Mutual SSL Authentication

Hi,
We are trying to implement Mutual SSL Authentication in our environment with Reverse Proxy and the Client's Browser.
Can anybody help me out in this.
We are using OAM

Make sure the following for reverse proxy:
1. make sure the webserver that uses reverse proxy accepts requests from reverse proxies.
2. update the virtual hosts configured in the policy manager
3. prevent people from using the direct url, u can use web server ACL's
4.redirect all existing URL's to reverse proxy hostname with port
5. deploy enough proxy servers to handle the load
Thanks.
Subhani Shaik

Similar Messages

SSL authentication

Hello
I am configuring ssl authentication ( document oracle support 736510.1)
But when doing tnsping from client side i have an tns-12560
[oracle@testrac3 admin]$ tnsping TEST
TNS Ping Utility for Linux: Version 11.2.0.3.0 - Production on 17-JUN-2013 10:04:14
Copyright (c) 1997, 2011, Oracle. All rights reserved.
Used parameter files:
/opt/app/oracle/product/11.2.0.3/db/network/admin/sqlnet.ora
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST = testrac1.XX.XX)(PORT =2484)) (SECURITY= (SSL_SERVER_CERT_DN=CN=dbasecurityRoot,O=dbasecurity,C=US)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME= TEST.XXX.XXX)))
TNS-12560: TNS:protocol adapter error
Can someone give me an help
Best regards

Hi, djoloff,
I already answered in this thread, may be it will help.
https://forums.oracle.com/thread/2527585

Connecting Using SSL Authentication Without Username and Password

Hi,
We're on RedHat Linux 4.0 using 10.2.0.3 (server/client). We're trying to figure out a way to connect to the database using instantclient and JDBC-OCI and SSL authentication without using a username or password. According to the documentation this should be possible but no sample code is given.
LD_LIBRARY_PATH is set /opt/app/oracle/product/10.2.0/db_1/lib:/usr/lib:/home/oracle/instantclient where the instantclient was installed from the 10.2.0.1 client software
and we are using JDK version 1.6.0_03.
We're also referencing the following paper:
http://www.oracle.com/technology/tech/java/sqlj_jdbc/pdf/wp-oracle-jdbc_thin_ssl_2007.pdf
We've got our client and server wallets configured and the sample code we tried looks like this:
import java.sql.*;
import java.sql.*;
import java.io.*;
import java.util.*;
import oracle.net.ns.*;
import oracle.net.ano.*;
import oracle.jdbc.*;
import oracle.jdbc.pool.*;
import java.security.*;
import oracle.jdbc.pool.OracleDataSource;
public static void main(String[] argv) throws Exception {
DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
Security.addProvider(new oracle.security.pki.OraclePKIProvider());
System.setProperty("oracle.net.tns_admin", "/opt/app/oracle/product/10.2.0/db_1/network/admin");
String url = "jdbc:oracle:thin:@orcl";
java.util.Properties props = new java.util.Properties();
props.setProperty("oracle.net.authentication_services","(TCPS)");
props.setProperty("javax.net.ssl.trustStore",
"/opt/app/oracle/product/10.2.0/db_1/admin/wallet/server/cwallet.sso");
props.setProperty("javax.net.ssl.trustStoreType","SSO");
props.setProperty("javax.net.ssl.keyStore", "/opt/app/oracle/product/10.2.0/db_1/admin/wallet/client/cwallet.sso");
props.setProperty("javax.net.ssl.keyStoreType","SSO");
props.put ("oracle.net.ssl_version","3.0");
props.put ("oracle.net.wallet_location", "(SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=/opt/app/oracle/product/10.2.0/db_1/admin/wallet/client)))");
System.out.println("At Here...");
OracleDataSource ods = new OracleDataSource();
//ods.setUser("scott");
//ods.setPassword("tiger");
ods.setURL(url);
ods.setConnectionProperties(props);
System.out.println("At Here1...");
Connection conn = ods.getConnection();
System.out.println("At Here2...");
Statement stmt = conn.createStatement();
ResultSet rset = stmt.executeQuery("select 'Hello Thin driver SSL "
+ "tester ' from dual");
while (rset.next())
System.out.println(rset.getString(1));
rset.close();
stmt.close();
conn.close();
When this code is compiled and run, the following error is thrown:
Exception in thread "main" java.sql.SQLException: invalid arguments in call
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:112)
If a username and password is supplied, the code works. So does anyone have a working of using SSL to authenticate without supplying username/password?
Thanks
mohammed

