SSL configuration of EPM 11.1.2
I try since days to enable SSL for an EPM 11.1.2 installation. All of the components (FoundationServices, RaFramework, etc) are installed on one single server.
The element "FoundationServices" is listening on SSL port 28443. I can succesfully start shared services by the following link:
https://chsa8403.eur.beluni.net:28443/interop
I can also start workspace by entering:
https://chsa8403.eur.beluni.net:28443/workspace
Then the login screen appears where I enter my credentials. But then I receive a "Namespace Communication error". In the details I see, that the following link is not found: https://chsa8403.eur.beluni.net:28443/raframework/conf/ToolsConfig.xml
This is clear, because the RaFramework is configured to listen to the SSL port 45043 and not 28443. I can also get the requested document by entering https://chsa8403.eur.beluni.net:45043/raframework/conf/ToolsConfig.xml by direct entering this link in a browser.
How I can configure EPM that it will go to port 45043 and not to 28443 for the RaFramework? Has someone really a very detailed step by step guide how to enable SSL. I already have consulted as well as http://www.oracle.com/technology/hyp/hyp_epm/ssl_11.1.2/index.htm as well as http://download.oracle.com/docs/cd/E17236_01/epm.1112/epm_security.pdf
Edited by: amaerki on Sep 1, 2010 4:22 PM
Anybody can help in this issue?
Similar Messages
-
Need some hel in SSL Configuration in R12
Hi All,
I am facing challenges in configuring SSL in R12. I am not able to get bigger picture of the SSL Configuration. If any body does this before please share you knowledge
Thanks in Advance.
ReddyHi Hussein
The below are the steps I am trying to implement.
Section 3 : Middle Tier Setup
The default location for the wallet in Release 12 is $INST_TOP/certs/Apache. This directory contains a wallet with demo certificates. If you wish to use these certificates for testing start with Step 8 below to configure SSL
Decided to test the application with demo certificates.
Step 8: Update the Context File.
Updated the context file as per the recommendations.
Step 9 - Run Autoconfig
Finished
Section 4: Database Tier Setup
Here I got confused. Whether to proceed or not ?
Thanks
Reddy -
PI 7.31 Dual Stack SSL configuration
HI Gurus,
I have a quick query, I am configuring SSL on my PI 7.31 systems.
I have checked all the standard guides and forums but I have one doubt.
Q1 - Is it necessary to configure SSL both in ABAP and JAVA side ?
Q2 - If I just configure SSL in STRUSTSSO2 in ABAP , will it be more than enough ?
Q3 - In what cases do we need to configure SSL in JAVA side ? And does configuring SSL in JAVA mandatory require sapcryptolib files ?
Please share your views.
Cheers, SGI want to understand is it necessary to configure SSL in both ABAP and JAVA in case of dual stack PI ?
>>> Please refer to Huseyin's comments in the below thread..
PI 7.3 Dual Stack SSL configuration
In what cases do we use JAVA SSL in Dual stack system ?
>>> AFAIK - when you use http_aae adapter/soap with https then you should configure the SSL on java stack. -
Syclo Work Manager 6.1 SSL Configurations
Hello Experts,
We have an "Communicaiton Error 14" on Device and ATE. I have worked on WM 5.2 and 6.0 and aware of the SSL configurations. I have Generated a Self Signed Certificate and a PFX file using OpenSSL. Now, with SMP 3.0 SP03 we are not able to find how to configure the Agentry.ini and where to copy the .sst file.
Can someone help us understand on how to make this work??? Is there a workaround for HTTP communication without SSL and any document on this which can help.
Is SSL/pfx mandatory to have in 6.1 while testing with ATE?
Regards,
SarikaHi Stephen,
Yes, I have to change the FDQN name to IP to work with Management console, only I will get logon screen. Similarly I have tried to do the same in ATE & WPF client.
in Management Console, while have FDQN in URL,
https://jilan.wirelessap:8083/Admin/
the error is below. But when I change to IP it works.
This page can't be displayed
Make sure the web address https://jilan.wirelessap:8083 is correct.
Look for the page with your search engine.
Refresh the page in a few minutes.
Make sure TLS and SSL protocols are enabled. Go to Tools > Internet Options > Advanced > Settings > Security
Similarly, in WPF/ATE, if FDQN is in URL, I get the Communication Error(14).
Requesting Public Key from Server
Communications error (14)
Connection failed
Ending transmission
Is any mapping needed in my laptop between FDQN to IP address?
Thanks,
Jilan -
Changing SSL configuration on MedRec
Hi,
We are developing a custom Auditing Provider for WLS. Our provider needs to communicate via https to a remote system, and thus we need to configure SSL in order to use the correct client certificate and trust the remote server's.
We are using the sample MedRec application bundled with WLS for testing purposes, but no matter what, we do not seem to be able to change the SSL configuration. We went to Home -> Servers -> MedRecServer(Admin) -> Configuration in the console, and then
* Keystores
* Custom Identity and Custom Trust + configure all the keystores pointing to our jks files
* SSL: point to our alias
But, when restarting the server, we see the following:
<Mar 6, 2007 11:45:21 AM CET> <Notice> <Security> <BEA-090169> <Loading trusted
certificates from the jks keystore file C:\dev\bea\WEBLOG~1\server\lib\DemoTrust
.jks.>Which seems to indicate that somehow MedRecServer is not acknowledging our configuration changes.
