OIM11gR2 AD Connector SSL Configuration

Hi,
Can anyone provide me the steps to configure SSL between OIM - Connector Server - Active Directory ?
We followed the steps provided in the AD Connector guide, but that does not seem to work. In the connector server logs, we see "SystemNotSupportedException: The certificate should be associated with private key". The steps we did were:
1. Exported root certificate from AD Server
2. Create sslstore on Conector server and updated connectorserver.exe.config file
3. Enabled SSL in Connector Server ITResource.
If you were succesfull configuring SSL, Please provide us the steps for the same.
Thanks,
Hrushi

Hi GP/PK,
Does that mean the trust certificate of AD is used for SSL configuration between OIM and Connector Server ?? I am not sure how this is gonna work. However, I have followed the steps in sections 2.3.2.2 to 2.3.2.4 in the link provided by you, but still I get the error posted earlier.
Could you please list the steps for SSL configuration ???
Also, Could you point me to the document which says Connector Server uses internal SSL to communicate to AD.
Also, In our environment, connector server is installed on seperate machine and not on machine where AD is running.
Thanks,
Hrushi
Edited by: 920194 on Sep 10, 2012 11:57 PM
Edited by: 920194 on Sep 10, 2012 11:59 PM

Similar Messages

Need some hel in SSL Configuration in R12

Hi All,
I am facing challenges in configuring SSL in R12. I am not able to get bigger picture of the SSL Configuration. If any body does this before please share you knowledge
Thanks in Advance.
Reddy

Hi Hussein
The below are the steps I am trying to implement.
Section 3 : Middle Tier Setup
The default location for the wallet in Release 12 is $INST_TOP/certs/Apache. This directory contains a wallet with demo certificates. If you wish to use these certificates for testing start with Step 8 below to configure SSL
Decided to test the application with demo certificates.
Step 8: Update the Context File.
Updated the context file as per the recommendations.
Step 9 - Run Autoconfig
Finished
Section 4: Database Tier Setup
Here I got confused. Whether to proceed or not ?
Thanks
Reddy

PI 7.31 Dual Stack SSL configuration

HI Gurus,
I have a quick query, I am configuring SSL on my PI 7.31 systems.
I have checked all the standard guides and forums but I have one doubt.
Q1 - Is it necessary to configure SSL both in ABAP and JAVA side ?
Q2 - If I just configure SSL in STRUSTSSO2 in ABAP , will it be more than enough ?
Q3 - In what cases do we need to configure SSL in JAVA side ? And does configuring SSL in JAVA mandatory require sapcryptolib files ?
Please share your views.
Cheers, SG

I want to understand is it necessary to configure SSL in both ABAP and JAVA in case of dual stack PI ?
>>> Please refer to Huseyin's comments in the below thread..
PI 7.3 Dual Stack SSL configuration
In what cases do we use JAVA SSL in Dual stack system ?
>>> AFAIK - when you use http_aae adapter/soap with https then you should configure the SSL on java stack.

Syclo Work Manager 6.1 SSL Configurations

Hello Experts,
We have an "Communicaiton Error 14" on Device and ATE. I have worked on WM 5.2 and 6.0 and aware of the SSL configurations. I have Generated a Self Signed Certificate and a PFX file using OpenSSL. Now, with SMP 3.0 SP03 we are not able to find how to configure the Agentry.ini and where to copy the .sst file.
Can someone help us understand on how to make this work??? Is there a workaround for HTTP communication without SSL and any document on this which can help.
Is SSL/pfx mandatory to have in 6.1 while testing with ATE?
Regards,
Sarika