Hi,
I just solved this. I noticed from another thread that I was not using the OCI driver (see below):
String url = "jdbc:oracle:thin:@pki14";
Once I changed it to:
String url = "jdbc:oracle:oci:@pki14";
The code worked perfectly. One more setting that you'll have to do is to create the user you want to connect as externally:
create user scott identified externally as
'CN=acme, OU=development, O=acme, C=US';
grant connect,create session to scott;
Note that the DN should be the same as the SSL certificate that you created in your wallet.
hth
mohammed

Java sp 2-way SSL authentication

I've written a java stored proc that uses JSSE to implement an HTTPS client to a partner's server. In the past, this strategy has worked well, and we have several successful projects under our belts.
This time, the partner's server is configured for 2-way ssl authentication. When I try to open the connection from my client, it is reporting-
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate.
I'm not 100% sure what that means, but I think that it means the server is asking for a public cert from the client, and it isn't happy with what it is getting back.
Can anyone tell me how to configure the client-side cert in a way that will make it available for my java code running in the Oracle JVM. I understand how to set up the keystore so that it is available for Tomcat, for example, but I'm at a loss to find how to setup client certs for access within an Oracle Java Stored Procedure...
I hope that I have explained this clearly. If I need to provide more information, just ask.
Thanks in advance for any help.
Cole

http://www.weblogic.com/docs51/classdocs/API_acl.html
Michael Girdley
BEA Systems Inc
"gennot" <[email protected]> wrote in message
news:[email protected]..
Could you send me the complete URL of these example, please?
Thanks
Enrico
Michael Girdley <[email protected]> wrote in message
39b87078$[email protected]..
The passing of the client's certificate should be automatic to WebLogic.We
have an example of getting the client side certificate from inside of
WebLogic in our documentation.
This does not require for SSL to be used from the Web server to
WebLogic.
>>
Thanks,
Michael
Michael Girdley
BEA Systems Inc
"Bob Simonoff" <[email protected]> wrote in message
news:[email protected]..
I have read through the docs and haven't found anything that would
address
the following confusion:
Suppose I want to use Apache or IPlanet as the webserver with WebLogicas
the back end application server (obviously). I have the need to use 2way
SSL authentication. As I understand it the following applies:
Client (browser) has a certificate as does the web server. Theyauthenticate
each other.
Now, the web server and weblogic need to communicate. WebLogic, in our
environment does authentication via the security realm.
What do I have to do to get the the web server (Apache or IPlanet) to
communicate the client's certificate to WebLogic so the WebLogic canperform
the authentication?
Does the communication between the web server and WebLogic also need
to
be
SSL?
Thanks
Bob Simonoff

SSL authentication between business connectoe and other system

Hi every1,
One system has to be connected to SAP BC(Business connector). I want to know how to setup the connectivity between these two systems. Also I want to know how to handel the SSL authentication between these two systems with complete details for how to do this.
Thankx in advance.
Regards
Karan

Hi Karan,
Find everything related to SAPBC at http://service.sap.com/connectors _> SAP business connector.
For SSL check
http://service.sap.com/connectors _> SAP business connector -> Tools and Services -> SSL Version.
Regards
Juan

SSL authentication Connectivity using Oracle JDK1.3

Please let me know whether Oracle JDK1.3 will support the SSL authentication Connectivity.
If not what is the workaround to make the SSL authentication connectivity work
in oracle JDK 1.3
since this urgent,Please let us know this information at the earliest

Hi,
Oracle furnish an embedded Java VM with the database but does not furnish JDKs; there is no such a thing as Oracle JDK 1.3.
You are probably referring to JDBC but which release?
SSL Authentication is supported in JDBC-Thin 11g and JDBC-OCI pre-11g.
Kuassi http://db360.blogspot.com

