
<MetricGetError ERRMSG="Error connecting to <host:port> return status = -1 " ERRID="32" ERRCODE="3">
emagent.trc
2005-01-05 18:29:07 Thread-2228 ERROR ssl: nzos_Handshake failed, ret=29024
2005-01-05 18:29:07 Thread-2228 ERROR http: 652: Unable to initialize ssl connection with server, aborting connection attempt
2005-01-05 18:29:08 Thread-2228 ERROR engine: [oracle_repserv,Ben.<host>_Reports_Server:rep_strep13,ServerPerf] : nmeegd_GetMetricData failed : Error connecting to <host>:4447 return status = -1
Any idea how to do SSL enable targets (in particular Oracle Reports) in 10.1.2 ?Open and close iPhoto or GarageBand and relaunch FCP X. Sometimes just relaunching FCP X works also. You can trash FCP X preferences as well if the above doesn't work.
-
Strange error when enabling SSL on Oracle HTTP Server
Hi,
In our production environment Oracle HTTP Server starts fine when SSL is disabled.
We've enabled SSL in our dev/uat environments using instructions from the Oracle Documentation. It was pretty straightforward.
When i tried to do the same in our production environment, the Oracle HTTP Server wouldnt restart. I've had a look around the forums and havent seen anyone report the same error we are seeing in the logfile.
$ORACE_HOME/opmn/bin/opmnctl verbose startproc ias-component=HTTP_Server
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/html
Response: Ping succeeded.
opmnctl: starting opmn managed processes...
HTTP/1.1 204 No Content
Content-Length: 718
Content-Type: text/html
Response: 0 of 1 processes started.
<?xml version='1.0' encoding='ISO-8859-1'?>
<response>
<opmn id="ubrf1200:6201" http-status="204" http-response="0 of 1 processes started.">
<ias-instance id="IAS-X-ubrf1200.6299">
<ias-component id="HTTP_Server">
<process-type id="HTTP_Server">
<process-set id="HTTP_Server">
<process id="350814320" pid="29207" status="Stopped" index="1" log="$ORACE_HOME/opmn/logs/HTTP_Server~1" operation="request" result="failure">
<msg code="-21" text="failed to start a managed process after the maximum retry limit">
</msg>
</process>
</process-set>
</process-type>
</ias-component>
</ias-instance>
</opmn>
</response>
The HTTP_Server~1 log contains the below error:
09/08/16 13:24:40 Start process
$ORACLE_HOME/Apache/Apache/bin/apachectl startssl: execing httpd
VirtualHost configuration:
127.0.0.1:7201 127.0.0.1 ($ORACLE_HOME/Apache/Apache/conf/dms.conf:21)
I've compared dms.conf from all 3 of dev/uat/prod
diff dev-dms.conf dms.conf
15c15
< Redirect /dms0/AggreSpy http://127.0.0.1:7200/dmsoc4j/AggreSpy
Redirect /dms0/AggreSpy http://127.0.0.1:7201/dmsoc4j/AggreSpy
18,19c18,19
< Listen 127.0.0.1:7200
< OpmnHostPort http://127.0.0.1:7200
Listen 127.0.0.1:7201
OpmnHostPort http://127.0.0.1:7201
21c21
< <VirtualHost 127.0.0.1:7200>
<VirtualHost 127.0.0.1:7201>30c30
No Apache logs are being written to when we try starting the Oracle HTTP Server with ssl enabled.
Has anyone experienced this problem before? Any idea how we can get this working?
Thanks,
StephenNoticed that when it starts with apachectl startssl, it doesnt like any <VirtualHost directive
The line in the dms.conf file that it errors out at is :
<VirtualHost 127.0.0.1:7201>
When i added a redirect the httpd.conf file, it errors out at the <VirtualHost line also
Any idea why the Oracle HTTP Server wouldnt like <VirtualHost directives when running startssl? -
NmConnect() error when SSL enabled
Hello,
I am on welogic 10.3.2 and I am trying to create my domain to use SSL.
