Java SSL setup in NW PI 7.1 EHP1

I am trying to set up SSL in a Netweaver PI 7.1 system on EHP1.  According to the SAP Help documentation, the default keystore view for SSL should be ICM_SSL_<instance_ID>.  It is my understanding that this view is created automatically.  I don't remember ever having to manually create it before.  But in my current system this keystore view does not exist.  Can anyone confirm whether or not this view should have been created automatically during installation as the help documentation suggests?

Hi Kevin,
I found your thread while searching for something else but I am also trying to set up the SSL connection for JAVA.
I would appreciate it if you could help.
Where we are; we intalled sap cryptographic library and on the ABAP side the SSL is working. Now we want to call a Web Service which uses https with a SOAP adapter. But we couldn't configure the SOAP adapter and the SSL cert.
Can you give some intput in what we should do on JAVA to get this working?
Thank you very much.

Similar Messages

  • SSL setup - Weblogic 10.3 and OIM 9.1.0.1

    I am using self generated certs. I have followed all the steps in configuring SSL for OIM given in section 8.6.2 SSL Certificate Setup given in Installation and Configuration Guide for Oracle WebLogic Server Release 9.1.0.1 E14047-02.
    But when I try to perform the following step:
    To configure the trust store:
    1. Copy the supportcert.pem file to the following location on the Design Console:
    OIM_DC_HOME\java\lib\security.
    2. Open a command prompt at OIM_DC_HOME\java\lib\security and run the
    following command:
    cd OIM_DC_HOME\java\lib\security
    keytool -import
    -alias support
    -trustcacerts
    -file supportcert.pem
    -keystore cacerts
    -storepass changeit
    I don't see any folder in oim client as given above of \java\lib\security. So I created the same and followed the instructions but still the keytool.exe s not present in it. So is something missing in the document that we are not aware of? Do we have to copy the keytool.exe from BEA_HOME? I tried that too but it propped up an error saying some DLL/JAR not found.
    I found this viewlet which shows something different related to SSL setup in weblogic
    \S21880\Setup_SSL_Certificates_WLS70_61_viewlet_swf.htm
    Are the steps given in the guide enough for the SSL configuration between weblogic and oim ? or do we need to follow some other steps too ?
    Any ideas/clues/suggestions? Very appreciative.
    Many Thanks in advance.
    - oidm.

    I had a look into the xlclient.cmd file and went to the JAVA directory which is being used. And did a search for the "cacerts" and found out that there is a file named cacerts in the JAVA_HOME/jre/lib/security folder over there.
    But how does that relate to the problem of running the keytool command successfully at the right place (OIM_DC_HOME) ?
    Any hints Kevin....
    Thanks,
    - oidm.

  • Upgrading WLS 8.1 SP2 to SP5: does SSL setup need to be re-done?

    All,
    Our production application has been built using Workshop 8.1 SP2, and is deployed on a WLS 8.1 SP2. We are now wanting to upgrade to SP5, and so I used the "Smart Update" utility to upgrade my local instance to SP5. Our application is accessed over SSL, so I was wondering if the whole SSL-setup that was done when we setup our production SP2 environment a year ago needs to be re-done? Our application has a web module, two java projects, uses SSL-based web-services and has a custom Oracle JAAS login module. I already found out that there is a particular setting on the domain that has changed between SP2 and SP5 that allows anonymous lookup of MBeans(Anonymous Admin Lookup Enabled). Are there any other such settings/considerations i need to be aware of in moving from SP2 to SP5?
    All help is appreciated..it will help me decide on moving to SP5.
    Thanks in advance!
    Vik.