Hi Stephen,
Yes, I have to change the FDQN name to IP to work with Management console, only I will get logon screen. Similarly I have tried to do the same in ATE & WPF client.
in Management Console, while have FDQN in URL,
https://jilan.wirelessap:8083/Admin/
the error is below. But when I change to IP it works.
This page can't be displayed
Make sure the web address https://jilan.wirelessap:8083 is correct.
Look for the page with your search engine.
Refresh the page in a few minutes.
Make sure TLS and SSL protocols are enabled. Go to Tools > Internet Options > Advanced > Settings > Security
Similarly, in WPF/ATE, if FDQN is in URL, I get the Communication Error(14).
Requesting Public Key from Server
Communications error (14)
Connection failed
Ending transmission
Is any mapping needed in my laptop between FDQN to IP address?
Thanks,
Jilan

Changing SSL configuration on MedRec

Hi,
We are developing a custom Auditing Provider for WLS. Our provider needs to communicate via https to a remote system, and thus we need to configure SSL in order to use the correct client certificate and trust the remote server's.
We are using the sample MedRec application bundled with WLS for testing purposes, but no matter what, we do not seem to be able to change the SSL configuration. We went to Home -> Servers -> MedRecServer(Admin) -> Configuration in the console, and then
* Keystores
* Custom Identity and Custom Trust + configure all the keystores pointing to our jks files
* SSL: point to our alias
But, when restarting the server, we see the following:
<Mar 6, 2007 11:45:21 AM CET> <Notice> <Security> <BEA-090169> <Loading trusted
certificates from the jks keystore file C:\dev\bea\WEBLOG~1\server\lib\DemoTrust
.jks.>Which seems to indicate that somehow MedRecServer is not acknowledging our configuration changes.
Our WL_HOME\samples\domains\medrec\config\config.xml looks like this:
<?xml version='1.0' encoding='UTF-8'?>
<domain xmlns="http://www.bea.com/ns/weblogic/920/domain" xmlns:sec="http://www.bea.com/ns/weblogic/90/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wls="http://www.bea.com/ns/weblogic/90/security/wls" xsi:schemaLocation="http://www.bea.com/ns/weblogic/90/security/extension http://www.bea.com/ns/weblogic/90/security.xsd http://www.bea.com/ns/weblogic/90/security/xacml http://www.bea.com/ns/weblogic/90/security/xacml.xsd http://www.bea.com/ns/weblogic/90/security http://www.bea.com/ns/weblogic/90/security.xsd http://www.bea.com/ns/weblogic/920/domain http://www.bea.com/ns/weblogic/920/domain.xsd http://www.bea.com/ns/weblogic/90/security/wls http://www.bea.com/ns/weblogic/90/security/wls.xsd">
<name>medrec</name>
<domain-version>9.2.0.0</domain-version>
<security-configuration>
    <name>medrec</name>
    <realm>
      <sec:auditor xmlns:ext="http://www.bea.com/ns/weblogic/90/security/extension" xsi:type="ext:secure-auditorType">
        <sec:name>Foo</sec:name>
        <ext:identifier>Test</ext:identifier>
        <ext:bea-audit-log-service-uri>hessian:https://it-sdm-nb:8443/ksuite/remoting/BEAAuditLogService-hessian</ext:bea-audit-log-service-uri>
      </sec:auditor>
      <sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
      <sec:authentication-provider xsi:type="wls:default-identity-asserterType">
        <sec:active-type>AuthenticatedUser</sec:active-type>
      </sec:authentication-provider>
      <sec:role-mapper xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
      <sec:authorizer xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
      <sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
      <sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
      <sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
      <sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
      <sec:name>myrealm</sec:name>
    </realm>
    <default-realm>myrealm</default-realm>
    <credential-encrypted>{3DES}I/3L8IhJVe+jq1vzXAXHODsFazm8NGROsfPVAaunGasgxJ6u41gpHbMAqA4pZSr2u1CWgoxiHR6z895y9Or+CDwkCmqAxJBq</credential-encrypted>
    <node-manager-username>weblogic</node-manager-username>
    <node-manager-password-encrypted>{3DES}HMxdWFl3juTr6BufJFg6WQ==</node-manager-password-encrypted>
</security-configuration>
<server>
    <name>MedRecServer</name>
    <ssl>
      <name>MedRecServer</name>
      <enabled>true</enabled>
      <listen-port>7012</listen-port>
      <server-private-key-alias>auditor</server-private-key-alias>
      <server-private-key-pass-phrase-encrypted>{3DES}tPlZGhoSkfnu0h93w1MeKw==</server-private-key-pass-phrase-encrypted>
    </ssl>
    <listen-port>7011</listen-port>
    <listen-address></listen-address>
    <key-stores>CustomIdentityAndCustomTrust</key-stores>
    <custom-identity-key-store-file-name>C:\dev\bea\weblogic92\server\lib\tomcat.keystore</custom-identity-key-store-file-name>
    <custom-identity-key-store-type>jks</custom-identity-key-store-type>
    <custom-identity-key-store-pass-phrase-encrypted>{3DES}tPlZGhoSkfnu0h93w1MeKw==</custom-identity-key-store-pass-phrase-encrypted>
    <custom-trust-key-store-file-name>C:\dev\bea\weblogic92\server\lib\tomcat.keystore</custom-trust-key-store-file-name>
    <custom-trust-key-store-type>jks</custom-trust-key-store-type>
    <custom-trust-key-store-pass-phrase-encrypted>{3DES}tPlZGhoSkfnu0h93w1MeKw==</custom-trust-key-store-pass-phrase-encrypted>
</server>
<embedded-ldap>
    <name>medrec</name>
    <credential-encrypted>{3DES}W+XDJAixeMZcbdmRm/jIF8u8ZMzBMLyGQpcjb1lWzlM=</credential-encrypted>
</embedded-ldap>
<configuration-version>9.2.0.0</configuration-version>
<admin-server-name>MedRecServer</admin-server-name>
</domain>You can see our Auditor provider configuration and the custom identity and trust sections, which look right.
I'm wondering if somehow the demo application is special in any way, or if we are missing some step to change the identity and trust configuration. Any ideas? Any further investigation clues?
Kind regards,
Alex