I created a domain and Admin server with SSL enabled. Before starting the admin server. I start the nodemanager and then try the nmConnect as below and i see this error. Please help.
nmConnect('weblogic','weblogic1','localhost','10001','../wldomain','skDomain')
weblogic.nodemanager.NMException: Configuration error while reading domain directory
at weblogic.nodemanager.client.NMServerClient.checkResponse(NMServerClient.java:299)
at weblogic.nodemanager.client.NMServerClient.checkResponse(NMServerClient.java:312)
at weblogic.nodemanager.client.NMServerClient.connect(NMServerClient.java:248)
at weblogic.nodemanager.client.NMServerClient.checkConnected(NMServerClient.java:199)
at weblogic.nodemanager.client.NMServerClient.checkConnected(NMServerClient.java:205)
at weblogic.nodemanager.client.NMServerClient.getVersion(NMServerClient.java:52)
at weblogic.management.scripting.NodeManagerService.verifyConnection(NodeManagerService.java:175)
at weblogic.management.scripting.NodeManagerService.nmConnect(NodeManagerService.java:169)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:Hello,
I am on welogic 10.3.2 and I am trying to create my domain to use SSL.
I created a domain and Admin server with SSL enabled. Before starting the admin server. I start the nodemanager and then try the nmConnect as below and i see this error. Please help.
nmConnect('weblogic','weblogic1','localhost','10001','../wldomain','skDomain')
weblogic.nodemanager.NMException: Configuration error while reading domain directory
at weblogic.nodemanager.client.NMServerClient.checkResponse(NMServerClient.java:299)
at weblogic.nodemanager.client.NMServerClient.checkResponse(NMServerClient.java:312)
at weblogic.nodemanager.client.NMServerClient.connect(NMServerClient.java:248)
at weblogic.nodemanager.client.NMServerClient.checkConnected(NMServerClient.java:199)
at weblogic.nodemanager.client.NMServerClient.checkConnected(NMServerClient.java:205)
at weblogic.nodemanager.client.NMServerClient.getVersion(NMServerClient.java:52)
at weblogic.management.scripting.NodeManagerService.verifyConnection(NodeManagerService.java:175)
at weblogic.management.scripting.NodeManagerService.nmConnect(NodeManagerService.java:169)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java: -
Steps to configure Weblogic 10.3 with SSL enabled Sybase 12.5
In WLS 10.3, there is a new feature for supporting the SSL encryption on Sybase 12.5.4.
I want to connect from Weblogic 10.3 to the SSL enabled Sybase 12.5.4.
Can any one please provide the step by step instructions for how to configure on the Weblogic 10.3? Do I need to create any custom class for this?
ThanksHere is an example of connecting using the Sybase driver.
SybDriver sybDriver = (SybDriver)
Class.forName("com.sybase.jdbc3.jdbc.SybDriver").newInstance();
sybDriver.setVersion(com.sybase.jdbcx.SybDriver.VERSION_6);
DriverManager.registerDriver(sybDriver);
Connection conn = DriverManager.getConnection
("jdbc:sybase:Tds:<host>:5000?ServiceName=<dbname>",<user>,<passwd>);Not sure that the setVersion() call is absolutely necessary. -
How to disable SSLv3 on SSL enabled NodeManager (wls12.1.1 with jRockit)
how to disable SSLv3 on SSL enabled NodeManager (wls12.1.1 with jRockit)
Hi,
Add the following Java option in the StartNodemanger.sh file
Steps to disable SSLv3 protocol on Weblogic:
1. The weblogic.security.SSL.protocolVersion command-line argument lets you specify which protocol is used for SSL connections.
2. After enabling/configuring the SSL for weblogic server, append the following option to the JAVA_OPTIONS variable
-Dweblogic.security.SSL.protocolVersion=TLS1
NOTE: If you don’t specify the above property, by default it takes SSLv3.