    Hi Vik
    When you use smartupdate to upgrade from sp2 to sp5, it will upgrade only the weblogic workshop instance and not the domains.
    Either you will have to upgrade the existing sp2 domain to sp5 or create a new sp5 domain and configure it just like sp2.
    After the upgrade open the config.xml under the new domain and check the SSL config under the server just to make sure.As far as the SSL config is concerned it did not change from sp2 to sp5.
    More information on this is available at
    http://e-docs.bea.com/platform/docs81/upgrade/faq.html
    Thanks
    Vimala

  • SSL Setup in a load balanced portal

    Hi,
    We are implementing a portal landscape and also we are using a hardware based (Cisco ACE) load balancer for load balancing purposes.
    So the configuration would be:
    Portal requests --> Load Balancer --> Portal --> Backend
    We are trying to implement SSL until the portal server and I have a question regarding the SSL certificate installation process.
    The URL on the load balancer would be for example https://portaltest.mycompany.com which would load balance the requests between the application servers of the portal (https://sapeptest1.mycompany.com:50001/irj/portal and https://sapeptest2.mycompany.com:50001/irj/portal).
    So, first thing we will have to do would be to install an SSL certificate (signed by a Trusted CA) on the load balancer with a CN=portaltest.mycompany.com.
    I understand that for https to function properly, the host name in the URL we are using to get to the server should match the CN of the SSL certificate installed on the server.
    Now, can we install the same certificate (that we put on the LB) on the portal as well?
    (This might not work because the server type will be different)
    (or)
    Do we need to buy 2 certificates with the same CN and install one each on the LB and portal ?
    Can some one please suggest on how to proceed with the SSL setup and certificate installation process ?
    Thank You ,
    Raj

    Raj Kumar wrote:
    My question is about how to go about installing the certificates on the LB and on the portal.
    If you aren't using web dispatcher, then the details of the installation on the LB will depend on your LB (Cisco? Radware? etc?). I suggest contacting your LB vendor for that.
    Sen's link is for SSO, you want the [SSL procedure|http://help.sap.com/saphelp_nw70/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm].
    You probably don't need a signed cert on the portal server itself (depending on whether your LB validates the cert). You could just use the default self-signed cert, since users won't be connecting to it directly and so won't be troubled by warnings about untrusted certs: the traffic from the AS would still be encrypted, you would only lose out on the server authentication feature (which you don't need, since again users won't see it).
    On the other hand, do you really need SSL on portal server? That adds overhead at both the LB and portal. It's usually sufficient to use HTTP from the LB to the back-end, as long as the servers only allow connections from the LB. I realize you aren't using web dispatcher, but this looks like scenario #3 in [this diagram|http://help.sap.com/saphelp_nw70/helpdata/en/d8/a922d7f45f11d5996e00508b5d5211/frameset.htm]
    Regards,
    Sean

  • Impact of running autoconfig on SSL setup

    Hi,
    I have SSL setup in production and need to apply the latest autoconfig patch there. Can you please advice if running autoconfig will impact the current SSL setup in any way?
    My EBS version is 11.5.10.2 with 10.2.0.4 database. I have a multinode configuration with Web and forms server on one node and Database, reports, concurrent and admin server on the other.

    user503988 wrote:
    Hi,
    I have SSL setup in production and need to apply the latest autoconfig patch there. Can you please advice if running autoconfig will impact the current SSL setup in any way?
    My EBS version is 11.5.10.2 with 10.2.0.4 database. I have a multinode configuration with Web and forms server on one node and Database, reports, concurrent and admin server on the other.AutoConfig should not impact your SSL setup, as long as you followed these MOS docs to implement SSL and have all the context variables set properly.
    11i: A Guide to Understanding and Implementing SSL for Oracle Applications [ID 123718.1]
    11i: Troubleshooting SSL with Oracle Applications [ID 300969.1]
    Thanks,
    Hussein

  • Update java SSL certificate

    Hi All,
    Can some one please tell me te procedure to Procure a new or renew a ABAP and JAVA SSL certificate?
    Thanks in advance...........
    Regards,
    Thirun.

    Hi,
    Refer the below link ...
    http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/content.htm
    Thanks
    Anil

  • SSL setup in PI 7.1

    Hi,
    I used NWA to create secure store, CSR and imported the CSR response. Its working fine on the CI. I added a dialog instance and want to include that server (instance) into SSL. I exported my certificate from the CI and imported into DI (NWA-Key storage). However I could not access PI tools with just the java stack of DI running. So I am not sure if there is a missing step. Also in STRUST under Client PSE where I have both instances listed, the DI is showing RED. The CI is green. I have the root certificates imported into it to access other systems (ECC etc) using https.
    I did not use STRUST at all to create server PSEs as with 7.1 we would have to use either NWA or STRUST and maintain the using the same tool.
    Your help/suggestions would be much appreciated.
    Thanks.

