Importing updated certificate into Wallet Manager on Oracle 904

Similar Messages

• Can't import user certificate in wallet manager EBS 12

  Hi there.
  I'm trying to configure my EBS 12 with SSL and I'm following the instructions described in metalink note number 376700.1
  Everything went well untill I tried to import the user certificate isued by verysign, when I try to do that the following error occurs: user certificate import has failed because the ca certificate does not exist.
  I created the request certificate, I sumbited to verysign, got my free trial certificate and when I try to import it, the error happens.
  Got any sugestions in how to overcome this problem?
  Regards,
  Ricardo Vilhena

  Ricardo,
  There is one reported issue with the test CA Root is that it is saved as DER encoding, but OWM expects BASE64 encoding. Please refer to the following note for the suggested solution.
  Note: 228638.1 - How to configure SSL Communication between SSO Server and OiD in 9iAS Release 2
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=228638.1
  If the above does not help, then please review the following:
  Note: 300723.1 - OWM Import User Certificate Key Error
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=300723.1

• Import a certificate into Sun/Java/Deployment/security/trusted.clientcerts

  Hi I'm trying to make a java applet, it has to add a certificate in the Keystore Sun/Java/Deployment/security/trusted.clientcerts.
  The problem is that to store, I have to enter a password. I enter "". ToCharArray () but when I try to view the certificates, it does not appear in the java control panel.
  And when I try to import a certificate from the java control panel throws the following error "keystore was tampered with or password was incorrect".
  Code:
  private void guardarKeyStore(KeyStore ks) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException{
  FileOutputStream out = new FileOutputStream(System.getenv("APPDATA").replace("\\", "/")+"/Sun/Java/Deployment/security/trusted.clientcerts");
  ks.setCertificateEntry("someAlias", decodeCertificate(somebase64));
  ks.store(out, "".toCharArray());
  out.close();
  }

  Francisco26 wrote:
  I Want to insert a certificate into trusted.clientcerts via java applet.
  This certificate have to appear in the java control panel. (Security->Certificates->user->client autentication)
  Why that? Because i need to do an applet that download a certificate response from a request to a CA.Which to paraphrase EJP is undesirable, insecure and untrustworthy. What you are asking would allow an untrustworthy site to declare itself trustworthy.

• How can I import personal certificates into firefox that are not pkcs12 files (.cer or other)?

  I am trying to import .cer personal certificat into mozzila so I can go to an secure site (bank account online) but cannot do it since it is not pkcs12 type of file. Can you help me.

  I tied that, but when I try to import them to mozzila all it wants are pkcs12 files. It does not accept any other.

• Automatically Import Updated Files Into Premiere CC

  We are working on a feature animated film and the studio doing our compositing work is sending us updated hook-ups of each shot after every render.  We are then importing those shots into bins labeled with the appropriate sequence numbers into the Premiere Pro CC project panel.  It has proven to be very time consuming to manually update all of the shots in each folder and we're wondering if someone knows of an easier method or possibly a script that could automatically ingest the new files we receive and organize them into the respected folders as they're delivered to us?  This would be a huge time-saver.
  Running Premiere Pro CC 7.0
  Recent updates have been installed
  Working on an a Mac Mini OSX v10.8.5".
  Mostly editing with Quicktime lo-res pre-renders using the Photo-JPEG codec

  This wouldn't really help because it's not just a matter of replacing the older files with the newer ones.  In every folder we are getting brand new files with new names and potentially new lengths.  Therefore it would be ideal if there was some plug-in or a script that could automatically detect any new files in the linked folders and automatically import them into Premiere.  This is a huge project with animated shots in many different stages of completion and it's extremely time-consuming to pick through these new shots and manually drag them into premiere each time.  If Premiere doesn't have a way of doing this, I feel like this could be a good feature request.

• Important Updates for Illustrator, Extension Manager, and Photoshop - Failure to Install

  I have been trying to update my Illsutrator, Extension Manager, and Photoshop.
  I have tried about five time using different methods.
  Each time I received the following error message:
  AI CS6 Creative Cloud Update
  Installation failed. Error Code: U44M1P7 
  Adobe Extension Manager CS6
  Update Installation failed. Error Code: U44M1P7 
  Adobe Photoshop 13.0.1.1
  Installation failed. Error Code: U44M1P7
  I need some giudance in order to have the updates installed.
  Thanks
  Paul

  Whilst this may prove to be the only way to install the updates, it reads as though it only takes a few minutes to complete but as others have reported it's a real pain to have to go all through a clean up and then full installation particularly if you have a number of plugins to re-install / activate! Not the best solution and I would have hoped Adobe could have come up with a better solution. As it is I will not be going through the update and will set the application manager to manual rather than have the icon constantly on displayed in the taskbar expecting to update what doesn't work.

• How to update certificate into ACE

  need to upload cert file (.pem) received fro CA and getting bellow error message:
  LB1#   crypto import terminal wwwtest.domain.com
  Please enter PEM formatted data. End with "quit" on a new line.
  -----BEGIN CERTIFICATE-----MIIG3zCCBcegDb2x1bWJpYTEQMA4GA1UEBxQHQnVybmFieTEiMCAGA1UEChQZUklUQ0hJRSBCUk9TLiBBVUNwY
  =-----END CERTIFICATE-----quit
  input string too long
  Error: File not of recognized types - PEM, DER or PKCS12, import failed.
  ASE version: version A5(1.1)
  can someone provide proper procedure to upload/install certificate?
  Appreciated.

  Hi,
  Please go to the below link:
  https://www.sslshopper.com/ssl-converter.html
  Convert your file that you have received from your CA into PEM format and try importing from terminal again and see if that resolves the issue.
  The error indicates that CA file format is different than supported by ACE. The certificate should be in PEM format.
  Regards,
  Kanwal

• How to import the certificate into the credential store

  When SSL is configured everywhere in the Environment:
  The components present are:
  1)oc4j Web Server(machine 1)
  2)Presenattaion Services(machine 1)
  3)oc4j Web Server for Publisher(machine 2)
  4)Publisher(machine 2)
  5)BI Server(machine 2)
  The Pres Server and the BI Server is all set in Place.
  But I am trying to configure Publisher currently in the environmnet.
  As a part of the deployement
  ■ “Exporting the Web Server Certificate to the truststore”
  At teh end of this step its refeered as the following...
  "Import the exported web server certificate to the BI Presentation Services Credential Store. The
  credential store of each instance of BI Presentation Services in your deployment must contain
  this certificate."
  May I know how can we do this...?
  ■ “Modifying the AdvancedReporting tag in instanceconfig.xml”
  ■ “Modifying BI Publisher Settings”
  The doc used is : Link:http://download.oracle.com/docs/cd/E10415_01/doc/bi.1013/b40058.pdf
  Thanx
  KK

  Did you find an answer to this post?