Configuring SSL Authentication

I am attempting to set up SSL authentication in a test environment with Oracle 9.2 on Windows XP. When I try to connect the client I get ORA-28862: SSL connection failed. I switched on client tracing which appears to show that the wallet is being opened successfully but the connection fails on the SSL handshake with ORA-28862 and a minor code of 542. Where can I find out what this minor code means? There doesn't appear to be any further indication of what the problem might be in the trace file but here is the section with the handshake error, any assistance gratefully received:
[04-DEC-2008 18:44:40:795] ntzCreateConnection: performing NZOS handshake - pass 1
[04-DEC-2008 18:44:40:795] nzos_Handshake: entry
[04-DEC-2008 18:44:40:795] nttwr: entry
[04-DEC-2008 18:44:40:795] nttwr: socket 1772 had bytes written=51
[04-DEC-2008 18:44:40:795] nttwr: exit
[04-DEC-2008 18:44:40:795] nttrd: entry
[04-DEC-2008 18:44:40:795] ntt2err: entry
[04-DEC-2008 18:44:40:795] ntt2err: soc 1772 error - operation=5, ntresnt[0]=530, ntresnt[1]=53, ntresnt[2]=0
[04-DEC-2008 18:44:40:795] ntt2err: exit
[04-DEC-2008 18:44:40:795] nttrd: exit
[04-DEC-2008 18:44:40:795] nzos_Handshake: exit
[04-DEC-2008 18:44:40:795] ntzCreateConnection: SSL handshake failed with error 28862.
[04-DEC-2008 18:44:40:795] ntzchknb: entry
[04-DEC-2008 18:44:40:795] nttctl: entry
[04-DEC-2008 18:44:40:795] nttctl: Setting connection into async mode
[04-DEC-2008 18:44:40:795] ntzchknb: exit
[04-DEC-2008 18:44:40:795] ntzchknb: entry
[04-DEC-2008 18:44:40:795] nttctl: entry
[04-DEC-2008 18:44:40:795] nttctl: Setting connection into callback mode
[04-DEC-2008 18:44:40:795] ntzchknb: exit
[04-DEC-2008 18:44:40:795] ntzCreateConnection: returning NZ error 28862 in result structure
[04-DEC-2008 18:44:40:795] ntzCreateConnection: failed with error 542
[04-DEC-2008 18:44:40:795] ntzCreateConnection: exit
[04-DEC-2008 18:44:40:795] ntzdisconnect: entry
[04-DEC-2008 18:44:40:795] ntzFreeNTZData: entry
[04-DEC-2008 18:44:40:795] ntzFreeNTZData: exit
[04-DEC-2008 18:44:40:795] nttdisc: entry
[04-DEC-2008 18:44:40:795] nttdisc: exit
[04-DEC-2008 18:44:40:795] ntzdisconnect: exit
[04-DEC-2008 18:44:40:795] ntzconnect: failed with error 542
[04-DEC-2008 18:44:40:795] ntzconnect: exit
[04-DEC-2008 18:44:40:795] nserror: entry
[04-DEC-2008 18:44:40:795] nserror: nsres: id=0, op=65, ns=12560, ns2=0; nt[0]=28862, nt[1]=542, nt[2]=0; ora[0]=28862, ora[1]=0, ora[2]=0
[04-DEC-2008 18:44:40:795] nsopen: unable to open transport
[04-DEC-2008 18:44:40:795] nsbfr: entry
[04-DEC-2008 18:44:40:795] nsbfr: normal exit
[04-DEC-2008 18:44:40:795] nsbfr: entry
[04-DEC-2008 18:44:40:795] nsbfr: normal exit
[04-DEC-2008 18:44:40:795] nsmfr: entry
[04-DEC-2008 18:44:40:795] nsmfr: 2348 bytes at 0xdee0b8
[04-DEC-2008 18:44:40:795] nsmfr: normal exit
[04-DEC-2008 18:44:40:795] nsmfr: entry
[04-DEC-2008 18:44:40:795] nsmfr: 492 bytes at 0xdbd2d0
[04-DEC-2008 18:44:40:795] nsmfr: normal exit
[04-DEC-2008 18:44:40:795] nsopen: error exit
[04-DEC-2008 18:44:40:795] nsclose: entry
[04-DEC-2008 18:44:40:795] nsclose: normal exit
[04-DEC-2008 18:44:40:795] nladget: entry
[04-DEC-2008 18:44:40:795] nladget: exit
[04-DEC-2008 18:44:40:795] nsmfr: entry
[04-DEC-2008 18:44:40:795] nsmfr: 164 bytes at 0xdd7ea0
[04-DEC-2008 18:44:40:795] nsmfr: normal exit
[04-DEC-2008 18:44:40:795] nladtrm: entry
[04-DEC-2008 18:44:40:795] nladtrm: exit
[04-DEC-2008 18:44:40:795] nscall: error exit
[04-DEC-2008 18:44:40:795] nioqper: error from nscall
[04-DEC-2008 18:44:40:795] nioqper: nr err code: 0
[04-DEC-2008 18:44:40:795] nioqper: ns main err code: 12560
[04-DEC-2008 18:44:40:795] nioqper: ns (2) err code: 0
[04-DEC-2008 18:44:40:795] nioqper: nt main err code: 28862
[04-DEC-2008 18:44:40:795] nioqper: nt (2) err code: 542
[04-DEC-2008 18:44:40:795] nioqper: nt OS err code: 0
[04-DEC-2008 18:44:40:795] niomapnserror: entry
[04-DEC-2008 18:44:40:795] niqme: entry
[04-DEC-2008 18:44:40:795] niqme: reporting ORA-28862 error