    Hi,
    Find below link for more help on SSL configuration
    SSL Configuration
    http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/964f67ec-0701-0010-bd88-f995abf4e1fc
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/23894238-0701-0010-40b0-a0a6d5c4ad9f?prtmode=navigate
    SSL Message level security
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba681c51
    Certificate Authority
    http://www.tc.umn.edu/~brams006/selfsign.html
    Digital signature & document entryption
    http://help.sap.com/saphelp_nw04/helpdata/en/4f/65c3b32107964996a56e4165077e24/frameset.htm

  • Java SSL Error

    Hi ,
    Iam trying to access a https site from my code.When i execute my java code it throws the following error.
    " javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found "
    Does anybody have a sample code which would accept the certiifcate from the site iam trying to connect and continue work on with my code logic rather than throwing this error or is there any other way out.
    Thanks in advance for ur help
    Meera

    Hi,
    First you have to find out who signed the SSL certificate of the server you are trying to connect to. It is typically Versign or some other huge trusted entity. Then you have to download the trusted entity's root certificate or some other certificate that is in the higher up in the certificate chain.
    When you have this certificate you then have to import it into the <JAVA_HOME>/jre/lib/security/cacerts keystore using the <JAVA_HOME>/bin/keytool program:
    keytool -import -file <THe certificate> -keytstore cacertsYou will then be promted to type the password which is 'changeit'
    Hope this helps
    /Sakka

  • How to load mssql in java api setup

    i m workiong on core java application.
    i have mssql databaseconnectivity.
    i want to ask if i want to run this api on the pc which dont have sql install then how to make database to be run on that pc with setup.
    isearched abt it i found sql script, sql agent and msde installer but that not working
    help me

    http://search.java.sun.com/search/java/index.jsp?qp=&nh=10&qt=%2Btitle%3Aapplication+%2Btitle%3Asound&col=javaforums
    BTW: You can doo this yourself

  • WLS 6.0 - SSL Setup error

    We have configured a managed server to be SSL enableb but the admin
    server is not SSL enable. We get the following error when starting
    the managed server that is SSL enabled.
    <Mar 23, 2001 6:10:06 PM PST> <Alert> <WebLogicServer> <Inconsistent
    security co
    nfiguration, java.lang.Exception: Unable to open url: http://192.168.10.6:7001/w
    l_management java.io.FileNotFoundException: Response: '500' for
    url: 'http://192
    .168.10.6:7001/wl_management'>
    java.lang.Exception: Unable to open url: http://192.168.10.6:7001/wl_management
    java.io.FileNotFoundException: Response: '500' for url: 'http://192.168.10.6:700
    1/wl_management'
    at weblogic.t3.srvr.SSLListenThread.resolvePropertyFromAdminServer(SSLLi
    stenThread.java:198)
    at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:425)
    at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
    at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:939)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
    at weblogic.Server.main(Server.java:35)
    Thanks
    Viren

    Have you verified that your managed server has a valid
    ServerCertificateFileName as well as a ServerCertificateChainFileName? The
    first certificate in the ServerCertificateChainFileName must be the signer
    of the cert in the ServerCertificateFileName file. The last certificate (may
    also be the first) in the ServerCertificateChainFileName must be
    self-signed. From the stack trace it looks as though the code may be trying
    to get a property or file from the admin server. Does the admin server's
    log have any errors in it that contain info about a certificate?
    Paul
    I think that the
    "Viren" <[email protected]> wrote in message
    news:3abf8a9f$[email protected]..
    >
    We have configured a managed server to be SSL enableb but the admin
    server is not SSL enable. We get the following error when starting
    the managed server that is SSL enabled.
    <Mar 23, 2001 6:10:06 PM PST> <Alert> <WebLogicServer> <Inconsistent
    security co
    nfiguration, java.lang.Exception: Unable to open url:http://192.168.10.6:7001/w
    l_management java.io.FileNotFoundException: Response: '500' for
    url: 'http://192
    168.10.6:7001/wl_management'>
    java.lang.Exception: Unable to open url:http://192.168.10.6:7001/wl_management
    >
    java.io.FileNotFoundException: Response: '500' for url:'http://192.168.10.6:700
    1/wl_management'
    atweblogic.t3.srvr.SSLListenThread.resolvePropertyFromAdminServer(SSLLi
    stenThread.java:198)
    atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:425)
    atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
    atweblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:939)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
    at weblogic.Server.main(Server.java:35)
    Thanks
    Viren

