Livecycle on Websphere 6.1--configuring SSL problem

I have installed and set up adobe livecycle es 8.2 on websphere on an AIX platform. I'm on page 27 of the Administering Livecycle ES guide but have hit a brick wall in regards to the SSL implementation part.
I have an existing websphere DMGR console that i have security enabled on. The first parts of the document are not at all what I have already set up and have working and would undo some of my current settings. I browse through to step 25 and its now saying I should be logging into my admin console with the username and password I set up in step 2
NO.. I already have security enabled and have a login and password set up that I use.
It appears that the documentation for this part of the guide is not correct for websphere 6.1 and wants me to overwrite my current security settings

Configuring SSL is a purely WebSphere Application Server (AS) administrative task.
Although LiveCycle's documentation provides you with instructions on how to configure WebSphere AS for SSL, it is better if it is done based on your IT shop's WebSphere security policies. This is because in many cases, Adobe's instructions might run counter to your IT organization's procedures.
Also, verify that SSL works by using a non-LiveCycle application so that LiveCycle is kept out off the picture while SSL is being configured.
If configured properly, http://server:port/adminui should work as well as https://server:port/adminui.

Similar Messages

Configure SSL in J2SE Plain adapter

I tryed to configure SSL in J2SE Plain adapter. (7.0)
I've generated a certificate file "certif_file.cer" and
while I put in GUIBrowserEngine Property File the following
line:
HTTP.SSLcertificate=F:\tech_adapter_70\certif_file.cer
I've got the following error message:
16:19:10 : Error(s) in GUIBrowserEngine configuration
parameters found:
ERROR: Certificate file 'F: ech_adapter_70certif_file.cer' not
found, must quit!
It seems that something wrong with my definition of full path
to this file. But I do not find from SAP Library any solution
about this problem.
Could you help me?

Hi Boris,
Please try to give the full path using backslash '/' :
e.g. F:/tech_adapter_70/certif_file.cer
I hope it will work.
 The J2SE Adapter Engine uses SSL only for communication line encryption, not for client and server authentications. Since this is a drawback with respect to security, you should use the J2EE Adapter Engine in insecure environments.
 All configuration data for the Plain J2SE Adapter Engine is maintained in flat property files.The file for the engine administration data itself is located in the following directory:
<installation directory>/tech_adapter/BaseConfiguration
The file for the adapter configuration data is located in the following directory:
<installation directory>/tech_adapter/Configuration
 The adapters of the Plain J2SE Adapter Engine are configured locally and not in the Integration Directory. Exchanged messages are also stored directly in the file system.
Therefore, ensure that only the operating system user, who has started and therefore owns the adapter engine process, can read the property files and has access to the directories used for message exchange.
*Pls: Reward points if helpful*
Regards,
Jyoti
Edited by: Jyoti Acharya on Dec 19, 2007 5:05 PM

SOAP RECEIVER SSL Problems

Dear Community,
I have configured a SOAP Receiver to an external web service (https://server:7002/service). I have use IE to get the certificate of the server and have imported it into the keystore of the j2ee (using VA). I have imported it to the all current views available. We have SAP PI 7.0 SP18. The problem is that the SSL handshaking is not performed correctly. I have placed a tcp gateway monitor tool to see the messages pass through. As soon as the first message is send to the above URL and a response is received, I get a XIAdapter/HTTP/ADAPTER.HTTP_EXCEPTION - HTTP 500 Internal Server Error. Also, in the default trace log I get a no private key found.... Do I need extra steps to configure SSL in the SOAP Receiver? The service does not required a Client authentication certificate and has a certificate with o CA root certificate (since this is only a test system and has issued its own certificate). Any ideas? Any help will be appreciated.
Regards,
S.Socratous

