Nodemanager SSL Config

Anyone knows how to configure the SSL for nodemanager?

please refer to http://e-docs.bea.com/wls/docs70/secmanage/ssl.html <br> for more
information.
Mike Han <[email protected]> wrote:
Anyone knows how to configure the SSL for nodemanager?

Similar Messages

Https ssl config Oracle AS, webcache, portal...almost works

Hi,
I have searched the forums and I havent found anything that works for me.
I have Oracle infrastructure on one server, and Oracle App server/portal on another server. I can get as far as the http server showing the "welcome to oracle" page in https form. When I try to access a page in the portal (plsql) I get a blank page. It does convert the "https://myserver:xxxx//pls/portal/url/page/IRWEB/HOME
" to "https://myserver:xxxx/portal/page?_pageid=73,86254,73_86264:73_86316:73_8632...." but nothing comes up.
Also, it uses the Infrastructure server for single-sign-on...so I need to make the app server do the single sign-on. I've tried by adding /pls/orasso entry in DADS.conf of http server..
So as far as I can tell...the http server IS operating in https/ssl, but the single-sign-on and the pages in the portal are not.
I have to do everything manually since I am using 10.1.2 (no Oracle Collab Suite installed, so no SSLConfigTool and other assistants)
Here is what I've done to get https://myserver:xxxx/ to come up ok.
server 1: Oracle Infrastructure and Oracle database release 1 10.1.2.0.0
server 2: Oracle Application Server / Portal with webcache release 2 10.1.2
using Oracle Wallet for certificate,
http server -> process management "ssl-enabled",
http server -> advanced -> ssl.config: SSLWallet file:, SSLWalletPassword, virtual host for ssl
webcache -> added settings for ssl (I used the current entries for non-ssl as a guide for the ssl entries)
Interesting issue...with the ports in the ssl.conf file example:
Port 4459
Listen 4459
VirtualHose myserver.blah.edu:4450
Port 4458
When I get the blank page trying to use ssl and 4459, I can manually change the url in my browser to 4458 (or maybe its the other way around) and get this message: "Error: The portlet could not be contacted"
Is this a problem with webcache? Do I have to do any ssl config on the server with the database?
I've even tried disabling the webcache, both with the oracle sql script and through web interface but neither made a difference...same problem.
Any help would be greatly appreciated..I feel as if I'm almost there.
If I did not post enough info for accurate help, please ask what you need to know to provide help! Thanks in advance.

Hi,
Yes you can go for SSl configuration without re-installing any of the components.
Regards,
access_tammy

SSL config

Dear Sir,
I have a pair of 11501, which load balance two SSL server behind them. The cert is stored in SSL server(10.106.13.20 & 21). The external vip is 10.106.13.224.
I read the SSL Config Gide and made the below configuration. Can you check if my config below is ok?
ssl-proxy-list PIS-SSL-LIST
backend-server 1
backend-server 1 type backend-ssl
backend-server 1 ip address 10.106.13.224
backend-server 1 server-ip 10.106.13.20
backend-server 1 version ssl3
backend-server 1 session-cache 300
backend-server 1 tcp virtual ack-delay 0
backend-server 2
backend-server 2 type backend-ssl
backend-server 2 ip address 10.106.13.224
backend-server 2 server-ip 10.106.13.21
backend-server 2 version ssl3
backend-server 2 session-cache 300
backend-server 2 tcp virtual ack-delay 0
active
service PIS-SSL-SERVICE
type ssl-accel-backend
ip address 10.106.13.224
add ssl-proxy-lit PIS-SSL-LIST
active
owner PIS-SSL-OWNER
content PIS-SSL-VIP-1
vip adddress 10.106.13.224
port 80
advanced-balance arrowpoint-cookie
url "/*"
add service PIS-SSL-SERVICE
active
Thanks

this is totally wrong unfortunately.
What are you trying to achieve here ?
Normally the connection between CSS and server does not need to be encrypted because they are close to each other.
You probably want to encrypt the connection from the client to the CSS since this connection goes throug the Internet.
Is this what you need ?
Here are sample configs:
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.10/configuration/ssl/guide/examples.html#wp999094
backend-ssl is @
SSL Transparent Proxy Configuration - HTTP and Back-End SSL Servers
You will see that you did many mistakes, like ip addresses used in the ssl-proxy-list.
Gilles.