• How can I Import CA Certificate into a new user profile when it's created

  I need to deploy a CA Root Certificate to new firefox user profile when it is created in windows. I Seen somewhere that you could place a working copy of cert8.db in %programfiles%\firefox-installation-folder\defaults\profile and this would get added when a new firefox profile is created. However, the profile directory doesn't exist in the defaults folder and when I created it this method still didn't work.
  Is there a way to get firefox to create new profiles with preconfigured Certificates?
  Right now when new users open firefox for first time it is unable to connect to any SSL sites through our proxy server until the user adds the proxies ca certificate or it gets added later via logon script (at next user logon).

  Update... For anyone looking for a similar solution:
  I ended up adding more to my logon script I have it check for a user's mozilla profile first and if not found it will use command line "firefox.exe -createprofile default" to make one. After that I just copy a working cert8.db to that new profile. Then when the user opens firefox for first time, it will detect this new profile, and it will load it along with the correct CA Certs intact...
  Also, for existing profiles my script just uses nss certutil to add my proxy CA Certificate to the users profile cert8db.

• Oracle Wallet Manager an dPCK#12

  HI,
  Is the Oracle Wallet Manager able to import a user certificate with the format pck#12?
  If so, from wich version of the Oracle Manager and how do I do this.
  Thanks
  Arny van der Deijl
  Oracle Netherlands

  Hi Arny:
  Yes, we can use wallet manager to import PKCS#12 certificates.
  This is certified with 9i release 1 and later.
  There are several places where you can get details about importing user certificates with wallet manager.
  First look at the Oracle Advanced Security Admin Guide chapters 15, 16, and 17 but chapter 16 has the most information
  about wallet manager.
  Heres a link to the guide:
  http://otn.oracle.com/docs/products/oracle9i/doc_library/901_doc/network.901/a90150/toc.htm
  Also, the OID admin guide has good information about wallet manager as it relates to OID. Appendix D of the OID admin
  guide is a good place to start.
  Here is a link to the OID Admin Guide:
  http://otn.oracle.com/docs/products/ias/doc_library/90200doc_otn/manage.902/a95192/toc.htm
  Hope this helps,
  Jay

• Importing Certificate in Oracle Wallet Manager fails

  Hi,
  We are using Oracle Application Server 10g Release 2. When I try to import a certificate issued by a certificate authority, (using Operations > Import User Certificate), the wallet returns the following error:
  User certificate installation failed.
  Possible errors:
  - Input was not a valid certificate
  - No matching certificate request was found
  - CA certificate needed for certificate chain not found. Please install it first
  The certificate is obtained after raising a Certificate Request from the wallet manager.But I am not sure whether we have saved the wallet after raising the certificate request.
  Now I have the certificate issued by the CA. Is there any way that I can import this certificate.? what is the possible solution?
  Thanks & Regards,
  Rafeek.

  Did you import CA certificate as a trusted certificate before importing the user certificate. If not, import CA cert first. To make sure you have saved the certificate request, please open the wallet and see if it exists. Hope this helps.
  Rgds,Ramesh

• Help requested with Importing a website's CA certificate into my Java App

  Hello everyone,
  First of all, I'm not sure if this is the right category for my question, so if not please move it appropriately.
  I'm creating a desktop application that will update your IPv4 address to Tunnelbroker (Hurricane Electric's IPv6 tunnel service). Right now it's about 76% complete, and I'm testing it out. My problem is this: Tunnelbroker uses their own CA Certificate (SSL) for their https:// connection, and it's not valid in Java/Netbeans. So, whenever I try to update the IPv4 address, I get the following Can't read from the Internet: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching ipv4.tunnelbroker.net foundThe website is https://ipv4.tunnelbroker.net (so you can verify that it's a valid site/certificate).
  I've found workarounds for importing my OWN CA Certificate into the application (or Netbeans), but nothing about importing a valid third-party CA Certificate into the application (or Netbeans). I've posted this question to the Netbeans forums--but have yet to receive anything from them. Also, I've found workarounds for trusting all certificates (although I'm not sure how to implement that into my application).
  What I'm looking for is either a) how to import the certificate into my application, so the user won't have to deal with it b) a workaround to bypass the security check c) any other method of getting over this hurdle.
  I'd say I'm an intermediate developer, so pointing me to something like "Adding a Certificate Exception" is fine, except that I need to know whether I can take everything inside of the main method and put it as it's own method somewhere (or do I need to create an entire class for that portion).
  Also, I don't necessarily want to use the "Trust All Certificates" method. Even though the end-user won't be able to change the site, I don't want to create that much of a security hole.
  Thank you for any assistance in this. (As an aside note, this will enable me to finally mark another "open" question as answered, as I haven't been able to test it yet because of this issue).
  Have a great day:)
  Patrick.