Hello,
Generally it's a connectivity behaviour. Check if you have setup the connection to
the receiver and also check the explanation regarding 500 Internal Server Errors:
*Description: The server encountered an unexpected condition which prevented it from fulfilling the request.
Possible Tips: Have a look into SAP Notes u2013 804124, 807000*
It may be also a problem with the SSL certificate. So, check if it's not expired;
The correct server certificate may be not present in the TrustedCA keystore view of NWA .
Please ensure you have done all the steps described in these url (this is for 7.11):
Security Configuration at Message Level
http://help.sap.com/saphelp_nwpi711/helpdata/en/48/d1c7e690d75430e100000
00a42189b/frameset.htm
You may have not imported the certificate chain in the correct order (Own -> Intermediate -> Root);
Last, if the end point of the SOAP Call(Server) is configured to accept
a client certificate(mandatory), then make sure that it is configured
correctly in the SOAP channel and it is also within validity period.
(This certificate is the one which is sent to Server for Client
authentication)
Hope that helps.
With regards,
Caio Cagnani

NPE when configuring SSL in 9.2

Hi all,
I'm trying to configure SSL on WLS 9.2 mp4 but am getting a NullPointerException with no additional helpful information.
I'm using "Custom Identity and Java Standard Trust." I think the location, type, and password of my identity keystore are correct.
This is the output I'm getting:
####<Jun 7, 2011 11:02:05 AM CDT> <Debug> <SecuritySSL> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1307462525894> <000000> <SSLContextManager: initializing SSL context for channel DefaultSecure>
####<Jun 7, 2011 11:02:05 AM CDT> <Debug> <SecuritySSL> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1307462525894> <000000> <SSLContextManager: loading server SSL identity>
####<Jun 7, 2011 11:02:05 AM CDT> <Debug> <SecurityEncryptionService> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1307462525894> <000000> <1307462525894 : [ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)' : starting decrypt operation>
####<Jun 7, 2011 11:02:05 AM CDT> <Debug> <SecurityEncryptionService> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1307462525894> <000000> <1307462525894 : [ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)' : done with decrypt operation>
####<Jun 7, 2011 11:02:05 AM CDT> <Notice> <Security> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1307462525894> <BEA-090171> <Loading the identity certificate and private key stored under the alias weblogicssl from the JKS keystore file c:\projects\ssl\keystore.>
####<Jun 7, 2011 11:02:05 AM CDT> <Error> <WebLogicServer> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1307462525894> <BEA-000297> <Inconsistent security configuration, java.lang.NullPointerException>
####<Jun 7, 2011 11:02:05 AM CDT> <Error> <Server> <PCSHPQL0089851> <admin> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1307462525894> <BEA-002618> <An invalid attempt was made to configure a channel for unconfigured protocol "null".>
I've turned on all the debug output I can find.
I also wrote a little java program that reads the keystore and prints out its contents. Nothing looks wrong to me. I also tried using a known-good keystore from one of our other servers, both in my test app and in WL. Test app shows the same output for both stores with the exception of the things I expect to be different, like DN. WL also fails with the same error.
Any idea what the problem is or how to debug this further?
thanks

Thanks for the response.
That is the correct name. I should probably change it to keystore.jks but I was following the example of the common trust store named cacerts.
SSL is enabled with port 7002.
JVM versions are the same.
Keytool works fine with it. It shows 1 cert, which is what I expect. The alias is correct. I know the keystore password but I don't know the private key password. I might try generating a new pw and make sure to set and remember a pw on the key itself.
thanks

Unable to configure SSL certificate on Apex

I am trying to configure ssl certificate in one apex application.
http://docs.tpu.ru/docs/oracle/en/oas/10.1.2.0.0/web.1012/b14007/ssl.htm#i1031859
as per the above document first step is create a wallet with SSL certificate information.
While creating wallet i am trying to import the CA certificate and User Certificate.
But i am not able to import the certificates properly. I am getting error messages.
Error Message :
User certificate installation failed
Possible Errors;
-- Input was not a valid certificate.
-- No matching certificate was found
-- CA certificate is needed for certificate chain not found please install it first.
What could be the reason for this. and solution for this problem ?