OK, we have been reading this:
http://e-docs.bea.com/wls/docs81/security/SSL_client.html
, so I think I need to make a few clarifications.
Our Auditing Provider communicates remotely with another system using remoting libraries (in this case, the Hessian library), which open SSL connections in the "usual JDK manner". In fact, when handshaking, we see a failure that has a stack trace like the following:
<Mar 6, 2007 3:59:36 PM CET> <Debug> <SecuritySSL> <000000> <Exception during ha
ndshake, stack trace follows
java.net.SocketException: socket write error: Connection aborted by peer
        at jrockit.net.SocketNativeIO.socketWrite(Ljava.io.FileDescriptor;[BII)V
(Unknown Source)
        at java.net.SocketOutputStream.socketWrite0(Ljava.io.FileDescriptor;[BII
)V(SocketOutputStream.java:???)
        at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92)
        at java.net.SocketOutputStream.write(SocketOutputStream.java:136)
        at com.certicom.io.OutputSSLIOStream.write([BII)I(Unknown Source)
        at com.certicom.tls.record.WriteHandler.flushOutput()I(Unknown Source)
        at com.certicom.tls.record.handshake.HandshakeHandler.flush()V(Unknown S
ource)
        at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.hand
le(Lcom.certicom.tls.record.handshake.HandshakeMessage;)V(Unknown Source)
        at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Lcom.certicom.tls.record.handshake.HandshakeMessage;)V(Unknown Source)
        at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages([BILcom.certicom.tls.interfaceimpl.ProtocolVersion;)V(Unknown Source)
        at com.certicom.tls.record.MessageInterpreter.interpretContent([BIILcom.
certicom.tls.interfaceimpl.ProtocolVersion;)V(Unknown Source)
        at com.certicom.tls.record.MessageInterpreter.decryptMessage(II[BIILcom.
certicom.tls.interfaceimpl.ProtocolVersion;)V(Unknown Source)
        at com.certicom.tls.record.ReadHandler.processRecord()I(Unknown Source)
        at com.certicom.tls.record.ReadHandler.readRecord()I(Unknown Source)
        at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete()V(Unk
nown Source)
        at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake()V
(Unknown Source)
        at com.certicom.tls.record.WriteHandler.write([BII)I(Unknown Source)
        at com.certicom.io.OutputSSLIOStreamWrapper.write([BII)V(Unknown Source)
        at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65
        at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
        at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
        at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.j
ava:142)
        at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.
java:344)
        at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLC
onnection.java:32)
        at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection
.java:935)
        at com.caucho.hessian.client.HessianProxy.invoke(Ljava.lang.Object;Ljava
.lang.reflect.Method;[Ljava.lang.Object;)Ljava.lang.Object;(HessianProxy.java:??
        at $Proxy0.startup(JLjava.lang.String;Ljava.lang.String;)V(Unknown Sourc
e)
        at com.kroopier.bea.sap.utils.BeaAuditLogServiceSSLWrapper.startup(BeaAu
ditLogServiceSSLWrapper.java:43)
[/pre]
I guess that the Hessian library opens up a connection, actually using these certicom classes and not the usual https ssl client classes and then I should configure client certificates accordingly in the Certicom thing, but I'm unsure how to do that.
Any ideas?
Alex