Hi Ian,
Well, I'm pretty sure Oracle Advanced Security is an Oracle product so you may not need to contact Microsoft just yet. :)
I don't have too much to offer but I can say that I have seen this error when the operating system user used to create the wallet is not the same user that the listener and database services run as (these likely are running as the default Local System account unless you've already changed them).
That is to say, if a user named "abc" created the wallet the listener and database services should be edited to run as that user using the Log On tab for the service properties. Hopefully that makes sense.
Perhaps that will help a bit,
Regards,
Mark

Mutual SSL and NetBeans/JCAPS 6.2

Hi all,
i have a question about Mutual SSL for WebServices and NetBeans 6.5.1/JCAPS 6.2 and Metro 1.5 libs
I have created the Webservice and client example projects in the WSIT tutorial: CalculatorWS and CalculatorClient (https://wsit-docs.dev.java.net/releases/1.1/WSITTutorial.pdf)
I have also followed the guidelines in the pdf document "http://mediacast.sun.com/users/Michael.Czapski-Sun/media/CH05_WSSecurityExploration_r0.3.2.pdf" at paragraph 5.9 to make the WebService Mutual SSL. But for some reason it does not work in my opion as Michael is expecting at the start of paragraph 5.9.
In the client logfile i see that the server certificate is trusted, but in the server log i dont see such message. How do i know for sure that its mutual SSL?
Did someone else get the Mutual SSL working as described by Michael in paragraph 5.9?
Solutions are welcome.
Regards,
Madere.

This is a problem reported by many; search the forums for their experiences and solutions.

Support for Cisco VPN "mutual group authentication"

Hi,
Does anyone know of support plans for Cisco VPN mutual group authentication in the built-in VPN client on MacOSX?
Thanks,
John

I would like to know the answer to this as well.
Thanks,
Josh

SSL Certificate and SSL Authentication

Hi-
I'm hoping someone can shed some light on this issue.
First off, is there a difference between SSL Certificate and SSL Authentication?
I have a POP account. The Incoming port is set to 110. The Outgoing, 26. (This is according to Bluehost.com). The security settings for both incoming/outgoing are set to none. Everything works fine.
But if I want extra security, I'll set the incoming to 995 and outgoing to 465.
If I set the security settings to SSL, do I check "Use secure authentication", or do I have to purchase a SSL certificate to secure the authentication? This is where I'm confused. I tried asking the hosting company but they're not much help.
Any advice would be appreciated.
Thanks!