Yes I am using OWM ( Oracle Wallet Manager)
First I have created a new wallet and then i did create service request.
Then Import user certificate and import CA certitificates are enabled.
Then tried to import the certificates above mentioned errors are coming.....
Yes first i imported the CA certificate then i imported the user certificate using the wallet manager. I used the copy - paste certificate method while importing.
Any how if do import user certificate first it will show an error saying install ca certificate first.
Message was edited by:
Santhosh Kumar T

SSL-Problems when setting up a test environment with Exchange

Hello everyone,
I am trying to set up a test environment with Exchange 2013 to learn how the stuff works. However, I am facing some problems due to the fact that Exchange is designed for use with SSL certificates. The main thing that makes problems is the connection with
RPC over HTTP. I've used the MS remote connectivity analyzer to find out why it is not working and as I thought it is because of a missing SSL certificate (it seems the self signed doesn't work here). Now in order to get this working I just bought a certificate
for "mydomain.com". Now here is the first problem: This certificate is NOT a wildcard certificate. So if I understood correctly it works for mydomain.com but it won't work for subdomain.mydomain.com. Is this correct? (First question)
If this is correct I will probably another problem: As I said this is a learning-environment so the server is at home behind a router. This means: Only one WAN-IP. I think could get this working by forwarding everything to the Exchange Server (like mydomain.com
goes to the WAN-IP where the router is forwarding everything like port 25 or 443 directly to the exchange Server). This way I wouldn't have any problems I think: mydomain.com has a valid SSL cert, it resolves to my WAN-IP which forwards everything to the internal
Exchange Server. Now here is the problem: I plan to setup a SharePoint Server as well. I thought about using ARR (IIS) to make both available behind the same WAN-IP without using ports inside the url. Ideally the Exchange Server should then be available via
"mail.mydomain.com". This will work fine with ARR but then I probably have SSL problems again? (second question)
Do you have any ideas what I can do to solve such problems? Should I buy another certificate for mail.mydomain.com? But then I would need to buy several certificates (e.g. for autodiscover.mydomain.com to get this working as well). This can become very expensive...
Thanks!
Regards
Christian

Hi,
For your first question, if there is a single certificate just for “mydomain.com”, it cannot work for subdomain.mydomain.com.
Generally, antodiscover.domain.com is used to access the autodiscover service for external users. If you just need test users to access Exchange server from internal environment, it is not necessary to get a certificate for autodiscover.domain.com.
Therefore, for your second question what I can ensure is that if all URLs that used to connect Exchange from internal and external are configured to mail.mydomain.com with all services(IIS,SMTP,POP,IMAP), there will be no certificate problems in Exchange
side.
Best Regards,
Winnie Liang
TechNet Community Support

Configuring SSL to make a HTTPS web Service call from XI

Hi All,
We are making a https web service call using soap adapter from XI. Looking at the various posts and SAP help links, we are configuring SSL for the same.
The procedure given in SAP help has been followed to configure SSL but with no luck. If someone had done this could you please give a step by step procedure to configure SSL, we might have missed out on something.
Also are there are any other settings apart from SSL to be done to make a https web service call using soap adapter from XI.
Cheers,
Chandra

user13046122 wrote:
I have an old pl/sql "helper" package, originally written to make SOAP Web Service calls from the database - it uses UTL_HTTP to invoke the target services.
I now need to make SOAP Web Service calls - from an 8.1.7.4 database
But the version of UTL_HTTP inside 8.1.7.4 does not contain the functions needed in the helper package
Can anybody suggest a means of making SOAP Web Service calls from an 8.1.7.4 database ?I think you'll be very lucky to find anyone here who still has access to a version of Oracle that is that old.... I mean... that's like what? 15 years old at least? I'm surprised you've still got hardware that can run that.
It would probably help if you could post what code you've got and explain which function(s) it's complaining about, as I doubt people will want to guess.

Error while configuring SSL in OID 11g - LDAP 50 Insufficient Access rights

HI,
I am trying to configure SSL in OID 11g.As per the doc http://download.oracle.com/docs/cd/E12839_01/oid.1111/e10029/ssl.htm#CBHGBGAF ,i tried creating a Self-Signed Wallte using Fusion Middleware control,But i am getting an error LDAP 50: Insufficient access rights".I logged into Fusion Middle Ware control as Weblogic user.Is anybody faced this issue?.Thanks in advance.