Analyze link generated by Portal not working after SSL Configuration

Hi,
We've installed OracleAS Portal 10.1.4 and Oracle Discoverer Version 10.1.2.48.18 on the same machine. We recently configured SSL on OracleAS Portal for SSO server only. Discoverer was not SSO enabled.
Now after successful SSL configuration we are facing one problem. The Analyze link that is generated by Portal to analyze the worksheet in Single Worksheet Viewer is no longer working. when we click on the analyze link we get the "HTTP 500 Internal Server Error" and a message that Page cannot be displayed.
Please advise...

Hi Andrew
It sounds like you need to enable SSO for Discoverer too.
Best wishes
Michael

Minimal 9iASR2 SSL configuration to encrypt password

I have been asked to research SSL configuration for a client. The environment is 9iAS Release 2 (one Linux infrastructure server and one Linux mid-tier server). The client wants to determine and implement the minimal solution for the following requirement: for a custom JSP login page for Portal (same flavor as explained in the SSO Admin Guide), encrypt the password when a user logs in. They would prefer not to have to alter communication channels between 9iAS components unless it is absolutely necessary. I have found an assortment of how-to documents which explain an assortment of configuration options. Unfortunately, I still do not understand which security goals the configurations meet. Can any 9iAS configuration gurus provide some guidance about meeting this requirement?
Here are some of the reference docs I referred to:
http://portalcenter.oracle.com/pls/ops/docs/FOLDER/COMMUNITY/INTERNALPRODDEVFOLDER/TECHREADINESS/ARCHIINFRA/SECURITY/SETUPSSL/HOW%20TO%20SET%20UP%20SSL%20(9.0.2).HTML
MetaLink note 216126.1
MetaLink note 223120.1

One option maybe the following :
- Create a file holding the encrpyted username/password on the application server side (in the working directory of your oracle forms application)
- As a parameter, pass the name of your file to the form
- when the form is getting called, read the name file in (TEXT_IO) and use the logon built-in with the value from the password file
How to create an encrpyted file :
- use the obfuscation toolkit to encrypt username/password@instance into a varchar2
- write this value to a file using oracle forms (TEXT_IO)
FUNCTION f_encrypt_string(p_key IN VARCHAR2)
RETURN VARCHAR2 IS v_encrypt_string VARCHAR2(2000) := 'N/A';
l_data VARCHAR2(2000);
BEGIN
-- if neccessary create a text where the length of the string
-- is diviteable by 8 (which is a requirement of dbms_obfuscation_toolkit)
l_data := RPAD(p_key, (TRUNC(LENGTH(p_key)/8)+1)*8, CHR(0));
DBMS_OBFUSCATION_TOOLKIT.DESEncrypt(input_string => l_data,
key_string => 'MagicKey',
encrypted_string=> v_encrypt_string);
RETURN (v_encrypt_string);
END;
Edited by: user434854 on Apr 8, 2009 5:17 AM

SSL configuration on oracle 10g realease 3 web server

what all are the changes should i do
in ssl.conf,httpd.conf,opmn.xml
to enable ssl.
i have clustered one web server and one application server
i have the authorized trusted certificate from CA.