  EJP wrote:
  1. It should be in the directory of the JRE, not the JDK. The end user won't have one.
  2. Dunno, I would think so.
  3. This is a step for the end user to perform, not you. You don't want to be telling the end user who to trust, for all kinds of legal liability reasons. You want him to decide.Hello again.
  I have an update to this. I found out that the domain tunnelbroker.net is in my cacerts (at least if I run a small program to test the SSL Certificate for the site), however since it doesn't list ipv4.tunnelbroker.net as an alternative (that I can see), this is why I'm getting the SSL HandshakeException error.
  Here is the script that I ran (compiled and then used java -Djavax.net.debug=all TestSSL https://ipv4.tunnelbroker.net to run it.
  import java.io.BufferedReader;
  import java.io.InputStream;
  import java.io.InputStreamReader;
  import java.net.URL;
  import java.net.URLConnection;
  * @author Daryl Banttari
  public class TestSSL {
      public static void main(String[] args) {
          // default url:
          String urlString = "https://www.paypal.com/";
          // if any url specified, use that instead:
          if(args.length > 0) {
              urlString = args[0];
          System.out.println("Connecting to " + urlString + "...");
          try {
              // convert user string to URL object
              URL url = new URL(urlString);
              // connect!
              URLConnection cnx = url.openConnection();
              cnx.connect();
              // read the page returned
              InputStream ins = cnx.getInputStream();
              BufferedReader in = new BufferedReader(new InputStreamReader(ins));
              String curline;
              while( (curline = in.readLine()) != null ) {
                  System.out.println(curline);
              // close the connection
              ins.close();
          catch(Throwable t) {
              t.printStackTrace();
  }And here are the results of the complete debugging ***** WARNING there's a lot here ****
  >
  Connecting to https://ipv4.tunnelbroker.net...
  keyStore is :
  keyStore type is : jks
  keyStore provider is :
  init keystore
  init keymanager of type SunX509
  trustStore is: /usr/lib/jvm/java-6-openjdk/jre/lib/security/jssecacerts
  trustStore type is : jks
  trustStore provider is :
  init truststore
  < ... Snipped to conserve space... >
  adding as trusted cert:
  Subject: OU=RSA Security 1024 V3, O=RSA Security Inc
  Issuer: OU=RSA Security 1024 V3, O=RSA Security Inc
  Algorithm: RSA; Serial number: 0xa0101010000027c0000000b00000002
  Valid from Thu Feb 22 15:01:49 CST 2001 until Sun Feb 22 14:01:49 CST 2026
  adding as trusted cert:
  Subject: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
  Issuer: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
  Algorithm: RSA; Serial number: 0xbc201a57ebb49897
  Valid from Tue Jul 10 20:35:31 CDT 2007 until Fri Jul 07 20:35:31 CDT 2017
  adding as trusted cert:
  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
  Valid from Thu Sep 30 19:00:00 CDT 1999 until Wed Jul 16 18:59:59 CDT 2036
  adding as trusted cert:
  Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
  Issuer: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
  Algorithm: RSA; Serial number: 0x1
  Valid from Tue May 30 05:38:31 CDT 2000 until Sat May 30 05:38:31 CDT 2020
  adding as trusted cert:
  Subject: CN=CC Signet - PCA Klasa 2, OU=Centrum Certyfikacji Signet, O=TP Internet Sp. z o.o., C=PL
  Issuer: CN=CC Signet - RootCA, OU=Centrum Certyfikacji Signet, O=TP Internet Sp. z o.o., C=PL
  Algorithm: RSA; Serial number: 0x3cbede10
  Valid from Thu Apr 18 09:54:08 CDT 2002 until Mon Sep 21 10:42:19 CDT 2026
  < ... Snipped to conserve space... >
  trigger seeding of SecureRandom
  done seeding SecureRandom
  Allow unsafe renegotiation: false
  Allow legacy hello messages: true
  Is initial handshake: true
  Is secure renegotiation: false
  %% No cached client session
  *** ClientHello, TLSv1
  RandomCookie: GMT: 1286668278 bytes = { 67, 34, 247, 171, 23, 198, 239, 55, 170, 174, 198, 240, 212, 155, 66, 209, 111, 146, 87, 177, 42, 3, 70, 62, 239, 10, 223, 89 }
  Session ID: {}
  Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
  Compression Methods: { 0 }
  Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
  Extension ec_point_formats, formats: [uncompressed]
  [write] MD5 and SHA1 hashes: len = 177
  0000: 01 00 00 AD 03 01 4D B1 00 F6 43 22 F7 AB 17 C6 ......M...C"....
  0010: EF 37 AA AE C6 F0 D4 9B 42 D1 6F 92 57 B1 2A 03 .7......B.o.W.*.
  0020: 46 3E EF 0A DF 59 00 00 46 00 04 00 05 00 2F 00 F>...Y..F...../.
  0030: 35 C0 02 C0 04 C0 05 C0 0C C0 0E C0 0F C0 07 C0 5...............
  0040: 09 C0 0A C0 11 C0 13 C0 14 00 33 00 39 00 32 00 ..........3.9.2.
  0050: 38 00 0A C0 03 C0 0D C0 08 C0 12 00 16 00 13 00 8...............
  0060: 09 00 15 00 12 00 03 00 08 00 14 00 11 00 FF 01 ................
  0070: 00 00 3E 00 0A 00 34 00 32 00 17 00 01 00 03 00 ..>...4.2.......
  0080: 13 00 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 ................
  0090: 0C 00 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 ................
  00A0: 12 00 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 ................
  00B0: 00 .
  main, WRITE: TLSv1 Handshake, length = 177
  [write] MD5 and SHA1 hashes: len = 173
  0000: 01 03 01 00 84 00 00 00 20 00 00 04 01 00 80 00 ........ .......
  0010: 00 05 00 00 2F 00 00 35 00 C0 02 00 C0 04 01 00 ..../..5........
  0020: 80 00 C0 05 00 C0 0C 00 C0 0E 00 C0 0F 00 C0 07 ................
  0030: 05 00 80 00 C0 09 06 00 40 00 C0 0A 07 00 C0 00 ........@.......
  0040: C0 11 00 C0 13 00 C0 14 00 00 33 00 00 39 00 00 ..........3..9..
  0050: 32 00 00 38 00 00 0A 07 00 C0 00 C0 03 02 00 80 2..8............
  0060: 00 C0 0D 00 C0 08 00 C0 12 00 00 16 00 00 13 00 ................
  0070: 00 09 06 00 40 00 00 15 00 00 12 00 00 03 02 00 ....@...........
  0080: 80 00 00 08 00 00 14 00 00 11 00 00 FF 4D B1 00 .............M..
  0090: F6 43 22 F7 AB 17 C6 EF 37 AA AE C6 F0 D4 9B 42 .C".....7......B
  00A0: D1 6F 92 57 B1 2A 03 46 3E EF 0A DF 59 .o.W.*.F>...Y
  main, WRITE: SSLv2 client hello message, length = 173
  [Raw write]: length = 175
  0000: 80 AD 01 03 01 00 84 00 00 00 20 00 00 04 01 00 .......... .....
  0010: 80 00 00 05 00 00 2F 00 00 35 00 C0 02 00 C0 04 ....../..5......
  0020: 01 00 80 00 C0 05 00 C0 0C 00 C0 0E 00 C0 0F 00 ................
  0030: C0 07 05 00 80 00 C0 09 06 00 40 00 C0 0A 07 00 ..........@.....
  0040: C0 00 C0 11 00 C0 13 00 C0 14 00 00 33 00 00 39 ............3..9
  0050: 00 00 32 00 00 38 00 00 0A 07 00 C0 00 C0 03 02 ..2..8..........
  0060: 00 80 00 C0 0D 00 C0 08 00 C0 12 00 00 16 00 00 ................
  0070: 13 00 00 09 06 00 40 00 00 15 00 00 12 00 00 03 ......@.........
  0080: 02 00 80 00 00 08 00 00 14 00 00 11 00 00 FF 4D ...............M
  0090: B1 00 F6 43 22 F7 AB 17 C6 EF 37 AA AE C6 F0 D4 ...C".....7.....
  00A0: 9B 42 D1 6F 92 57 B1 2A 03 46 3E EF 0A DF 59 .B.o.W.*.F>...Y
  [Raw read]: length = 5
  0000: 16 03 01 00 4A ....J
  [Raw read]: length = 74
  0000: 02 00 00 46 03 01 4D B1 00 F7 8B D6 E1 5A 42 BB ...F..M......ZB.
  0010: D1 66 3D CE D6 7F 41 55 27 58 A2 01 35 FF D0 EA .f=...AU'X..5...
  0020: CF 1A 4A 04 B1 D5 20 59 F2 13 A1 03 B2 1F 39 58 ..J... Y......9X
  0030: 54 BB DA C2 4C F4 BB 17 54 F0 D7 13 5D B0 23 ED T...L...T...].#.
  0040: 3F 31 7D E8 BA 59 62 00 04 00 ?1...Yb...
  main, READ: TLSv1 Handshake, length = 74
  *** ServerHello, TLSv1
  RandomCookie: GMT: 1286668279 bytes = { 139, 214, 225, 90, 66, 187, 209, 102, 61, 206, 214, 127, 65, 85, 39, 88, 162, 1, 53, 255, 208, 234, 207, 26, 74, 4, 177, 213 }
  Session ID: {89, 242, 19, 161, 3, 178, 31, 57, 88, 84, 187, 218, 194, 76, 244, 187, 23, 84, 240, 215, 19, 93, 176, 35, 237, 63, 49, 125, 232, 186, 89, 98}
  Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
  Compression Method: 0
  Warning: No renegotiation indication extension in ServerHello
  %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
  ** SSL_RSA_WITH_RC4_128_MD5
  [read] MD5 and SHA1 hashes: len = 74
  0000: 02 00 00 46 03 01 4D B1 00 F7 8B D6 E1 5A 42 BB ...F..M......ZB.
  0010: D1 66 3D CE D6 7F 41 55 27 58 A2 01 35 FF D0 EA .f=...AU'X..5...
  0020: CF 1A 4A 04 B1 D5 20 59 F2 13 A1 03 B2 1F 39 58 ..J... Y......9X