Our WL_HOME\samples\domains\medrec\config\config.xml looks like this:
<?xml version='1.0' encoding='UTF-8'?>
<domain xmlns="http://www.bea.com/ns/weblogic/920/domain" xmlns:sec="http://www.bea.com/ns/weblogic/90/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wls="http://www.bea.com/ns/weblogic/90/security/wls" xsi:schemaLocation="http://www.bea.com/ns/weblogic/90/security/extension http://www.bea.com/ns/weblogic/90/security.xsd http://www.bea.com/ns/weblogic/90/security/xacml http://www.bea.com/ns/weblogic/90/security/xacml.xsd http://www.bea.com/ns/weblogic/90/security http://www.bea.com/ns/weblogic/90/security.xsd http://www.bea.com/ns/weblogic/920/domain http://www.bea.com/ns/weblogic/920/domain.xsd http://www.bea.com/ns/weblogic/90/security/wls http://www.bea.com/ns/weblogic/90/security/wls.xsd">
<name>medrec</name>
<domain-version>9.2.0.0</domain-version>
<security-configuration>
<name>medrec</name>
<realm>
<sec:auditor xmlns:ext="http://www.bea.com/ns/weblogic/90/security/extension" xsi:type="ext:secure-auditorType">
<sec:name>Foo</sec:name>
<ext:identifier>Test</ext:identifier>
<ext:bea-audit-log-service-uri>hessian:https://it-sdm-nb:8443/ksuite/remoting/BEAAuditLogService-hessian</ext:bea-audit-log-service-uri>
</sec:auditor>
<sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>{3DES}I/3L8IhJVe+jq1vzXAXHODsFazm8NGROsfPVAaunGasgxJ6u41gpHbMAqA4pZSr2u1CWgoxiHR6z895y9Or+CDwkCmqAxJBq</credential-encrypted>
<node-manager-username>weblogic</node-manager-username>
<node-manager-password-encrypted>{3DES}HMxdWFl3juTr6BufJFg6WQ==</node-manager-password-encrypted>
</security-configuration>
<server>
<name>MedRecServer</name>
<ssl>
<name>MedRecServer</name>
<enabled>true</enabled>
<listen-port>7012</listen-port>
<server-private-key-alias>auditor</server-private-key-alias>
<server-private-key-pass-phrase-encrypted>{3DES}tPlZGhoSkfnu0h93w1MeKw==</server-private-key-pass-phrase-encrypted>
</ssl>
<listen-port>7011</listen-port>
<listen-address></listen-address>
<key-stores>CustomIdentityAndCustomTrust</key-stores>
<custom-identity-key-store-file-name>C:\dev\bea\weblogic92\server\lib\tomcat.keystore</custom-identity-key-store-file-name>
<custom-identity-key-store-type>jks</custom-identity-key-store-type>
<custom-identity-key-store-pass-phrase-encrypted>{3DES}tPlZGhoSkfnu0h93w1MeKw==</custom-identity-key-store-pass-phrase-encrypted>
<custom-trust-key-store-file-name>C:\dev\bea\weblogic92\server\lib\tomcat.keystore</custom-trust-key-store-file-name>
<custom-trust-key-store-type>jks</custom-trust-key-store-type>
<custom-trust-key-store-pass-phrase-encrypted>{3DES}tPlZGhoSkfnu0h93w1MeKw==</custom-trust-key-store-pass-phrase-encrypted>
</server>
<embedded-ldap>
<name>medrec</name>
<credential-encrypted>{3DES}W+XDJAixeMZcbdmRm/jIF8u8ZMzBMLyGQpcjb1lWzlM=</credential-encrypted>
</embedded-ldap>
<configuration-version>9.2.0.0</configuration-version>
<admin-server-name>MedRecServer</admin-server-name>
</domain>You can see our Auditor provider configuration and the custom identity and trust sections, which look right.
I'm wondering if somehow the demo application is special in any way, or if we are missing some step to change the identity and trust configuration. Any ideas? Any further investigation clues?
Kind regards,
AlexOK, we have been reading this:
http://e-docs.bea.com/wls/docs81/security/SSL_client.html
, so I think I need to make a few clarifications.
Our Auditing Provider communicates remotely with another system using remoting libraries (in this case, the Hessian library), which open SSL connections in the "usual JDK manner". In fact, when handshaking, we see a failure that has a stack trace like the following:
<Mar 6, 2007 3:59:36 PM CET> <Debug> <SecuritySSL> <000000> <Exception during ha
ndshake, stack trace follows
java.net.SocketException: socket write error: Connection aborted by peer
at jrockit.net.SocketNativeIO.socketWrite(Ljava.io.FileDescriptor;[BII)V
(Unknown Source)
at java.net.SocketOutputStream.socketWrite0(Ljava.io.FileDescriptor;[BII
)V(SocketOutputStream.java:???)