SSL configuration on oracle 10g webserver release 3

ZCM 11.2 Second Primary - SSL Configuration

Primary Server 11.2.4MU1 on OES 11SP2 - Running ZCM11.2.4MU1 / DSFW / DNS
I am attempting to bring up a Second Primary Server. Maybe I am miss reading the documentation, however Each time I attempt the setup and bring the second primary into the "Existing" zone I give it the DNS / IP of the server, the correct Port - 444 In this case, and user / password. It authenticates fine, asks me to import the CA / MGMT Zone Cert. I click yes. Then I am taken to the SSL Configuration page.
From my reading I believe I should not be taken to this page.... I believe this should only be done if its a new server as the secondary should import and use the primary?
Currently my Plan was to bring up a secondary Primary and look at doing a DB / Content Migration, as I can not upgrade the current 11.2.4MU1 to 11.3 as install on OES is not supported (any longer).
I could be a bit discombobulated....
Thanks
Patrick

Never mind.....I forgot about the CSR / Cert generation part of the Zenworks setup...

Lion SSL configuration

I am using Lion os on a Mac Book Pro. I have installed MySQL and I use the default mac Apache server. I have tried to config SSL in Apache. I have read many posts on the internet and tried many of them and followed their instructions step by step, but the SSL doesn't work on Lion.
Any idea how to config Apache SSL?

Hua,
make sure that the entry under the alias is a key entry, not the trusted CA certificate
entry.
Pavel.
"Hua Cao" <[email protected]> wrote:
>
Hi, Wajid,
I have similar problems but it is with 8.1
The bea server says 'no key/identity found in the key store file'. I
checked the
keystore using keytool. The specified alias is there for sure.
If you find a solution, please share it with me ([email protected]).
Thanks.
Hua
"Wajid" <[email protected]> wrote:
While doing ssl configuration in importprivatekey utility iam gettin
following
error
D:\bea\user_projects\mydomain>java utils.ImportPrivateKey d:\bea\users_projects\
mydomain\mykeystore.jks null myalias myphrase myCert.pem upendra-key.pem
Keystore file not found, creating it
java.security.KeyManagementException: ASN.1: Lengths longer than 32bits
are not
supported
at com.certicom.security.cert.internal.x509.SSLPlusSupport.getLocalIdent
ityPartial(Unknown Source)
at com.certicom.net.ssl.CerticomContextWrapper.inputPrivateKey(Unknown
S
ource)
at utils.ImportPrivateKey.importKey(ImportPrivateKey.java:57)
at utils.ImportPrivateKey.main(ImportPrivateKey.java:24)
Please help

Business Connector 4.7 SSL configuration

HI,
I am configuring SSL in Business Connector 4.7 (to use HTTPS using digital certificates).
I am following the admin guide.
I finished the first step - Configuring the Server to Use SSL.
The next step is to import the client certificate and map it with a user.
My query is that , how can i get a client certificate.
Could anyone please suggest me.
Also, does any one has step by step configuration of SAP BC for SSL.
Regards,
Kuna

Hi,
You should be getting the certificates from the client (where you got the URL from), for example if you are trying to connect your BC to SAP using SSL, you should get the certificates from SAP and install them in BC for communication.
thanks...
Karna....

XI 3.1 Infoview HTTPS/SSL configuration

How do I setup Infoview so I can access it via https from outside our LAN?
Our environment currently runs on Tomcat 5.5 and I have SSO configured with vintela and kerberos. Everything works great and can access InfoView and CMC from inside our network via http. I would like to set up our environment to access InfoView from the outside and was wondering if I just need to configure Tomcat for https.
-Our firewall is already configure to allow access to the server via https
-Looking at the Admin Guide, doesn't seem like I need WACS
-Looking at the Admin Guide chapter 6, I'm not sure if I need to implement this either.