Check the below Links for more information
http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec1046921.aspx
http://docs.oracle.com/cd/E17904_01/web.1111/e13707/ssl.htm#SECMG494
CVE-2014-3566 - Instructions to Mitigate the SSL v3.0 Vulnerability (aka "Poodle Attack") in Java SE
Additional Info
Poodle Vulnerability CVE-2014-3566
CVE-2014-3566 - Instructions to Mitigate the SSL v3.0 Vulnerability (aka "Poodle Attack") in Java SE
Hope it helps -
Hi,
I'd appreciate it if somebody gives me a response or a hint. I want to send a request to a remote SSL-enable server from my application deployed in Tomcat. Is there any way to do it (like configure Tomcat) other than developing SSL java codes? I know that my question does not make much sense but it is nice to know if there would be some settings that allow 2 servers communicate each other on SSL level. Thank youHi cjmose,
Thank you for your response.
I'm not really sure I understand your question. I assume you mean that you have a j2ee app deployed in one container, and the business logic in that app needs to communicate with another container on a separate server via ssl?
Yes
In that case I imagine you need to use jsse and use either an https or sslsocket to connect to the other server and do what you need to do...
I'm developing new codes using jsse1.0.3_04 and HTTPClient (this package claims that it supports https). However, I got an exception HTTPClient.ProtocolNotSuppException when I call
new HTTPConnection("https", "someserver", -1);Do you know how to fix this problem? Thanks -
Configure SSL enabled communication issue
Hi Experts,
I'm having this wierd issue.. Installed SharePoint like for the 10th time in my life or so. But this time when I was doing this "Configure SSL enabled communication" steps the Powershell window just hangs forever.
PS C:\FASTSearch\installer\scripts> .\SecureFASTSearchConnector.ps1 -certPath "C
:\FASTSearch\data\data_security\cert\FASTSearchCert.pfx" -ssaName "FAST Content"
-username "domain\user"
Enter the certificate password: **********
Installed certificate.
Updated acls on certificates private keys.
Nothing happens after that. It usually will say the below but it freezes for me.
Updated acls on certificates private keys.
Your FAST Search Connector has been setup to use certificate, restarting osearch14.
Connection to contentdistributor host:port successfully validated.
Until I restart the osearch14 manually from services. But after that the contentsource page is never opening up for me.
I'm I missing something obvious? Or I'm I facing some premission realted issues? nctrl status shwoings everything is running. Any pointers will help.
Thank you.
Freddie Maize ..A story with Glory is History. Doesn’t matter whether Glory rest in the world of Demon or God. Lets create History..Thank you for your response.
Yes I have set the particular proerty SSLAlwaysNegoClientCert to True and it is able to establish the ssl conneciton without initiating renegotiation from IIS server side.The property has to be set the metabase.xml file.
Thank you very much once again.
Edited by: arpitak on Jun 23, 2010 2:10 AM -
Cannot connect using webserviceclient+ssl.jar
Hello!
I installed Verisign test certificate on my server and I am able to connect
to the server using Web Service client with JSSE adapter class. Funnily
enough, I cannot connect using WebLogic SSL library, I get an exception.
Could someone help me understand, why I cannot connect using WebLogic SSL
implementation?
To connect using JSSE I use following system properties:
java^
-classpath
.;abcconnect-client.jar;webserviceclient.jar;..\lib\jcert.jar;..\lib\jnet.ja
r;..\lib\jsse.jar;^
-Dweblogic.webservice.client.ssl.adapterclass=com.xxx.yyy.webservice.ssl.AB
CJSSEAdapter^
-Djavax.net.ssl.trustStore=abc.keystore^
-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol^
Client https://MyServer:7002/webservice/ABCConnectService?WSDL
where abcconnect-client.jar is the client jar file, and abc.keystore
contains getcacert.cer root CA, which I downloaded from Verisign from this
page: https://digitalid.verisign.com/server/trial/trialStep4.htm,
ABCJSSEAdapter is the adapter class, implementing SSLAdapter. JSSE test
works fine.