Hi Imagine,
You do not need to purchase your own SSL certificate to use secure authentication. The server handles this for you. You just need to make sure the port #s are correct and you simply check mark the SSL boxes and leave authentication on Password at least on most setups. Each host maybe different so you have to double check with them.
Hope That Helps,
Eric

SSL Authentication in weblogic 5.1

Hi
I am using SSL in my weblogic application. So that it asks for the username and
password while startup. But now i want to mention the username and password in
weblogic.properties file itself. So that the client need not have to provide the
username and password. I am using weblogic server 5.1 version.
How do i do this?
Hope my question is clear. Please help.
with regds
siva

Hi Michael
I am using SSL in my application. So that it asks for the certificate username
and password while startup. But now i want to mention the username and password
in weblogic.properties file itself. So that the client need not have to provide
the username and password everytime. I am using weblogic server 5.1 version.
How do i do this?
Hope my question is clear. Please help.
with regds
siva
Michael Young <[email protected]> wrote:
Hi.
It's not 100% clear to me what you are asking for. Do you want authentication
turned off for
your application? That will certainly turn off prompting for authentication
information. You
can set your ACL for your application (in your properties file) to allow
everyone to execute
it. Something like:
weblogic.allow.execute.<myApplication>=everyone
But maybe you want some kind of silent authentication so that not everyone
can execute your
app? I suppose you could pass authentication info in a cookie. I really
don't know enough
about your application, though.
I suggest you post this question in weblogic.developer.interest.security
- you have a better
chance of getting an answer there for security related questions.
Hope this helps.
Michael
siva wrote:
Hi all,
I have the following requirements. I have an application which asksfor the authentication
information like username and password at first. The application isrunning in
weblogic5.1 server. Is there a way where in weblogic.properties file,i mention
the username and password so that the application will not ask forin the browser.
please help. It's urgent.
with regds
siva--
Developer Relations Engineer
BEA Support

SSL Authentication failure to ASA

We have a Cisco ASA 5520 running 7.1. We have users that connect via SSL. There are times when a user tries to logon via SSL that they get login failed multiple times and then say 10 or 30 minutes later authentication will succeeed. The failed attempt happens so fast that it is almost like there is no auctual attempt at authentication, almost like it is a cache or browser cache setting, because I can use a test pc and login. When my test pc is having this issue, I can use a second test pc and authentication will work. Does anyone else seem to be experiencing this issue? Could it be a browser issue? Users are using a combination of IE 6.0 and IE 7.0.
Thanks

Verify your RADIUS configuration with the Test button on the AAA Server Groups configuration screen. Once you supply a username and password, this button allows you to send a test authentication request to the ACS server.
Choose Configuration > Remote Access VPN > AAA Setup > AAA Server Groups.
Select your desired AAA Server group in the top pane. Select the AAA server that you want to test in the lower pane. Click the Test button to the right of the lower pane. In the window that appears, click the Authentication radio button, and supply the credentials with which you want to test. Click OK when finished

SSL authentication in Applet, the next step?

Hi,
In the following code:
     private RssReader rssReader;
     private void createFeed() {
          rssReader = new RssReader("https://{username}:{password}@{domain}/mymon/index.php?{anaction}=rss.showrss&server_id=&ident=&statusnr=2&block=7&wwwauth=1");
          System.out.println ("TlsModel.createFeed; rssReader created");
          rssReader.readRSSFeed();
          System.out.println ("TlsModel.createFeed; read Feed");
     }I got the following error:
TlsModel.createFeed; rssReader created
IOException java.io.IOException: Server returned HTTP response code: 401 for URL: https://{username}:{password}@{domain}/mymon/index.php?{anaction}=rss.showrss&server_id=&ident=&statusnr=2&block=7&wwwauth=1
-1
TlsModel.createFeed; read FeedWe configured the feeder to allow "username" to read the feed. But still the 401 server response. What would you suggest I don now?
TIA,
Abel
Edited by: Abel on Jan 18, 2008 8:36 AM
Changed title

I have been reading the 'JSSE Reference Guide for Java SE 6' document (http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html).
What I can't seem to wrap my head around is what I need to do in a client (the Applet mentioned in the previous post) to authenticate. I know it should be possible, as there is a getNeedClientAuth() (Returns true if the socket will require client authentication) method in javax.net.ssl.SSLSocket.
So, through what hoop do I need to jump through to be able to authenticate a user in the Applet?
Background:
I want to read the contents of a RSS Feed coming from a https page. The user of the Applet needs to authenticate him/herself using his/her username and password.