  • SSL setup with a load balancer

    We are running EP 7.0 SP14 and have set it up to run through a Cisco ACE loadbalancer.  We have also setup SSL with the certificate on the ACE load balancer.  Everythign work fine, except we keep getting a Security Alert popup message in IE that states "You are about to be redirected to a connection that is not secure."
    Are there some additional configurations that I need to do in EP to make this go away?
    Maximum points to the first correct answer.

    You can change logoff URL to any value:
    http://help.sap.com/saphelp_nw04s/helpdata/en/44/aada5230be5e77e10000000a155369/frameset.htm
    Regarding VC apps.
    It is strange you cannot see HTTP in the IEWatch. IE should not be able to alert about something it does not see. I suggest you to use something more substantial to trace network calls: http://www.wireshark.org
    This is the best tool I know for network tracing.
    Regards,
    Slava

  • Implementing Java SSL in 10g database: Cannot find trusted cert

    I am currently running a 10g database, with java procedures stored in it. One of these creates a SSL connection so that it can extract data. After numerous problems and snags along the way, I can't figure this one out. When the java tries to create a connection, I get a SSLHandshake exception, and it says that a trusted certificate cannot be found. I am familiar with the keytool, but when I run it and import the proper certificate, it creates a .keystore file in my home directory of the user I am logged into, on the server that I am logged into. Does anyone know where the JVM of the database looks for the .keystore file? I'm pretty sure the problem is it is just looking in the wrong place. Any input is appreciated.
    Thanks
    Wes H.

    Hi,
    I am also facing the exact same issue, any help will be appreciated.
    Thanks!

  • Getting standard Java SSL implementation to work with Weblogic

    JDK 1.3.1
    Weblogic 7.03
    I need to allow for code within my WLS application to act as a SSL client to a remote Web service.
    For standalone (non-WLS) code, I am using the standard Sun provided SSL implementation libraries (using jsse.jar, jcert.jar, and jnet.jar place in JRE_HOME/lib/ext), along with the appropriate changes to the JRE_HOME/lib/security/java.security file (security.provider.3=com.sun.net.ssl.internal.ssl.Provider) and the -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol setting on the Java command line. That works fine.
    However, if I attempt to provide the -D option on my Weblogic server Java command line, it gives me an out of memory error. My thinking was that the settings for the JRE would work but they don't seem to.
    My question is how does one set up Weblogic server apps. to successfully act as SSL clients in a static way via configuration files? Can this only be done dynamically?
    Thanks,
    Wes

    JDK 1.3.1
    Weblogic 7.03
    I need to allow for code within my WLS application to act as a SSL client to a remote Web service.
    For standalone (non-WLS) code, I am using the standard Sun provided SSL implementation libraries (using jsse.jar, jcert.jar, and jnet.jar place in JRE_HOME/lib/ext), along with the appropriate changes to the JRE_HOME/lib/security/java.security file (security.provider.3=com.sun.net.ssl.internal.ssl.Provider) and the -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol setting on the Java command line. That works fine.
    However, if I attempt to provide the -D option on my Weblogic server Java command line, it gives me an out of memory error. My thinking was that the settings for the JRE would work but they don't seem to.
    My question is how does one set up Weblogic server apps. to successfully act as SSL clients in a static way via configuration files? Can this only be done dynamically?
    Thanks,
    Wes

  • WebAccess and SSL setup

    Hi all: I just moved our webaccess server from our old bordermanager server (gateway in a secondary domain) to our groupwise server 8.0.2 (primary domain) behind the firewall. I did this as we will be decommissioning our BM server sometime in the future. Webaccess now runs on an OES2 sp3 server.
    I have WebAccess setup the running, but for some reason I cannot get SSL working with the correct certificate. Currently webaccess is using the server certificate from our internal CA, while I want it to use a signed certificate from godaddy. I have setup the webaccess gateway with the godaddy signed certificate (pfx) via consoleone. This is how I had set it up when it was running on our BM server. However, webaccess is not using the godaddy certificate.
    I am no SSL expert and just do it enough to get by, like once every 2 years.
    Thanks for the assistance, Chris.