SSL-Config: Oc4J does not reload keystore/truststore at runTime

Hi all, i have a little question about the SSL-Config into OC4J.
I have a webApp bound to a secure web site that requires mutual-authentication. If I add at run-time (without stopping OC4J) a trusted entry (a CA) to the keystore the secure-web-site is related to, OC4J does not "reload" the keystore with the new entry. Thus, i have to restart the OC4J to be able to accept SSLconnection that are authenticated by means of that new CA. The qeustion is: Does it exist a conifguration that has to be performed to reload at run-time a keystore in OC4J or it's necessary to restart OC4J each time a new entry to a keystore mapped for a given secure-web-site is added?
I hope someone can give me a tip,
Best Regards

Hi I tried this with latest 10.1.3 Developer Preview 4 and it worked great and I could start OC4J standalone in https mode. Can you please download the latest version of OC4J 10.1.3 DP4 stand-alone and try in there ? The OC4J version embedded with JDev 10.1.3 Preview is pretty old and there have been many bugs fixed since then
http://www.oracle.com/technology/tech/java/oc4j/index.html
-Debu

Nodemanager SSL configuration

I am having problems with the SSL hostname verification check between a
manager server and the nodemanager that controls it. How can I disable
nodemanager SSL hostname verification check?
Thanks.

I could not find any property to disable nodemanager host name
verification. Perhaps there are more properties than the ones defined al
that URL
cheers
"Gaurav Chawla" <[email protected]> escribió en el mensaje
news:[email protected]..
Hi Jose,
http://edocs.bea.com/wls/docs81/adminguide/confignodemgr.html#1143202
Here is the list of properties you could use. When the node managerstarts,
the list it prints is all you need. You could copy the properties from
there and specify them either on the command line or in the
nodemanager.properties file.
cheers,
gaurav.
On Thu, 17 Jul 2003 16:41:47 -0300, Jose <[email protected]>
wrote:
>
Hi, thanks for answering
Where can I get more information about the syntax of the flags you
mentioned?
Do I have to put them in the nodemanager.properties file?
cheers
"Gaurav Chawla" <[email protected]> escribió en el mensaje
news:[email protected]..
Hi Jose,
There is a flag when you start the node manager. The node managerspecifies
the name of all the flags which you could use to turn off host name
verification in the node manager. For the admin server, you can change
it
using the console.
cheers,
gaurav.
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/

Problems with config nodemanage SSL setings weblogic10.3

Hi,
I am new to build weblogic cluster. But I got some problems when I build it.
I tried to build a simple architecture as a demo to understand the cluster.
I have two PCs with XP
PC1 and PC2
I defined machine0 to PC1 and machine1 to PC2 in the weblogic.
pc1 IP:192.168.1.102
pc2 IP:192.168.1.103
I created a domain on the PC1 testDomain
I created a admin server and one node on the PC1(machine0):testAdmin, testNode1
I created another node on the PC2(machine1):testNode2
Cluter: testCluster, testNode1, testNode2 added
Cluster Address:192.168.1.102
I launch the nodeManager menully.
I wanted to start testNode1 in the admin console(web page)
It's seems working, I can see the status changed to "RUNNING". But I got the message in the console
Invalid/unknown SSL header was received from peer localhost - 127.0.0.1 during SSL handshake
It seems there is something wrong with the SSL handshanke, this message will appeared when I enter the
testDomain->Environment->Server page in the admin console.
I launched the nodeManager with the SecureListener=false
and the setting in the testAdmin, testNode1, testNode2 is SSL Listen Port Enabled UNCHECKED
keystores setting is "Dome identity and Demo Trust"
In the machine0 the node manger tab Type is Plain.
My question is:
1. I didn't setting the SSL why the server will use SSL to communitate each othe.
2. If I want to use Nodemanager to control the node server, is the SSL must be setting?
3. What cause the message I got, is between nodemanager and testAdmin or testAdmin and testNode1? Is there any way to solve it?
4. I found weblogic tool utils.CertGen can generate SSL certificates, how to use it to recreate the DemoIdentity.jks and DemoTrust.jks, is it possible?
My operations are all focus on the PC1 I believe the SSL setting is the cause, please give me some advise.
Thanks

Make sure you restart the nodemanger service or script when you make changes to the nodemananger.properties file. They don't usually pick up on the fly. Previous post was correct in that the errors are probably within the cert. Turn off SSL and test and it will confirm. If still getting issues turn off the hostname verifier on the admin server (on keystore page or SSL under the admin server config).