  0030: 54 BB DA C2 4C F4 BB 17 54 F0 D7 13 5D B0 23 ED T...L...T...].#.
  0040: 3F 31 7D E8 BA 59 62 00 04 00 ?1...Yb...
  [Raw read]: length = 5
  0000: 16 03 01 02 BF .....
  [Raw read]: length = 703
  0000: 0B 00 02 BB 00 02 B8 00 02 B5 30 82 02 B1 30 82 ..........0...0.
  0010: 02 1A 02 09 00 BC 20 1A 57 EB B4 98 97 30 0D 06 ...... .W....0..
  0020: 09 2A 86 48 86 F7 0D 01 01 04 05 00 30 81 9C 31 .*.H........0..1
  0030: 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 .0...U....US1.0.
  0040: 06 03 55 04 08 13 0A 43 61 6C 69 66 6F 72 6E 69 ..U....Californi
  0050: 61 31 10 30 0E 06 03 55 04 07 13 07 46 72 65 6D a1.0...U....Frem
  0060: 6F 6E 74 31 20 30 1E 06 03 55 04 0A 13 17 48 75 ont1 0...U....Hu
  0070: 72 72 69 63 61 6E 65 20 45 6C 65 63 74 72 69 63 rricane Electric
  0080: 2C 20 4C 4C 43 31 0D 30 0B 06 03 55 04 0B 13 04 , LLC1.0...U....
  0090: 49 50 56 36 31 19 30 17 06 03 55 04 03 13 10 74 IPV61.0...U....t
  00A0: 75 6E 6E 65 6C 62 72 6F 6B 65 72 2E 6E 65 74 31 unnelbroker.net1
  00B0: 1A 30 18 06 09 2A 86 48 86 F7 0D 01 09 01 16 0B .0...*.H........
  00C0: 69 6E 66 6F 40 68 65 2E 6E 65 74 30 1E 17 0D 30 [email protected]
  00D0: 37 30 37 31 31 30 31 33 35 33 31 5A 17 0D 31 37 70711013531Z..17
  00E0: 30 37 30 38 30 31 33 35 33 31 5A 30 81 9C 31 0B 0708013531Z0..1.
  00F0: 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 0...U....US1.0..
  0100: 03 55 04 08 13 0A 43 61 6C 69 66 6F 72 6E 69 61 .U....California
  0110: 31 10 30 0E 06 03 55 04 07 13 07 46 72 65 6D 6F 1.0...U....Fremo
  0120: 6E 74 31 20 30 1E 06 03 55 04 0A 13 17 48 75 72 nt1 0...U....Hur
  0130: 72 69 63 61 6E 65 20 45 6C 65 63 74 72 69 63 2C ricane Electric,
  0140: 20 4C 4C 43 31 0D 30 0B 06 03 55 04 0B 13 04 49 LLC1.0...U....I
  0150: 50 56 36 31 19 30 17 06 03 55 04 03 13 10 74 75 PV61.0...U....tu
  0160: 6E 6E 65 6C 62 72 6F 6B 65 72 2E 6E 65 74 31 1A nnelbroker.net1.
  0170: 30 18 06 09 2A 86 48 86 F7 0D 01 09 01 16 0B 69 0...*.H........i
  0180: 6E 66 6F 40 68 65 2E 6E 65 74 30 81 9F 30 0D 06 [email protected]..
  0190: 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 .*.H............
  01A0: 30 81 89 02 81 81 00 D7 24 7C 25 2A 7E 69 75 4A 0.......$.%*.iuJ
  01B0: 85 01 91 86 60 8F 2C 96 E4 BE 96 E4 B6 36 28 A1 ....`.,......6(.
  01C0: 7A 56 53 5C 01 A4 13 C8 6B 96 44 B7 5E 3D C0 60 zVS\....k.D.^=.`
  01D0: B9 27 75 D5 A0 72 84 D7 54 C9 48 F4 B2 B4 B4 44 .'u..r..T.H....D
  01E0: 0C 3D 90 48 57 F4 17 8D 71 EA 1E F8 4E 6F 88 68 .=.HW...q...No.h
  01F0: 4F 5E 30 F9 56 F2 48 F4 57 18 3A 94 89 A9 09 60 O^0.V.H.W.:....`
  0200: 19 CD 15 98 88 47 C3 80 E7 50 30 33 DF A9 51 91 .....G...P03..Q.
  0210: A4 34 40 09 60 C5 C4 F9 38 7C 7A EB 5A F3 3C 63 .4@.`...8.z.Z.<c
  0220: 3D 2D 24 12 08 C6 6F 02 03 01 00 01 30 0D 06 09 =-$...o.....0...
  0230: 2A 86 48 86 F7 0D 01 01 04 05 00 03 81 81 00 55 *.H............U
  0240: 45 96 28 96 33 CD 36 1C 3A 98 96 8B DE 20 93 99 E.(.3.6.:.... ..
  0250: 75 C9 D7 86 94 2E 62 69 C3 80 71 C2 F4 F0 1A 74 u.....bi..q....t
  0260: E5 5C 63 37 64 92 60 68 43 50 0F 49 FB A0 90 71 .\c7d.`hCP.I...q
  0270: 1C EF 37 3F BF 38 E2 32 55 6C EB 63 C5 6A A1 71 ..7?.8.2Ul.c.j.q
  0280: 8B AF 76 0A 49 C6 0A 7C 32 0A 7F 87 9B F3 C5 5B ..v.I...2......[
  0290: 1F 98 9C EC 8D 2C 28 E2 DA 83 98 6D 36 6B 7B DE .....,(....m6k..
  02A0: E7 E6 26 4A AC E9 3F 84 96 4E CB B6 EC C5 13 5D ..&J..?..N.....]
  02B0: 99 45 A0 CB 4B AB BA 08 B7 DF 51 7D CB B7 1F .E..K.....Q....
  main, READ: TLSv1 Handshake, length = 703
  *** Certificate chain
  chain [0] = [
  Version: V1
  Subject: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: Sun RSA public key, 1024 bits
  modulus: 151078214832725997135839062949249516337507001175872585678208884131491712232432816986255053685674730439436945979324335861205079532450830475393857978740049212402170775011735778076852329233310431150139137152539823492882314808967689085169519290729775244738682251391827885615393137851975032443040800861047648470639
  public exponent: 65537
  Validity: [From: Tue Jul 10 20:35:31 CDT 2007,
                 To: Fri Jul 07 20:35:31 CDT 2017]
  Issuer: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
  SerialNumber: [    bc201a57 ebb49897]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 55 45 96 28 96 33 CD 36 1C 3A 98 96 8B DE 20 93 UE.(.3.6.:.... .
  0010: 99 75 C9 D7 86 94 2E 62 69 C3 80 71 C2 F4 F0 1A .u.....bi..q....
  0020: 74 E5 5C 63 37 64 92 60 68 43 50 0F 49 FB A0 90 t.\c7d.`hCP.I...
  0030: 71 1C EF 37 3F BF 38 E2 32 55 6C EB 63 C5 6A A1 q..7?.8.2Ul.c.j.
  0040: 71 8B AF 76 0A 49 C6 0A 7C 32 0A 7F 87 9B F3 C5 q..v.I...2......
  0050: 5B 1F 98 9C EC 8D 2C 28 E2 DA 83 98 6D 36 6B 7B [.....,(....m6k.
  0060: DE E7 E6 26 4A AC E9 3F 84 96 4E CB B6 EC C5 13 ...&J..?..N.....
  0070: 5D 99 45 A0 CB 4B AB BA 08 B7 DF 51 7D CB B7 1F ].E..K.....Q....
  Found trusted certificate:
  Version: V1
  Subject: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: Sun RSA public key, 1024 bits
  modulus: 151078214832725997135839062949249516337507001175872585678208884131491712232432816986255053685674730439436945979324335861205079532450830475393857978740049212402170775011735778076852329233310431150139137152539823492882314808967689085169519290729775244738682251391827885615393137851975032443040800861047648470639
  public exponent: 65537
  Validity: [From: Tue Jul 10 20:35:31 CDT 2007,
                 To: Fri Jul 07 20:35:31 CDT 2017]
  Issuer: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
  SerialNumber: [    bc201a57 ebb49897]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 55 45 96 28 96 33 CD 36 1C 3A 98 96 8B DE 20 93 UE.(.3.6.:.... .
  0010: 99 75 C9 D7 86 94 2E 62 69 C3 80 71 C2 F4 F0 1A .u.....bi..q....
  0020: 74 E5 5C 63 37 64 92 60 68 43 50 0F 49 FB A0 90 t.\c7d.`hCP.I...
  0030: 71 1C EF 37 3F BF 38 E2 32 55 6C EB 63 C5 6A A1 q..7?.8.2Ul.c.j.
  0040: 71 8B AF 76 0A 49 C6 0A 7C 32 0A 7F 87 9B F3 C5 q..v.I...2......
  0050: 5B 1F 98 9C EC 8D 2C 28 E2 DA 83 98 6D 36 6B 7B [.....,(....m6k.
  0060: DE E7 E6 26 4A AC E9 3F 84 96 4E CB B6 EC C5 13 ...&J..?..N.....
  0070: 5D 99 45 A0 CB 4B AB BA 08 B7 DF 51 7D CB B7 1F ].E..K.....Q....
  main, SEND TLSv1 ALERT: fatal, description = certificate_unknown
  main, WRITE: TLSv1 Alert, length = 2
  [Raw write]: length = 7
  0000: 15 03 01 00 02 02 2E .......
  main, called closeSocket()
  main, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching ipv4.tunnelbroker.net found
  javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching ipv4.tunnelbroker.net found
       at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
       at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1665)
       at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:258)
       at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:252)
       at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1165)
       at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)
       at sun.security.ssl.Handshaker.processLoop(Handshaker.java:610)
       at sun.security.ssl.Handshaker.process_record(Handshaker.java:546)
       at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:913)
       at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1158)
       at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1185)
       at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1169)
       at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:440)
       at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
       at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
       at TestSSL.main(TestSSL.java:33)
  Caused by: java.security.cert.CertificateException: No name matching ipv4.tunnelbroker.net found
       at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:225)
       at sun.security.util.HostnameChecker.match(HostnameChecker.java:94)
       at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:285)
       at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:271)
       at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1144)
       ... 11 more
  {quote}
  So, now I'm trying to figure out how to get past this. Unless (and until) Tunnelbroker includes the alternative name in their certificate (or if it's included already, until I figure out how to get that alternative imported into my truststore), I'm never going to be able to update via java.
  Have a great day:)
  Patrick.