    Like this:
    http://www.novell.com/documentation/...a/a7q514o.html
    Yes. Did not find a discussion on SSL certs. I have found lots of discussions on SSL redirection and the like, but not on SSL certificates.
    >>> Michael Bell<[email protected]> 3/23/2012 10:42 AM >>>
    On 3/23/2012 5:47 AM, Chris wrote:
    > Hi all: I just moved our webaccess server from our old bordermanager
    > server (gateway in a secondary domain) to our groupwise server 8.0.2
    > (primary domain) behind the firewall. I did this as we will be
    > decommissioning our BM server sometime in the future. Webaccess now runs
    > on an OES2 sp3 server.
    > I have WebAccess setup the running, but for some reason I cannot get SSL
    > working with the correct certificate. Currently webaccess is using the
    > server certificate from our internal CA, while I want it to use a signed
    > certificate from godaddy. I have setup the webaccess gateway with the
    > godaddy signed certificate (pfx) via consoleone. This is how I had set
    > it up when it was running on our BM server. However, webaccess is not
    > using the godaddy certificate.
    > I am no SSL expert and just do it enough to get by, like once every 2
    > years.
    > Thanks for the assistance, Chris.
    Did you read the (quite good) documentation on how to use SSL certs with GW?

  • Java ssl and root certificate

    We use JAVA as a client for secure SSL connection. For this is a SSL root certificate necessary, if not, the SSL handshake fails due the trust relationship.
    SUN introduced the feature in version 1.5, that JAVA can use OS keystore and grab ROOT certificate from there.
    Unfortunately, this is not working anymore with JAVA 1.6 and if the ROOT is not present in JAVA keystore, the SSL handsake fails. Once the ROOT is imported in JAVA keystore, the SSL works fine. SUN JAVA 1.5 works fine with same environment and ROOT does not need to be in JAVA keystore.
    The failed SSL handsake is visible in Ethereal Sniffing log and is always reproducible.
    Please, are there known issues, that SUN JAVA 1.6.x can not use OS keystore, but only JAVA keystore ? Are there any reported bugs ?

    Right.  Hopefully you've gotten acquainted with this:
    http://technet.microsoft.com/en-us/library/ee126140(v=ws.10).aspx
    Is the CA on the DC also issuing certs, or is it just the Enterprise Root and there are subordinates issuing certs?  I ask because if it's just the Enterprise Root but not actually issuing certs, that simplifies things greatly.  If it's issuing
    certs, one thing to research is what certs are currently issued, how often they are renewed, and what they are used for.  This will give you an idea how much risk you're looking at during cutover. 
    To address the specific question of what happens to a desktop that has been offline during the cutover, as I understand it the desktop will pull the new PKI information (new AIA path, new CDP if that gets changed) from AD when it comes back online. 
    This data is stored in "CN=Public Key Services,CN=Services,CN=Configuration,DC=Domain,DC=COM" in AD.  In a nutshell, it should be seamless to that particular client.

Maybe you are looking for

  • Printing different URL with javascript

    I am trying to print a URL using javascript but i do not want to print the current page. I have searched google, this forum and a javascript book and can not seem to figure it out. To exlplain in it generic terms i want to be on one page and tell it

  • InDesign Borders

    I'm facing a major frustration, and I'm wondering if there's already a solution, or if this needs to be a new feature to be implemented in future InDesign versions. Adobe Illustrator has a wonderful palette for brushes which can be used as borders fo

  • Add Google Hangouts to Firefox Share

    I like the new Firefox Share feature. But the service I'd use it most with - Google Hangouts - doesn't seem to be an option. Is there a way to add this I haven't found yet? If not, please consider this a feature request. And, is there an official pla

  • Virtual providers

    Hi gurus What is virtual info object and key figure. How it works in a report ?

  • How to uninstall magic jack?

    how do i completely uninstall magic jack software from my macbook pro 5,3, OS 10.6.8? I tried using the instructions from the website and it did not work.