Nodemanager ssl handshake wls9.2

I started Adminserver and Nodemanager manually.
When I try to see the Nodemanager status in the adminconsole I get:
I/O error while reading domain directory: java.io.FileNotFoundException: Domain directory 'C:\win32app\bea\weblogic92\common\nodemanager' invalid (domain salt file not found)
The Nodemanager logfile says:
<30.01.2007 09:52:01> <Warning> <Uncaught exception in server handler: javax.net.ssl.SSLHandshakeException: [Security:090476]Invalid/unknown SSL header was received from peer localhost - 127.0.0.1 during SSL handshake.>
javax.net.ssl.SSLHandshakeException: [Security:090476]Invalid/unknown SSL header was received from peer localhost - 127.0.0.1 during SSL handshake.
and
<30.01.2007 09:52:29> <Warning> <I/O error while reading domain directory: java.io.FileNotFoundException: Domain directory 'C:\win32app\bea\weblogic92\common\nodemanager' invalid (domain salt file not found)>
java.io.FileNotFoundException: Domain directory 'C:\win32app\bea\weblogic92\common\nodemanager' invalid (domain salt file not found)
     at weblogic.nodemanager.server.DomainManager.initialize(DomainManager.java:71)
     at weblogic.nodemanager.server.DomainManager.<init>(DomainManager.java:43)
     at weblogic.nodemanager.server.NMServer.getDomainManager(NMServer.java:239)
     at weblogic.nodemanager.server.Handler.handleDomain(Handler.java:210)
     at weblogic.nodemanager.server.Handler.handleCommand(Handler.java:105)
     at weblogic.nodemanager.server.Handler.run(Handler.java:66)
     at java.lang.Thread.run()V(Unknown Source)
startNodemanager.cmd has not been changed.
What I saw is, that Nodemanager is running with jRockit, my Adminserver is running on the wls92 jdk150_04.
What is wrong ?
Thanks Thomas

Tried changing parameters -
DomainsFile=D\:\\bea10\\WEBLOG~1\\common\\NODEMA~1\\nodemanager.domains
LogLimit=0
PropertiesVersion=10.0.0.0
javaHome=d\:\\bea10\\jrockit90_150_06
AuthenticationEnabled=true
NodeManagerHome=D\:\\bea10\\WEBLOG~1\\common\\NODEMA~1
JavaHome=d\:\\bea10\\jrockit90_150_06\\jre
LogLevel=INFO
DomainsFileEnabled=true
StartScriptName=
ListenAddress=
NativeVersionEnabled=true
ListenPort=5556
LogToStderr=true
SecureListener=true
LogCount=1
StopScriptEnabled=false
QuitEnabled=false
LogAppend=true
StateCheckInterval=500
CrashRecoveryEnabled=false
StartScriptEnabled=false
LogFile=D\:\\bea10\\WEBLOG~1\\common\\NODEMA~1\\nodemanager.log
LogFormatter=weblogic.nodemanager.server.LogFormatter
ListenBacklog=50
but same error -
<Feb 8, 2007 10:10:42 AM> <INFO> <Secure socket listener started on port 5556>
<Feb 8, 2007 10:10:52 AM> <INFO> <jmsdomain> <States = {AdminServer=UNKNOWN, man
2=UNKNOWN, man1=UNKNOWN, domain_bak=UNKNOWN}>
<Feb 8, 2007 10:10:55 AM> <Warning> <I/O error while reading domain directory: j
ava.io.FileNotFoundException: Domain directory 'D:\bea10\weblogic100tp\common\no
demanager' invalid (domain salt file not found)>
java.io.FileNotFoundException: Domain directory 'D:\bea10\weblogic100tp\common\n
odemanager' invalid (domain salt file not found)
at weblogic.nodemanager.server.DomainManager.initialize(DomainManager.ja
va:81)
at weblogic.nodemanager.server.DomainManager.<init>(DomainManager.java:5
3)
at weblogic.nodemanager.server.NMServer.getDomainManager(NMServer.java:2
52)
at weblogic.nodemanager.server.Handler.handleDomain(Handler.java:218)
at weblogic.nodemanager.server.Handler.handleCommand(Handler.java:109)
at weblogic.nodemanager.server.Handler.run(Handler.java:66)
at java.lang.Thread.run()V(Unknown Source)
Regards,
Sid