• Login error in Portal after importing a new certificate into BI

  Hi Experts,
  Our certificate in BI expired last month and we were unable to login to the BEx reports due to this.
  I have created a new certificate using Visual Administrator and imported that certificate into BI using STRUSTSSO2 after deleting the old certificate from the system PSE.
  After which I have added this new certificate to the ACL for Single Sign On.
  Then rebooted the JAVA stack for the changes to take effect.
  Now, when I want to login to view reports on the Portal created by BEx Analyzer, I am getting this RFC_ERROR_LOGON_FAILURE exception.
  When checked in SM50, it shows SsfVerify failed and SSF_API_NOCERTIFICATE errors.
  Please help me out resolving this. Did I miss out on any of the steps?
  Also when I ran the report, RSPOR_SETUP, the step 5 shows SID_certificate.crt is not existing and the step 12 shows that BI certificate not imported, SAP BI User is not mapped to SAP EP User.
  Regards,

  Hi,
  Have a look at this [thread|The URL http://xxx was not called due to an error; as well as the [Wiki Link|http://wiki.sdn.sap.com/wiki/display/BSP/Logon].
  Hope this will be helpful for you.
  Regards,
  Varadharajan M

• Importing a certificate that wasn't created within jes into jes4 messaging

  Hi,
  We want to enable imap over ssl into jes4, so we tried to re-use a wildcard certificate that we received from globalsign.
  this certificate was generated using openssl on another server. We received a file from globalsign in the .pem format
  Now, we tried to import this certificate into our jes5 messaging server via the ldap console
  We got an error stating:
  "Either this certificate is for another server, or this certificate was not requested using this server". (the latter suggestion applies in our case).
  Is there a possibility somehow to import this certificate, or is this technically not possible ?
  kind regards,
  Tom

  Importing certificates not generated/requested by msgcert/admin console has been discussed in other forums:
  e.g.
  http://forum.java.sun.com/thread.jspa?threadID=5018886&messageID=9224268
  Regards,
  Shane.