I am not sure how you tried, but I would recommend to do the following...
1. Add the 'user1' to "OU=Franchisees,ou=People,dc=company,dc=com"
2. Delete the 'user1' from 'OU=Internal,ou=People,dc=company,dc=com'

Do i have to configure ssl on cisco unified provisioning manager for it to work. I am running BE6000 9.X

Do i have to configure ssl on cisco unified provisioning manager for it to work

Here is the code
#include <userint.h>
#include "iface.h"
#define DAQmxErrChk(functionCall) if( DAQmxFailed(error=(functionCall)) ) goto Error; else
int write_onoff(uInt8 HL, const char linename[])
int error=0; // error code (initialized to zero i.e. no error)
TaskHandle taskHandle=0; // task ID for DAQmx
char errBuff[2048]={'\0'}; // error message
// DAQmx Configure Code
SetWaitCursor(1);
DAQmxErrChk(DAQmxCreateTask("", &taskHandle));
DAQmxErrChk(DAQmxCreateDOChan(taskHandle, linename, "", DAQmx_Val_ChanPerLine ));
// DAQmx Start Code
DAQmxErrChk(DAQmxStartTask(taskHandle));
// DAQmx Write Code
DAQmxErrChk(DAQmxWriteDigitalU8(taskHandle, 1, 1, 10.0, DAQmx_Val_GroupByChannel, &HL, NULL, NULL));
Error:
 SetWaitCursor(0);
 if (DAQmxFailed(error)) DAQmxGetExtendedErrorInfo(errBuff, 2048);
 if (taskHandle!=0)
 // DAQmx Stop Code
 DAQmxStopTask(taskHandle);
 DAQmxClearTask(taskHandle);
 if (DAQmxFailed(error)) MessagePopup("DAQmx Error", errBuff);
return error;
} // end write_digital_line
int CVICALLBACK test (int panel, int control, int event, void *callbackData, int eventData1, int eventData2)
uInt8 onoff=0;
if (event==EVENT_COMMIT)
 GetCtrlVal(panel, control, &onoff);
 write_onoff(onoff, "Dev1/port0/line0");
return 0; // return 0 to tell the system the message has been handled

Configuring SSL in Oracle Apps 11.5.10.2

Hi,
I am in the process of configuring SSL in oracle apps 11.5.10.2.
I am a bit confused with the Note ID: 123718.1. Could you please clarify me on the below things?
1. SSL can be implemented at three levels,
(a) Oracle Web/Apache Server Level
(b) Oracle Form Server Level
(c) Oracle Database Level
Can Implement SSL on any one or any two component levels? As per Note:123718.1, we MUST configure SSL for both the Oracle HTTP Server and Oracle Forms Level and these cannot be configured independently.
2. As per the Note ID: 123718.1, Option 2.1. Certificate Provisioning for Oracle HTTP Server
Point b in point 2 says to execute "$OPENSSL_TOP/bin/openssl sha1 or* > $HOME/.rnd"
But which will be the OPENSSL_TOP?
Please advise on these above two queries.
Thanks in advance
Regards,
Sravan

Thanks Hussien,
I have completed SSL configuration at all level including database. Forms are not getting launched. I am getting below error in the Java Console.
Java Plug-in 1.6.0_23
Using JRE version 1.6.0_23-b05 Java HotSpot(TM) Client VM
User home directory = C:\Documents and Settings\sdalav
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
proxyHost=null
proxyPort=0
connectMode=HTTPS
Exception in thread "thread applet-oracle.forms.engine.Main-2" java.lang.NoClassDefFoundError: oracle/security/ssl/OracleSSLSocketFactory
 at oracle.forms.net.HTTPSStream.<init>(Unknown Source)
 at oracle.forms.net.HTTPConnection.connect(Unknown Source)
 at oracle.forms.engine.Runform.initConnection(Unknown Source)
 at oracle.forms.engine.Runform.startRunform(Unknown Source)
 at oracle.forms.engine.Main.createRunform(Unknown Source)
 at oracle.forms.engine.Main.start(Unknown Source)
 at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
 at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.ClassNotFoundException: oracle.security.ssl.OracleSSLSocketFactory
 at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
 at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
 at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
 at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
 at java.lang.ClassLoader.loadClass(Unknown Source)
 ... 8 more
Caused by: java.io.IOException: open HTTP connection failed:https://sandispa.bp.com:8443/OA_JAVA/oracle/security/ssl/OracleSSLSocketFactory.class
 at sun.plugin2.applet.Applet2ClassLoader.getBytes(Unknown Source)
 at sun.plugin2.applet.Applet2ClassLoader.access$000(Unknown Source)
 at sun.plugin2.applet.Applet2ClassLoader$1.run(Unknown Source)
 at java.security.AccessController.doPrivileged(Native Method)
 ... 13 more
Thanks,
Sravan