2 way ssl config in WLS 8.1

Problem: Server(any web app runing on WLS 8.1 SP2 on win2000) need to authenticate
clients(browser) without prompting for userid & passwords just through digital
certificate. With out writing any programming in deployed Java app . Only through
server side config can be done.
Soluton : We are trying to use the 2-way ssl in WLS 8.1 SP2 running on win2000.
To begin with development, we are just using the Demo cert. This is being tested
on same machine both client and server. This works perfectly fine for 1-way ssl
no need to do any config. To extend this config for 2-way.
I need a one more digital cert for client.
I create the client digital cert/private key using Cert Gen utility.
Now the confusing part how to add this to Server Trust key store.
There are no proper doc on how to continue further.
Different places say different things to do.
If any one can provide some example steps how to do it will be great.
Thanks in advance.
--Prav

Did you use the Demo CA to issue the new certificate (CertGen uses it by default)?
Then you do not need to do anything. The CA certificate already exists in the
DemoTrust.jks.
Otherwise you can use keytool to import trusted certificate into a keystore. See
this page for more info: http://e-docs.bea.com/wls/docs81/secmanage/ssl.html#1178523
Pavel.
"prav" <[email protected]> wrote:
>
Problem: Server(any web app runing on WLS 8.1 SP2 on win2000) need to
authenticate
clients(browser) without prompting for userid & passwords just through
digital
certificate. With out writing any programming in deployed Java app .
Only through
server side config can be done.
Soluton : We are trying to use the 2-way ssl in WLS 8.1 SP2 running on
win2000.
To begin with development, we are just using the Demo cert. This is being
tested
on same machine both client and server. This works perfectly fine for
1-way ssl
no need to do any config. To extend this config for 2-way.
I need a one more digital cert for client.
I create the client digital cert/private key using Cert Gen utility.
Now the confusing part how to add this to Server Trust key store.
There are no proper doc on how to continue further.
Different places say different things to do.
If any one can provide some example steps how to do it will be great.
Thanks in advance.
--Prav

Nodemanager & SSL

Is it necessary to use SSL for communication between the nodemanager and the managed
servers. If not, how is that set up.
Thanks.

Hi Sheila,
All the communication between Admin <-> NodeManager <-> Managed server
happens over SSL. In 8.1 SSL is set up OOTB so you shouldn't have to do
anything with respect to this unless you want to move to production certs.
For more details see
http://edocs.bea.com/wls/docs81/adminguide/confignodemgr.html#1159961
If you have pre-8.1 installation, it requires some set up for SSL as there
is no non-SSL option for Node Manager communication as it is considered a
security risk.
Here is more information on configuring 7.0 Node manager.
http://edocs.bea.com/wls/docs70/admin_domain/nodemgr.html
cheers,
gaurav.
On 22 Aug 2003 07:55:08 -0700, Sheila <[email protected]> wrote:
>
Is it necessary to use SSL for communication between the nodemanager and
the managed
servers. If not, how is that set up.
Thanks.
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/

Soap RECEIVER adapter ssl config

we are consuming a web service in sap ECC system via XI using SSL. So I configured receiver soap adapter. Imported the certificate provided by web service provider to J2EE visual admin key store. However I am not able to see my ceritificates popluated in my communication channel selection list.
Could you please provide steps to configure SSL in receiver soap adapter not for Sender adapter.
Thanks.
Bijay

Okay, so this is a client certificate and not a CA certificate, right?
In this case, you need to import the client certificate under ICM_SSL_xxx and you can find SSL_Provider if you scroll completly down. You need to import the private key of the client certificate under ICM_SSL_xxx.
Only CA certificates goes in TrustedCA view. You can create a new view ICM_SSL_xxx or put the certificate under any existing ICM_SSL_xxx view, it doesn't matter.
Do this step and let me know if it works. Might be, there is no requirement for private key at this point of time. It completely depends how the receiving system will accept and verify the call from PI server.
Since it's a client certificate, they must be having public and private keys. But this certificate has to be signed by some one like VeriSign and they provide a different key to make it more secured. But anyways, you don't need to go in so much of details right now.
Follow the steps that I mentioned above and hopefully, it should work.
Regards,
Neetesh