• SSL + Wallet Manager

  Hi All,
  I am trying to configure SSL on my application.I am using OHS11g. I got the certificate from CA. I downloaded the rootCA , primary and secondary Intermediate certificates. I have imported the rootCA first. When i try to import Primary CA then i am getting an error like *"Trusted Certificate Installation Failed" possible errors: Some trusted Certificates could not be installed and Trusted certificate is already present in the wallet* . Then i try to import the user certificate then its giving the error like "user *certificate import has failed because the ca certificate does not exist"*. I tried some combination like removed rootCA and imported PrimaryCA. Then also i am getting the same error.
  Please let me know a solution for this.
  Thanks,
  Manikandan

  Different animal, I have notes : (Older, but I think OK)
  Oracle 10G SSL Configuration
  There are three major steps needed to configure SSL in OracleAS 10g:
  I. Create an Oracle Wallet which contains an SSL Certificate.
  II. Configure httpd.conf directives to enable SSL with OHS.
  III. Configure the opmn.xml to enable Oracle Application Server 10G to allow SSL with OHS.
  STEP I: Configuring Oracle Wallet Manager (OWM)
  =========================================================================
  1.     Start Oracle Wallet Manager from the OracleAS 10g $ORACLE_HOME.
  Note: If you wish to use AutoLogin features you must start OWM as
  the user owning the httpd parent process.
  To start Oracle Wallet Manager:
  On Windows: select Start -> Programs -> OracleAS 10g - ORACLE_HOME -> Integrated Management Tools -> Wallet Manager
  On UNIX: enter "owm" at the command line.
  2. Create an Oracle Wallet which contains a SSL Certificate:
  - Select Wallet -> New
  - Enter a password for the wallet (e.g Welcome1)
  - Create a Certificate Request.
  - Enter the details for the request. For example:
  Common Name:          <host.domain>
  Organizational Unit:          Support
  Organization:           Oracle
  Location:               Reading
  State:               Berkshire
  Country:               United Kingdom
  Key Size:               1024bits
  * Common Name has to match the host.domain that the webserver is known as. This is the ServerName parameter in the httpd.conf file and the host.domain that users will access from the browser URL.
  - Click OK.
  - Click 'Certificate:[Requested]' and select from the Menu 'Operations' and 'Export Certificate Request'
  - Save to a file (e.g server.csr)
  - Select Wallet -> Save
  - Save to a directory e.g /tmp/wallet/
  - Open the file in a text editor and copy the contents of the certificate signing request.
  An example is shown below:
  -----BEGIN NEW CERTIFICATE REQUEST-----
  MIIBtzCCASACAQAwdzELMAkGA1UEBhMCR0IxEjAQBgNVBAgTCWJlcmtzaGlyZTEQMA4GA1UEBxMHcmVhZGluZzEPMA0GA1UEChQGb3JhY2xlMRAwDgYDVQQLFAdzdXBwb3J0MR8wHQYDVQQDFBZ1a2RoMTkzNC51ay5vcmFjbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYkFMb9x4ehsG3yQ2ub319GxPW+/TC3NSIYRLzEa49EziqBUr08R3Ssn9+6nolVjj1eb3rzwCfjiOSzsp1lSa/B9Vo63pwP6xLbCgF8J86YfcZvavgLzY0Yc1fPfRxpZkb/jjt+F1zkaI6Lilm5YU3bRNYMb36TAWxUYL1m6wZOwIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEACKXTmPHaSe3Lx3onnKJk/qI8SzpKyQC/B29vJGg1+7Lb7gl052Y9WKxbKHzOQOYr8yYxMXNBCUwW6kBAFoxTWSpIxIQOpJXcsu1RlHKaLfAnw053LiwpRB6do7MBrVgMRiv3AyTkJkgRzSxABWAgNpBPbhH+L6PZj5tSjOPErKA=
  -----END NEW CERTIFICATE REQUEST-----
  3. Request a Certificate from a Certificate Authority.
  For the purposes of this note it is assumed you have OracleAS 10g Oracle Certificate Authority configured within your organization.(NB: If you want to use another CA then follow the next section then proceed on to Step II in this document.)
  =======================================================================
  Request a Certificate from a Certificate Authority:
  - Load a web browser and go a Certificate Authority website of your choice.
  The examples below are from www.thawte.com:
  - Click on 'request your free trial'.
  - Fill in the necessary name and address details etc. and 'Submit'.
  - Paste in the certificate request into the box under the 'Certificate Signing Request' Section.
  - Select "Test X509v3 SSL Cert" and hit "Generate Test Certificate"
  - Once submitted the Trial Certificate will appear on screen similar to below:
  -----BEGIN CERTIFICATE-----
  MIICnDCCAgWgAwIBAgIDD9m+MA0GCSqGSIb3DQEBBAUAMIGHMQswCQYDVQQGEwJaQTEiMCAGA1UECBMZRk9SIFRFU1RJTkcgUFVSUE9TRVMgT05MWTEdMBsGA1UEChMUVGhhd3RlIENlcnRpZmljYXRpb24xFzAVBgNVBAsTDlRFU1QgVEVTVCBURVNUMRwwGgYDVQQDExNUaGF3dGUgVGVzdCBDQSBSb290MB4XDTAxMTAyNDE0MDIxOVoXDTAxMTExNDE0MDIxOVowdzELMAkGA1UEBhMCR0IxEjAQBgNVBAgTCUJlcmtzaGlyZTEQMA4GA1UEBxMHUmVhZGluZzEPMA0GA1UEChQGT3JhY2xlMRAwDgYDVQQLFAdTdXBwb3J0MR8wHQYDVQQDFBZ1a3AxNTkxOC51ay5vcmFjbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDiQbg8KHjQ8hazvFe+OFhQa6ka+i5oShUty1MhlH+//xXP+j82h4VlyPG6IGKeQdXLhnKXgLuxTZ8/VDtLZyucmpIB95o2A3Betjp7UdImC572rKrQTA+1mCt/KLWcNE+fQuCmhloaERh3jsWTng0TKsDpJeAJdW2F4tCy/E/EMwIDAQABoyUwIzATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBACffzyC3qvAlvNWc6mBPMjFu6XWUGZBuNawFCz8qGw5/ce3rWFNI4zOjc1OncoJg7FjDJgAWqiJFHgdV4gwQm/8lTJX6wD1FhMtrJDXf29ei1DAe8kBOBWiFMio8Qjp24TdxoI6/53/32ydl91CPtTKAix3SaC2bBS5lG73AbKRr
  -----END CERTIFICATE-----
  - Copy the certificate to a file called server.crt
  - Get the Trusted CA Root certificate by accessing:
  https://www.thawte.com/roots/index.html
  - Copy the certificate that appears on the screen to a file called servertest.crt
  - Ftp or move the files to a directory on your server
  - In Wallet Manager select Operations -> Import User Certificate.
  - It will then ask you if you want to Paste the certificate or load from a file. Choose 'Select a file that contains a certificate'.
  - Select the file server.crt and hit OK.
  - At this point, the Wallet Manager may complain that the Trusted CA Root Certificate does not exist in the wallet. It will ask if you want to import it now. Select Yes. See Below
  - Select 'Select a file that contains a certificate' and select the servertest.crt file.
  - If this completes successfully you should see Certificate:[Ready] and the Thawte Test CA Root will appear in the list of trusted certificates.
  - If you desire Oracle HTTP Server to AutoLogin to the Wallet, then select AutoLogin. (Wallet Manager must have been started as the owner of the httpd parent process for this to work).
  - From the menu, File -> Save
  Save the Wallet in a directory where the 9iAS user has permission to access