Thank you very much for the help.
I actually used the Tomcat keytool to create a cert for my dev environment ( http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html ) but followed your instructions for the rest. I now have a https connection for the server.
I currently have the default port set up for 80 and 433 for https. The problem I have now is that when I go to https://{server name}/InfoViewApp, it connects but then redirects to http://{server name}:8080/InfoViewApp.
Do you know where I change this redirect from 8080 to 80?
Current Settings in Business Objects\Tomcat55\conf\server.xml

    <Connector URIEncoding="UTF-8" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="16384" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="80" redirectPort="443"/>
    
    <Connector port="443" maxHttpHeaderSize="8192"...

SSL configuration SOA-server and admin server

I have configured admin console of weblogic to run on https port 7002 and also SoA-server.but my problem here is that i deployed soa-service on default partitions and when i try to test by going through the https://localhost:7002/em console in test page it showing me http://localhost:8001/...?WSDL URL ,why its not showing me https://localhost:8002/...?WSDL URL.But when i type in browser https://localhot:8002/..?WSDl i am able to access it .
so how can i configure https://localhost:8002/..?WSDL URL when i login through SSL(secure port) 7002 port.
and http://localhost:8001/..?WSDL URL when i login through normal port i.e 7001.

Hi Bikash,
Doc mentions that communication between AD and connector server is secure with ICF architecture.
Just wanted to confirm if same is true between OIM and connector server.
Saurabh mentions that between OIM and connector server ssl is required? Please confirm.
Thanks

Ssl configuration in tomcat

hi everyone... i hope anyone can help me in this problem
i 've installed Apache Tomcat 4.1.12LE
and j2sdk1.4.1 .Yesterday i tried configuring SSL in tomcat for my login page.
so i followed the steps provided in the documentation. the documentation said choose
JSSE an installed extension by copying all three JAR files (jcert.jar, jnet.jar, and
jsse.jar) into your JAVA_HOME\jre\lib\ext directory but i could only find the jsse.jar
file so i copyied jsse.jar file to JAVA_HOME\jre\lib\ext after that i did the keytool
configuration from C:\j2sdk1.4.1 during keytool process i created my own password.
after that i removed the comments in the server.xml like shown below,
and added the keystore password with my own..password
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="10" debug="0" scheme="https" secure="true"
useURIValidationHack="false">
<Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
clientAuth="false" protocol="TLS" keystorePass="mypassword" />
i restarted tomcat and typed https://localhost:8443/ and it displayed The page cannot
be displayed.. so my question is where did i go wrong and what should i do next...

<Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
clientAuth="false" protocol="TLS" keystorePass="mypassword" />
You did not specify the keystore file location.

BOE ssl configuration

Hello,
I'm working on migrating our BOE XI R2 to BOE 3.1 SP2 on a new server (windows).
Before we were using iis and ssl setting was easy. Now on tomcat I'm having problems.
I'm not creating a new certificate I want to use a special one created for our domain from a 3rd party cert authority.
I don't know much about certificates.
so I have domain.cer domain.der domain.key domain.pem domain.pfx password.txt trustedcer.crt (root ceritiificate) files in d:\ssl folder.
From CCM I check the "enable the ssl"
and I try to fill below
SSL certificates folder=d:\ssl
server ssl certificate file=domain.cer
SSL trusted certificates file=trustedcer.crt
SSL private key file=domain.key
SSL private key passphrase file=password.txt
in tomcat configuration I use the same pattern.
Do I have to convert cer files to der.
Why this combination is not working how can I set the ssl.
Thank you

If yoour users are using the browser and no thick clients then it is all about configuring Tomcat for SSL. You can find plenty information about this in Internet or here https://css.wdf.sap.corp/sap/support/notes/1299147.
Regards,
Stratos

OIM11gR2 AD Connector SSL Configuration

Similar Messages

Maybe you are looking for