SSL Authentication Error While consuming HTTPS webservice

Hi, i am calling a JAX-RPC Webservice method through HTTPS. I am Getting 403 Forbidden Error followed by a message, Your browser sent a query that could not be understood by the server.
The following is the SSL debug Trace
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
<CN=xxxxxx, OU=xxxxxx, O=xxxxxx, L=xxxxxx, ST=xxxxxx, C=xx, EMAILADDRESS=xxxxxx>
<CN=xxx>
<CN=xxx, DC=testcore, DC=test, DC=dir, DC=xxx, DC=com>
<OU=TOC, O="xxx", C=xx, ST=xx, CN=xx Certificate Authority>
<CN=xxxxxx, OU=xxx, O=xxx, L=xxx, ST=xxx, C=xxx, EMAILADDRESS=xxx>
<CN=xxxxxx>
*** ServerHelloDone
*** Certificate chain
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 35, 197, 161, 73, 249, 145, 160, 45, 56, 58, 176, 22, 174, 98, 174, 200, 1, 114, 151, 172, 122, 33, 46, 205, 154, 235, 253, 206, 42, 24, 20, 144, 7, 214, 139, 49, 23, 150, 5, 91, 58, 16, 163, 106, 159, 7 }
main, WRITE: TLSv1 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 23 C5 A1 49 F9 91 A0 2D 38 3A B0 16 AE 62 ..#..I...-8:...b
0010: AE C8 01 72 97 AC 7A 21 2E CD 9A EB FD CE 2A 18 ...r..z!......*.
0020: 14 90 07 D6 8B 31 17 96 05 5B 3A 10 A3 6A 9F 07 .....1...[:..j..
CONNECTION KEYGEN:
Client Nonce:
0000: 4E 10 18 A0 40 A3 FF 91 D1 CB 92 C4 BB 29 E8 69 N...@........).i
0010: 27 75 0A 1C ED 87 0F 5D 44 09 27 65 F1 22 E5 2F 'u.....]D.'e."./
Server Nonce:
0000: 00 00 8F C1 7D 92 67 9E 8D 06 26 81 E2 78 0B 34 ......g...&..x.4
0010: 31 C7 1D 6C B8 45 F2 AD 5A E7 2C B6 54 60 2F FD 1..l.E..Z.,.T`/.
Master Secret:
0000: 3C 42 EF 0E A4 36 14 B8 3E 80 43 7E ED B9 70 34 <B...6..>.C...p4
0010: 03 69 A3 56 EF 05 98 86 8E BE D7 67 FE 1D 23 8F .i.V.......g..#.
0020: E6 1A 18 D4 E7 FF 36 AB 61 8D 93 B8 55 E1 B0 5A ......6.a...U..Z
Client MAC write Secret:
0000: 87 51 EB C6 E3 57 79 55 97 E1 BE BE 17 94 C1 31 .Q...WyU.......1
Server MAC write Secret:
0000: 17 FD DD 05 E1 FC EC E3 F5 1D E4 25 67 E3 0F 5D ...........%g..]
Client write key:
0000: 37 D4 E0 F9 33 A8 E4 95 B6 C6 4F CA D1 49 DF 3E 7...3.....O..I.>
Server write key:
0000: 4E 4B 6E 9B 83 C3 FB 92 8D C8 9C C0 43 01 33 2C NKn.........C.3,
... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 2, 28, 187, 61, 50, 197, 78, 249, 28, 45, 76, 180 }
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data: { 107, 249, 181, 226, 207, 255, 168, 247, 141, 30, 175, 222 }
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
main, WRITE: TLSv1 Application Data, length = 333
main, WRITE: TLSv1 Application Data, length = 807
main, READ: TLSv1 Application Data, length = 181
java.rmi.RemoteException: HTTP Status-Code 403: Forbidden; nested exception is:
HTTP Status-Code 403: Forbidden
at xxx.EnrolmentReportingWebServiceServantInterface_Stub.getEnrolmentChangeSetByApplication(EnrolmentReportingWebServiceServantInterface_Stub.java:169)
at webAgent.main(webAgent.java:16)
Caused by: HTTP Status-Code 403: Forbidden
at com.sun.xml.rpc.client.http.HttpClientTransport.checkResponseCode(HttpClientTransport.java:355)
at com.sun.xml.rpc.client.http.HttpClientTransport.connectForResponse(HttpClientTransport.java:288)
at com.sun.xml.rpc.client.http.HttpClientTransport.invoke(HttpClientTransport.java:109)
at com.sun.xml.rpc.client.StreamingSender._send(StreamingSender.java:113)
at xxxxxx.EnrolmentReportingWebServiceServantInterface_Stub.getEnrolmentChangeSetByApplication(EnrolmentReportingWebServiceServantInterface_Stub.java:145)
... 1 more
I am stuck at this point. The Certificates provided by the Webservice team , they are saying is verified.
Any help will be appreciated. Thanks in advance.
Edited by: 869912 on Jul 3, 2011 12:43 AM