To connect using WebLogic SSL implementation I use following system
properties:
java^
-classpath .;abcconnect-client.jar;webserviceclient+ssl.jar;^
-Dweblogic.webservice.client.ssl.trustedcertfile=getcacert.cer^
-Dweblogic.webservice.client.ssl.strictcertchecking=false^
-Dweblogic.webservice.security.verbose=true^
-Dweblogic.webservice.client.verbose=true^
-Dbea.home=.^
-Djava.protocol.handler.pkgs=com.certicom.net.ssl^
Client https://MyServer:7002/webservice/ABCConnectService?WSDL
I converted binary format of the certificate to PEM, but it did not help.
I am getting this exception:
[BaseWLSSLAdapter] : SSLAdapter verbose output enabled
[BaseWLSSLAdapter] : Strict cert checking disabled by default
[BaseWLSSLAdapter] : Trusted certificates will be loaded from getcacert.cer
[BaseWLSSLAdapter] : Loaded local trusted certificates from
java.io.FileInputStream@73a7ab
[BaseWLSSLAdapter] : Disabling strict checking on adapter
weblogic.webservice.client.WLSSLAdapter@4faf8
[BaseWLSSLAdapter] : Set TrustManager to
weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@78c6df
[WLSSLAdapter] : Set HostnameVerifier to
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[BaseWLSSLAdapter] : Loaded local trusted certificates from
java.io.FileInputStream@57c2bd
[BaseWLSSLAdapter] : Disabling strict checking on adapter
weblogic.webservice.client.WLSSLAdapter@323210
[BaseWLSSLAdapter] : Set TrustManager to
weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@74f44a
[WLSSLAdapter] : Set HostnameVerifier to
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[BaseWLSSLAdapter] : Got new socketfactory
javax.net.ssl.impl.SSLSocketFactoryImpl@18c56d
[WLSSLAdapter] :
openConnection(https://MyServer:7002/webservice/ABCConnectService?WSDL)
returning
weblogic.webservice.client.https.HttpsURLConnection:https://MyServer:7002/we
bservice/ABCConnectService?WSDL
[WLSSLAdapter] : -- using HostnameVerifier
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[WLSSLAdapter] : -- loaded certs from getcacert.cer
java.io.IOException: Write Channel Closed, possible SSL handshaking or trust
failure
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Un
known Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(U
nknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at
com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
at
com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknown
Source)
at
weblogic.webservice.client.https.HttpsURLConnection.getInputStream(HttpsURLC
onnection.java:216)
at
weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(Definitio
nFactory.java:71)
at
weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:62)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
106)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
82)
at
weblogic.webservice.core.rpc.ServiceImpl.<init>(ServiceImpl.java:67)
at Client.main(Client.java:136)Michael,
I guess the getcacert.cer, which is on the client side, should have the
server's certificate followed by the root CA certificate in .pem format.
I have it working with this format.
Could you please try this out and let us know.
Regards,
Anurag
"Michael Jouravlev" <[email protected]> wrote in message
news:[email protected]...
Hello!
I installed Verisign test certificate on my server and I am able toconnect
to the server using Web Service client with JSSE adapter class. Funnily
enough, I cannot connect using WebLogic SSL library, I get an exception.
Could someone help me understand, why I cannot connect using WebLogic SSL
implementation?