  * If you generated your test certificate via www.verisign.com there is an additional step required if OWM is not accepting the Trusted CA Root Certificate. The step is as follows:
  In OWM, at the point of message "User certificate import has failed because the CA certificate does not exist". You are expected to import the CA certificate. For Verisign, that would be the 'Test CA Root' for the Trial version. Verisign's email has instructions on how to download the Test CA Root. One problem with the Test CA Root is that it is saved as DER encoding, but OWM expects BASE64 encoding.
  Please do following, using Internet Explorer 5.X as example.
  1. Following Verisign instructions and install Test CA Root certification into IE.
  2. Export 'Test CA Root' from IE in BASE64 format Tools -> Internet Options -> Contents -> Certificates -> Trusted Root Certificate Authorities
  Select CA issued by Versign with following Description in 'Issued to' column
  "For Versign authorized testing only ....."
  Export -> Next -> select Base-64 encoded X.509(.cer)
  The file saved must me accessible to OWM
  3. When prompted to load 'CA certificate ', provide the Base64 encoded file. Then, continue where you left off when OWM did not accept your Trusted CA Root Certificate.
  Access the URL from which the OCA install resides (e.g.https://host.domain:4400/oca/user)
  - Note, the first time you access this site from a browser, the browser will inform you that the certificate is not trusted. Depending on your environment the following is required:
  On Windows using IE (tested with 5.5), accept the certificate for the session and then once the OCA page has been loaded, select 'click here to import the certificate authority certificate into your browser'. This will prompt you to download and install a file called certImport.cer. Double click on this file and then select “Install Certificate” to launch the Certificate Import Wizard.
  From there, follow the wizard to successfully import the certificate into the browser. The certificate can then be managed by going to Tools -> Internet Options -> Content -> Certificates.
  On Unix using Mozilla (tested with 1.0.1), select the option to Remember this certificate permanently and once the OCA page has been loaded, select 'click here to import the certificate authority certificate into your browser'. A dialog box will then prompt to trust host? for the following purposes:
  - Trust this CA to identify web sites.
  - Trust this CA to identify email users.
  - Trust this CA to identify software developers.
  Once one or more of these options are selected, the certificate has been imported and can be found under:
  Edit -> Preferences -> Privacy and Security -> Certificates -> Manage Certificates -> Authorities -> Certificate Name is Oracle Corporation.
  On Unix or Windows, using Netscape (tested with 6.0), a dialog box will prompt you with the following options:
  - Accept this certificate permanently.
  - Accept this certificate temporarily for this session.
  - Do not accept this certificate and do not connect to this web site.
  As long as the third option is not selected the prompt will be eliminated. Once the OCA page has been loaded the option to select 'click here to import the certificate authority certificate into your browser' will bring up a pop-up prompting you to trust name? for the following purposes:
  - Trust this CA to identify web sites.
  - Trust this CA to identify email users.
  - Trust this CA to identify software developers.
  Once one or more of these options are selected, the certificate has been imported and can be found under:
  Edit -> Preferences -> Privacy and Security -> Certificates -> Manage Certificates? -> Authorities.
  - In the URL https://host.domain:4400/oca/user, click on the Server/SubCA Certificates
  - Click 'Request a Certificate'
  - Paste in the certificate request and fill in the form details. For example,
  PKCS#10 Request:
  -----BEGIN NEW CERTIFICATE REQUEST-----
  MIIBtzCCASACAQAwdzELMAkGA1UEBhMCR0IxEjAQBgNVBAgTCUJlcmtzaGlyZTEQMA4GA1UEBxMHUmVhZGluZzERMA8GA1UEChQIY29tcGFueTExDjAMBgNVBAsUBWRlcHQxMR8wHQYDVQQDFBZ1a3AxNTg0OS51ay5vcmFjbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBU47J7Ob5N7lBTcztAzkJQ9jx8atJayrTVjVh3io6a0NIS98ADdc3+/ECKL4i8SfDnnSQKFw/tKv3snF0H86JFphoRoExrOA2ZdJPEunzH4u2nkRadZGGtZqzG1L+1jIYLJ669zh0k7XJQJgG8oQyBGDaCtbRQSniHZMEWXDbBQIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEADfwkv3WUngj5cCnxOHNQ3A3q7bWWZWrz0pHt+QHXFDEwrRsz7qUQY/JijIWfS67ekh71R/6eDysCRZGP+/dXOcxTZM/x4VS2INeY+scGWiXvaU8NLC2YxPYYNl38Wl19MIIW8VF0PaZRBtL4Ntgadc54Qei2EXUJJXmkgHi1PBE=
  -----END NEW CERTIFICATE REQUEST-----
  Name: Fred Bloggs
  Email: [email protected]
  Certificate Usage: SSL/Encryption
  Validity Period: 1 year
  - Hit the 'Submit' button
  - A page will appear similar to the following:
  Information
  Your certificate request is accepted. Administrator will contact you for certificate issuance. Your request ID is "4". Please use this request ID for future reference.
  4. If you are not the Certificate Authority, then wait until the CA has contacted you to say the certificate is ready and then proceed on to step (5).
  If you are the Oracle Certificate Administrator then perform the following:
  - Access the OCA Administration page from which the OCA install resides (e.g. https://host.domain:4400/oca/admin)
  - Click on the 'Certificate Management' tab
  - Here you will see the Certificate Requests awaiting action.
  - Select the radio button for "Request ID" 4. Select 'View Details'
  - This will bring up a page similar to the following:
  Certificate Request Information
  Status : PENDING
  Certificate Type : server
  Certificate Usage : SSL, Encryption
  Serial Number : 4
  Subject DN : CN=midtier.uk.oracle.com,OU=dept1,O=company1,L=Reading,ST=Berkshire,C=GB
  Request Date : Tue Sep 16 14:17:15 BST 2003
  Algorithm : RSA
  Exponent : 65537
  Subject(Requestor) CN=midtier.uk.oracle.com,OU=dept1,O=company1,L=Reading,ST=Berkshire,C=GB
  Validity Period: 365 days
  - Select 'Approve'
  - You will get a page similar to the following:
  Certificate Request is approved. The serial number of the issued certificate is "5". Requestor Name: Fred Bloggs Requestor Email: [email protected]
  5. Once the certificate has been approved, access the following URL:
  https://host.domain:4400/oca/user
  - Click on the 'Server/Sub CA Certificate' tab
  - Select "Search" -> "Certificate Request" -> "ID/Serial No."
  - Enter number 4 in the box, where 4 is the request ID number as per step 4)and select 'Go'
  - A page shoud be displayed similar to the following:
  Request ID      4