SSL config in PORTAL

To all the Portal Guru's out there....I have a two simple questions....
I have two servers - one that holds the MR (repository) and one that holds the OID Infrastructure and Portal tiers (2 different mount points)
This is a new install - and upgraded to 10.1.4. With the OID and portal tiers on the same server, it is possible to SSL enable access to the portal (i.e. HTTPS in place of currently HTTP) - without having to re-install.......the entire stack.....
Is it also wise to go ahead and do this - in other words, does religiously adhering to Sec 5.2 of the Oracle® Application Server Portal Configuration Guide
10g Release 2 (10.1.4) B19305-03 - get me to enable SSL through out the portal?
Thanks

Hi,
Yes you can go for SSl configuration without re-installing any of the components.
Regards,
access_tammy

Console cannot connect to ldap after SSL config

Hi,
I configured our iplanet DS 5.0 to use SSL (requested cert from DS, signed and created a new cert with openSSL, verified that DS could read that cert, and turned on ssl). Restarted DS and admin-serv. The ldap is working but ldaps is not. The console is unable to connect to DS and just hangs when trying to connect. The console is configured to connect to ldap not ldaps, but when I view the configuration for DS in console it shows port 636. So -
- how do I make the console use port 389 to connect to the DS?
- What do I need to do to get ldaps working?
TIA.
Raj Dolas

There are some limitations in using the Console when SSL is enabled for the Directory Server. These are documented... in the release notes at least.
Regards,
Ludovic.

SSL Config for SAP webgui service of ABAP

Hi Gurus,
We have a duel stack system, details are as follows:
ECC 6.0 SR2
ABAP Stack 11
Java Stack 13
we want to access the webgui via internet and for this we have configured the webdispatcher which is behid the firewall. we had created the ccr and got the CA response which is imported in the Dispatcher. So the traffice from the end user to Dispatcher is SSL enabled. Then we did same thing for ABAP as well and now the completed trafic is SSL enabled. Our problem is...
when we use the URL to login to webgui it changes the url and hence does not work from internet. Please note that we dont want to expose our ECC system to public netowrk.
e.g :
https://portal.mycompany.com:8100 --> this is the web dispatcher URL this should give us the login screen and stay as it is all the time. But ......when it gives the login screen it gets changed to
https://ecc60server.mycompany.com:8000 --> and as the ECC server cant be accessed via internet this URL fails when we are outside the company network.
similarly for the Java stack of the same system also we have the URL and it works just fine.
rewards will be awarded for the solutions....
Pravin

Hi Pravin,
So if I get it right, you need an End-to-End SSL setup for you WebDispatcher.
This means that the Webdispatcher simply re-directs the calls but still shows the official url to the client.
I think you have a problem in the webdispatcher profile.
there should be one entry like
icm/server_port_0 = PROT=ROUTER,PORT=443
This means that the webdispatcher is listening for traffic on port 443.
then there should be another entry like
icm/server_port_1 = PROT=HTTPS,PORT=0
this means that the webdispatcher does not listen to this port (PORT=0) but simply send data to it.
Then, the actual connection to the ABAP-system
ms/https_port = 8101 (or whatever port you used for https)
rdisp/mshost = <full.host.name.including.domain.name>
another important parameters is: wdisp/server_info_protocol = https

SSL Config on Tomcat

Hi Experts:
My Apache+SSL is working now - thanks to you all. I checked it using https://www.hari.com.
However, I have a small Application which contains JSP+Servlets which calls Oracle DB via JDBC. This application is working fine when I type http://www.hari.com:8080/hari/index.jsp but when I try HTTPS as https://www.hari.com:8080/hari/index.jsp it does'nt work - ie page does'nt shows up.
I know that HTTPS listens to port 443 and my Application(Tomcat+JBoss) listens to port 8080 - so how do I integrate both the ports to work together? Any useful information on above is appreciated.
THANKS!
HARI

Hi
I guess that you haven't changed the pot that Tomcat listens for SSL connections.If not the default port for SSL is 8443 for Tomcat. SO if you want your application to run via SSL you must use s.g like https://localhost:8443/......
if u use 8080 it won't run. The connection to the database should be again to the 8080 port, but the servlet should listen to 8443 for SSL. Check the port in the server.xml file

SSL Config problem

Hi all,
I uploaded a cert file and I am getting a runtime error when I try to delete a wrong certificate from Key Store in Visual Admin.
Can you tell me how to delete the certificate?
Thank you in advance.
Regards,
Subu

This should not happen. Check if the entries in the orasso.wwsec_papp_configuration_in_t point portal to the right SSO entries. Also check if the OIDDAS operation url's are correct in the oid.
cu
Andreas

Nodemanager SSL Config

Similar Messages

Maybe you are looking for