To connect using JSSE I use following system properties:
java^
-classpath
.;abcconnect-client.jar;webserviceclient.jar;..\lib\jcert.jar;..\lib\jnet.ja
r;..\lib\jsse.jar;^
-Dweblogic.webservice.client.ssl.adapterclass=com.xxx.yyy.webservice.ssl.AB
CJSSEAdapter^
-Djavax.net.ssl.trustStore=abc.keystore^
-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol^
Client https://MyServer:7002/webservice/ABCConnectService?WSDL
where abcconnect-client.jar is the client jar file, and abc.keystore
contains getcacert.cer root CA, which I downloaded from Verisign from this
page: https://digitalid.verisign.com/server/trial/trialStep4.htm,
ABCJSSEAdapter is the adapter class, implementing SSLAdapter. JSSE test
works fine.
To connect using WebLogic SSL implementation I use following system
properties:
java^
-classpath .;abcconnect-client.jar;webserviceclient+ssl.jar;^
-Dweblogic.webservice.client.ssl.trustedcertfile=getcacert.cer^
-Dweblogic.webservice.client.ssl.strictcertchecking=false^
-Dweblogic.webservice.security.verbose=true^
-Dweblogic.webservice.client.verbose=true^
-Dbea.home=.^
-Djava.protocol.handler.pkgs=com.certicom.net.ssl^
Client https://MyServer:7002/webservice/ABCConnectService?WSDL
I converted binary format of the certificate to PEM, but it did not help.
I am getting this exception:
[BaseWLSSLAdapter] : SSLAdapter verbose output enabled
[BaseWLSSLAdapter] : Strict cert checking disabled by default
[BaseWLSSLAdapter] : Trusted certificates will be loaded fromgetcacert.cer
[BaseWLSSLAdapter] : Loaded local trusted certificates from
java.io.FileInputStream@73a7ab
[BaseWLSSLAdapter] : Disabling strict checking on adapter
weblogic.webservice.client.WLSSLAdapter@4faf8
[BaseWLSSLAdapter] : Set TrustManager to
weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@78c6df
[WLSSLAdapter] : Set HostnameVerifier to
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[BaseWLSSLAdapter] : Loaded local trusted certificates from
java.io.FileInputStream@57c2bd
[BaseWLSSLAdapter] : Disabling strict checking on adapter
weblogic.webservice.client.WLSSLAdapter@323210
[BaseWLSSLAdapter] : Set TrustManager to
weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@74f44a
[WLSSLAdapter] : Set HostnameVerifier to
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[BaseWLSSLAdapter] : Got new socketfactory
javax.net.ssl.impl.SSLSocketFactoryImpl@18c56d
[WLSSLAdapter] :
openConnection(https://MyServer:7002/webservice/ABCConnectService?WSDL)
returning
weblogic.webservice.client.https.HttpsURLConnection:https://MyServer:7002/we
bservice/ABCConnectService?WSDL
[WLSSLAdapter] : -- using HostnameVerifier
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[WLSSLAdapter] : -- loaded certs from getcacert.cer
java.io.IOException: Write Channel Closed, possible SSL handshaking ortrust
failure
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(UnknownSource)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Un
known Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(U
nknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at
com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
at
com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknown
Source)
at
weblogic.webservice.client.https.HttpsURLConnection.getInputStream(HttpsURLC
onnection.java:216)
at
weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(Definitio
nFactory.java:71)
at
weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:62)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
106)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
82)
at
weblogic.webservice.core.rpc.ServiceImpl.<init>(ServiceImpl.java:67)
at Client.main(Client.java:136) -
EPMA Dimension server won't start using SSL enabled Database
Has anyone had any luck configuring EPMA 11.1.2.2 or 11.1.2.1 EPMA Dimension server with a JDBC SSL connection? I am using the following url to configure my SSL-enabled database:
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=slc00qox)(PORT=1529))(CONNECT_DATA=(SERVICE_NAME=slc00qox.us.oracle.com)))
and the Dimension server won't start. Other Foundation, Essbase and Reporting repository connections work with same URL. Getting an error in Event Log:
Service cannot be started. Hyperion.DimensionServer.Interface.Exceptions.EPMAServiceException: Cannot initialize the Session Manager. ---> Hyperion.CommonServices.Exceptions.SessionManagerException: Session Manager could not start because database connectivity could not be established. ---> Oracle.DataAccess.Client.OracleException ORA-12537: TNS:connection closed at Hyperion.DimensionServer.SessionManager.SessionManager.InitializeSqlConnectionString()
--- End of inner exception stack trace ---
at Hyperion.DimensionServer.SessionManager.SessionManager.InitializeSqlConnectionString()
at Hyperion.DimensionServer.SessionManager.SessionManager.Initialize(String configFileName, Boolean restorePastInstanceSessions, Boolean enableCaching)
--- End of inner exception stack trace ---
at Hyperion.DimensionServer.Service.Main.InitializeSessionManager()
at Hyperion.DimensionServer.Service.Main.Start()
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
AND
[EPMA Server Startup] ERROR SVR_ERR_PROCESSMGR_CANT_INIT_SESSIONMGR:Cannot initialize the Session Manager.Hyperion.DimensionServer.Interface.Exceptions.EPMAServiceException: Cannot initialize the Session Manager. ---> Hyperion.CommonServices.Exceptions.SessionManagerException: Session Manager could not start because database connectivity could not be established. ---> Oracle.DataAccess.Client.OracleException ORA-12537: TNS:connection closed at Hyperion.DimensionServer.SessionManager.SessionManager.InitializeSqlConnectionString()
--- End of inner exception stack trace ---
at Hyperion.DimensionServer.SessionManager.SessionManager.InitializeSqlConnectionString()
at Hyperion.DimensionServer.SessionManager.SessionManager.Initialize(String configFileName, Boolean restorePastInstanceSessions, Boolean enableCaching)
--- End of inner exception stack trace ---
at Hyperion.DimensionServer.Service.Main.InitializeSessionManager()
at Hyperion.DimensionServer.Service.Main.Start()As you have backup you can try this:
Restore your master database backup to another instance of SQL Server and in the "To
database:" section of the Restore Database dialog box, use an alternate database name such as "recover_master" to avoid conflict with the master database on this instance of SQL Server. This will cause the mdf/ldf to be named "recover_master.mdf"
and "recover_master_1.ldf". Then detach the
recover_master database, go into the file system, copy the recover_master.mdf and recover_master_1.ldf to the instance of SQL Server with the corrupt master database. Delete the corrupt master.mdf and mastlog.ldf files, rename recover_master.mdf to master.mdf,
and rename recover_master_1.ldf to mastlog.ldf. Now you're ready to try starting the SQL Server service again!
http://blogs.technet.com/b/fort_sql/archive/2011/02/01/the-easiest-way-to-rebuild-the-sql-server-master-database.aspx
Once master is online you can restore other database.
Maybe you are looking for
-
Problems with display of preview - and Adobe's tech support.
Hello, all. After quite a bit of struggle I am still experiencing problems with the way Bridge CS5 displays previews. Previews are displayed with rather low quality. By that I mean low resolution that causes images to appear pixelated and out of focu
-
Help filling out PDF - How can I get text to fit in text boxes?
I need to fill out an application that is in the PDF format. When I filled it out, there were a few text boxes where the text did not wrap around. In other words, some of the text doesn't show. There is not enough space for what I typed. When I print
-
Java 6 Compiler issue with Windows 7
Hi, Sorry for the newbie question. I am very new to Java and am currently reading Sams Teach Yourself Java 6 and am having a problem with the JDK 6 compiler. I wrote the beginner program "Hello Username" to test if the compiler is working and am gett
-
Kindly let me know in which resolution should i convert video for Nokia 5800 so that it can be viewed perfectly. e.g.: 320 x 240, 320 x 480, 320 x 200, 240 x 180. Also audio quality in what Kbps ? shouls i keep while converting. I had converted 1 vid
-
Photos become pixelated when moved to new photo album?
If I create a new photo album and select photos from camera roll or photo stream, once moved, they become pixelated in both locations. Help?