  User DN CN=midtier.uk.oracle.com,OU=dept1,O=company1,L=Reading,ST=Berkshire,C=GB
  Request Type      server
  Request Date      16 September 2003
  Status           Certified
  Serial Number      5
  As the status is certified we know the certificate has been issued and we can download it. Click on the Serial Number (e.g 5) and this will display a page with the base 64 certificate:
  BASE64-Encoded Certificate.
  -----BEGIN CERTIFICATE-----
  MIIDqjCCApKgAwIBAgIBBTANBgkqhkiG9w0BAQQFADBKMQswCQYDVQQGEwJHQjEPMA0GA1UEChQGT3JhY2xlMRAwDgYDVQQLEwdTdXBwb3J0MRgwFgYDVQQDFA9SdXNzIFN1cHBvcnQgQ0EwHhcNMDMwOTE2MTMyNjMxWhcNMDQwOTE1MTMyNjMxWjB3MQswCQYDVQQGEwJHQjESMBAGA1UECBMJQmVya3NoaXJlMRAwDgYDVQQHEwdSZWFkaW5nMREwDwYDVQQKFAhjb21wYW55MTEOMAwGA1UECxMFZGVwdDExHzAdBgNVBAMUFnVrcDE1ODQ5LnVrLm9yYWNsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMFTjsns5vk3uUFNzO0DOQlD2PHxq0lrKtNWNWHeKjprQ0hL3wAN1zf78QIoviLxJ8OedJAoXD+0q/eycXQfzokWmGhGgTGs4DZl0k8S6fMfi7aeRFp1kYa1mrMbUv7WMhgsnrr3OHSTtclAmAbyhDIEYNoK1tFBKeIdkwRZcNsFAgMBAAGjgfEwge4wDAYDVR0PBAUDAwfoADCB3QYDVR0fBIHVMIHSMIHPoIHMoIHJhoHGbGRhcDovL3VrcDE1ODQ5LnVrLm9yYWNsZS5jb20vMzg5L2NuPW9jYTEsY249Q1JMVmFsaWRhdGlvbixjbj1WYWxpZGF0aW9uLGNuPVBLSSxjbj1Qcm9kdWN0cyxjbj1PcmFjbGVDb250ZXh0P2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/b25lP29yY2xQS0lJc3N1ZXJETj1DTj1SdXNzIFN1cHBvcnQgQ0EsT1U9U3VwcG9ydCxPPU9yYWNsZSxDPUdCMA0GCSqGSIb3DQEBBAUAA4IBAQAmZ6k2J9S3WJ08jHKx4o3zKp+3YMYoAkeiIGK5JerIWpc2n7knPW6zkuGTQaO7t0E2Uj8LKNny 62ZSZtqw6s0Myb0beYDwHpmUxp4AypL/LVPhz4KZt8eOa0lkDQJUJzvCbxvauQRzIgsBKsm3WP1tdDuogNY1loRzhI24MlIN8+7z5ZU1FrEGiANMMgZNbvTTs7Jny3K7IuJTKNhxK2is6uV1hoaAENdQaFdfpRMbHmgOVJcrocRIPzzod5MJlTUNQjPqyLuiQMndrnLPd+tn1VCoJwzNW54nAWBNFrVZJB3DdcA1GXYMqpe8UdwaaCn5AvMV6YJnE3swOEvgRypU
  -----END CERTIFICATE-----
  - Click on 'Download Certificate' and save to a file (e.g server.crt)
  - Select the 'Home' tab and then select 'click here to download the Certificate Authority certificate to your file system' and save to a file (e.g rootca.crt).
  This is the rootCA that has to be loaded in the wallet.
  6. Load the root CA and server certificate into the wallet.
  In Wallet Manager select Operations -> Import Trusted Certificate.
  - It will then ask you if you want to Paste the certificate or load from a file. Choose 'Select a file that contains a certificate'.
  - Select the file server.crt and select OK.
  - At this point, the Wallet Manager may complain that the Trusted CA Root Certificate does not exist in the wallet. It will ask if you want to import it now. Select Yes.
  - Locate 'Select a file that contains a certificate' and select the rootca.crt file.
  - If this completes successfully you should see Certificate:[Ready] and the Oracle Certificate Authority Root certificate will appear in the list of trusted certificates.
  - If you desire Oracle HTTP Server to AutoLogin to the Wallet, then select AutoLogin. (Oracle Wallet Manager must have been started as the owner of the httpd parent process in order for this to work).
  - From the menu, select File -> Save. Save the Wallet in a directory.
  Note : After Certificate has been signed :
  Import rootca.crt as trusted CERT.
  Import server.crt as user CERT.
  STEP II: Configuring Oracle HTTP Server (OHS)
  =========================================================================
  Starting in Oracle Application Server 10G, all SSL related directives are stored in $ORACLE_HOME/Apache/Apache/conf/ssl.conf.
  1. Please review the default directives in the ssl.conf file that relate to SSL by opening the file in a text editor and search on "SSL". If you have not already done so, please make a back up of this file. Do NOT hand edit this file without reading the precautions in the 10G Documentation. You should use the Enterprise Manager (EM) Application Server Control to modify this file:
  Farm > Application Server: sid.host.domain > HTTP Server > Administration Tab> Advanced Server Properties > Edit ssl.conf.
  2. For SSL to work, the SSL 'listen' port must match the "VirtualHost _default_" directive within the file. All other SSL parameters are set to the default, and you can modify at a later time, depending on your needs.
  ## SSL Support
  Listen 4446
  #4446 is the SSL port number.
  ## Further down in file:
  <VirtualHost default:4446>
  For the purposes of a basic SSL configuration, you should only need to change the following directives:
  SSLWallet
  SSLWalletPassword
  3. Change the SSLWallet directive to the path where you saved your wallet, i.e: SSLWallet file:/tmp/wallet
  - If you did not select AutoLogin, then you need to change the SSLWalletPassword to your clear text Wallet password by adding the following into your ssl.conf
  SSLWalletPassword <yourPassword>
  - If you wish to encrypt the SSLWalletPassword refer to the following:
  [NOTE:184677.1] - How to Use IASOBF to Encrpyt a Wallet Password Within 9iAS Release 2.
  - Save the configuration
  - Run dcmctl updateconfig -ct ohs if you did not use EM Application Server Control and used a text editor to update the file.
  STEP III: Modifying opmn.xml to allow OHS with SSL
  =========================================================================
  By default, SSL is turned off in HTTP Server for Oracle Application Server 10G.In order for SSL to work you must update the opmn.xml file to re-enable SSL.
  1. Do NOT hand edit this file without reading the precautions in the 10G documentation. You should use the Enterprise Manager (EM) Application Server Control to modify this file: Farm > Application Server: sid.host.domain > Process Management.
  2. Edit the ORACLE_HOME/opmn/conf/opmn.xml and change ssl-disabled to ssl-enabled,
  e.g:
  <ias-component id="HTTP_Server">
  <process-type id="HTTP_Server" module-id="OHS">
  <module-data>
  <category id="start-parameters">
  <data id="start-mode" value="ssl-enabled"/>
  </category>
  </module-data>
  <process-set id="HTTP_Server" numprocs="1"/>
  </process-type>
  3. Save the changes
  4. Run dcmctl updateconfig -ct opmn if you did not use EM Application Server Control and used a text editor to update the file.
  5. Run opmnctl reload
  6. Restart the Oracle HTTP Server
  7. Test a URL to Oracle HTTP Server in SSL mode: https://<host.domain>:<port>
  Note : After the restart of the Oracle HTTP Server, if you can’t access the site in SSL mode, restart the entire opmn process by issuing:
  ##### For Forms, you must change the JPI download page to use https instead of http in the $ORACLE_HOME/forms/server/formsweb.cfg file otherwise you’ll get “Page contains both secure and non-secure items” warning.
  Opmnctl stopall
  Opmnctl startall
  Then retry.