The client appears to have sent an empty certificate chain. That would mean it doesn't have a certificate available that matches what was specified in the CertificateRequest. Maybe it doesn't have a keystore at all.

Error on Invalid certificate serial number while configuring mutual SSL

Hi Guys,
I encounter this error(refer below) while running the EAI Outbound Body proxy.I'm currently trying to do outbound web service with a third party who uses SSL.
Base on oracle support I have followed on how to import the CA certs and also I have added this two parameters in my outbound body proxy.
siebel_transport_param:HTTPCertAuthority = "CN=Siebel Test,OU=Oracle"
siebel_transport_param:HTTPCertSerialNo =11223344
I hit error:SBL-EAI-04116: HTTP Internet Exception during 'Data Send': 'The connection with the server was reset', code: '12031'
When I check log file it says,
Switched transport service direction to: 'Outbound'
Error     Error     1     0000069e4f9a4e03:0     2012-04-27 19:55:30     Invalid certificate serial number ?11223344
EAITransport     EAITransportDebug     4     0000069e4f9a4e03:0     2012-04-27 19:55:30     Could not load the client certificate
EAITransport     EAITransportDebug     4     0000069e4f9a4e03:0     2012-04-27 19:55:30     *** HTTP Transport Parameters:
EAITransport     EAITransportDebug     4     0000069e4f9a4e03:0     2012-04-27 19:55:30     Request URL = https://Uknown/Uknown.asmx
EAITransport     EAITransportDebug     4     0000069e4f9a4e03:0     2012-04-27 19:55:30     Request Method = POST
EAITransport     EAITransportGeneric     3     0000069e4f9a4e03:0     2012-04-27 19:55:30     Dropped old connection and creating new connection for 'Request'
Error     Error     1     0000069e4f9a4e03:0     2012-04-27 19:55:30     Invalid certificate serial number ?11223344
EAITransport     EAITransportDebug     4     0000069e4f9a4e03:0     2012-04-27 19:55:30     Could not load the client certificate
I try verify again the cert I imported and it says
Serial Number : 11 22 33 44
Issuer : CN=Siebel Test,OU=Oracle
Guys, do you know what I'm missing?
1) I have already check my inbound parameter do not have white spaces like this => 11223344
2) I have added this double quatation in my HTTPCertAuthority because I suspected is required for Issuer with space value.
3) When I try import from Siebel it put the cert into intermediate certificaiton tab but when I import to IE it went to other people tab. Is this expected ?
The cert is working when I try import it to IE and when to this URL:https://Uknown/Uknown.asmx
Thanks for reading,
I hope some guys put some light
Regards,
Joey , MY

See here:
Audition 3 and the activation service
and here:
Error: Activation Server Unavailable | CS2, Acrobat 7, Audition 3

Mutual SSL Authentication

Similar Messages

Maybe you are looking for