Need info to configure SSL for Portal Server in EP6SP2

Hello,
We need to configure SSL for Portal Server. We are using J2EE 6.20 Patch 25 and EP6SP2P4. The ITS is already using https and it creats lots of Session issues since Portal is not in https.
Is there any OSS Note or How to guide to configure Portal to use SSL.
Thanks.
- PK

Hi Marcel,
Thanx for your Post, I have a Question, we will use CISCO for load balancing and SSL termination but I have a big issue, the URL in the portal applciation is always the same ant the URL in the borwser, I guess al the other URL´s are in the Frames, how will we configure the SSL termination for the login page in example if the URL in the Browser appears always the same?
Thanx in Advanced!!!

Configure SSL Throughout Portal in 10.1.2.0.2

My installation is going to contain both the Infrastructure (IM, SSO) as well as the Middle-tier (Portal) and I want to later configure SSL. Oracle says in the documentation that the servername must be different for each home. I'm thinking that I will use the hosts file to alias the IP address but I'm not sure if the installer looks at the file or somewhere in the system to get the machine name. I don't want to change the machine name after the infrastructure installation has completed but I can change the hosts file and the order of the alias names. Has anyone successfully done this before that can point me in the right direction?
Thanks,
Denise

I've looked at the tool but my concern is having the infrastructure & midtier on the same box. I want to make sure that the initial installation is correct since each installation requires a different server name for ssl to work.
Has anyone done this and gotten it to work? Suggestions, or things to look out for?
Thanks,
Denise

How to configure SSL for SOA BPM/Webcenter 11.1.1.3

Hi,
I have installed BPM 11.1.1.3 and Webcenter 11.1.1.3 in the same HOME. First installed BPM and then extended the domain for webcenter. During the installation I selected the SSL check-box also. Now how do I disable the HTTP and enable only HTTPS. I need to configure SSL can someone please provide some steps or a link to some document around SSL configuration of BPM/Webcenter 11.1.1.3.
Thanks

Hi,
Anyone I too am looking for the same info.
Thanks

HT201412 I have a problem connecting to the server (SSL problem) on my new Apple ipad. I was supplied with a new ID password, but I am unable to get into my settings and email. Could someone please offer a suggestion? Thanks! A.A.

I have a problem connecting to the server (SSL problem) on my new Apple Ipad (iOS6). When submitting my Apple ID password, I am prevented from signing in to a secure connection due to an SSL problem. Any suggestions ?? Thank you!

Sounds more like you have a problem with your apple id. For starters go to that page click manage my apple id and singn in. If you can't sign in reset password.
https://appleid.apple.com
if you can sign in there, try to sign in to itunes on your computer.

SSL problems

Hi,
what about this error:
Error: Timeout occurred whilst retrieving page meta data.
I'm trying to connect with Oracle Portal 3.0.9 installed into my Win2000 Server SP1.
I've follow all steps that Paul Encarnacion describes in
http://technet.oracle.com:89/ubb/Forum83/HTML/000007-2.html
to configure 9i AS to enable HTTPS.
Please, help me.

Hi,
I know this is probably not the best place to ask my question
but I have exhausted all the possible means to get help. For
those of you who have successfully configured SSL to work with
Portal, please also check if you can do the following:
1) Login as portal30, go to portal using "https://...". Now try
to Add New User from inside and outside of your firewall.
2) Login as portal30, go to portal using "https://...".Go
to "Home -> Navigator -> Applications" and try clicking on any
links on that page from inside and outside of the firewall.
For some wierd reasons, it everything works perfectly for some
computer on all of the scenario. But for some, those
administrative functions (1) and (2) above always returns "Page
Not Found Error". All pointers are greatly appreciated.
Thanks very much in advance,
Victoria.

Livecycle on Websphere 6.1--configuring SSL problem

Similar Messages

Maybe you are looking for