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92)
at java.net.SocketOutputStream.write(SocketOutputStream.java:136)
at com.certicom.io.OutputSSLIOStream.write([BII)I(Unknown Source)
at com.certicom.tls.record.WriteHandler.flushOutput()I(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.flush()V(Unknown S
ource)
at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.hand
le(Lcom.certicom.tls.record.handshake.HandshakeMessage;)V(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Lcom.certicom.tls.record.handshake.HandshakeMessage;)V(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages([BILcom.certicom.tls.interfaceimpl.ProtocolVersion;)V(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent([BIILcom.
certicom.tls.interfaceimpl.ProtocolVersion;)V(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(II[BIILcom.
certicom.tls.interfaceimpl.ProtocolVersion;)V(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord()I(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord()I(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete()V(Unk
nown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake()V
(Unknown Source)
at com.certicom.tls.record.WriteHandler.write([BII)I(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write([BII)V(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.j
ava:142)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.
java:344)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLC
onnection.java:32)
at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection
.java:935)
at com.caucho.hessian.client.HessianProxy.invoke(Ljava.lang.Object;Ljava
.lang.reflect.Method;[Ljava.lang.Object;)Ljava.lang.Object;(HessianProxy.java:??
at $Proxy0.startup(JLjava.lang.String;Ljava.lang.String;)V(Unknown Sourc
e)
at com.kroopier.bea.sap.utils.BeaAuditLogServiceSSLWrapper.startup(BeaAu
ditLogServiceSSLWrapper.java:43)
[/pre]
I guess that the Hessian library opens up a connection, actually using these certicom classes and not the usual https ssl client classes and then I should configure client certificates accordingly in the Certicom thing, but I'm unsure how to do that.
Any ideas?
Alex -
Analyze link generated by Portal not working after SSL Configuration
Hi,
We've installed OracleAS Portal 10.1.4 and Oracle Discoverer Version 10.1.2.48.18 on the same machine. We recently configured SSL on OracleAS Portal for SSO server only. Discoverer was not SSO enabled.
Now after successful SSL configuration we are facing one problem. The Analyze link that is generated by Portal to analyze the worksheet in Single Worksheet Viewer is no longer working. when we click on the analyze link we get the "HTTP 500 Internal Server Error" and a message that Page cannot be displayed.
Please advise...Hi Andrew
It sounds like you need to enable SSO for Discoverer too.
Best wishes
Michael -
Minimal 9iASR2 SSL configuration to encrypt password
I have been asked to research SSL configuration for a client. The environment is 9iAS Release 2 (one Linux infrastructure server and one Linux mid-tier server). The client wants to determine and implement the minimal solution for the following requirement: for a custom JSP login page for Portal (same flavor as explained in the SSO Admin Guide), encrypt the password when a user logs in. They would prefer not to have to alter communication channels between 9iAS components unless it is absolutely necessary. I have found an assortment of how-to documents which explain an assortment of configuration options. Unfortunately, I still do not understand which security goals the configurations meet. Can any 9iAS configuration gurus provide some guidance about meeting this requirement?
Here are some of the reference docs I referred to:
http://portalcenter.oracle.com/pls/ops/docs/FOLDER/COMMUNITY/INTERNALPRODDEVFOLDER/TECHREADINESS/ARCHIINFRA/SECURITY/SETUPSSL/HOW%20TO%20SET%20UP%20SSL%20(9.0.2).HTML
MetaLink note 216126.1
MetaLink note 223120.1One option maybe the following :
- Create a file holding the encrpyted username/password on the application server side (in the working directory of your oracle forms application)
- As a parameter, pass the name of your file to the form
- when the form is getting called, read the name file in (TEXT_IO) and use the logon built-in with the value from the password file
How to create an encrpyted file :
- use the obfuscation toolkit to encrypt username/password@instance into a varchar2
- write this value to a file using oracle forms (TEXT_IO)
FUNCTION f_encrypt_string(p_key IN VARCHAR2)
RETURN VARCHAR2 IS v_encrypt_string VARCHAR2(2000) := 'N/A';
l_data VARCHAR2(2000);
BEGIN
-- if neccessary create a text where the length of the string
-- is diviteable by 8 (which is a requirement of dbms_obfuscation_toolkit)
l_data := RPAD(p_key, (TRUNC(LENGTH(p_key)/8)+1)*8, CHR(0));
DBMS_OBFUSCATION_TOOLKIT.DESEncrypt(input_string => l_data,
key_string => 'MagicKey',
encrypted_string=> v_encrypt_string);
RETURN (v_encrypt_string);
END;
Edited by: user434854 on Apr 8, 2009 5:17 AM -
OIM11gR2 AD Connector SSL Configuration
Hi,
Can anyone provide me the steps to configure SSL between OIM - Connector Server - Active Directory ?
We followed the steps provided in the AD Connector guide, but that does not seem to work. In the connector server logs, we see "SystemNotSupportedException: The certificate should be associated with private key". The steps we did were:
1. Exported root certificate from AD Server
2. Create sslstore on Conector server and updated connectorserver.exe.config file
3. Enabled SSL in Connector Server ITResource.
If you were succesfull configuring SSL, Please provide us the steps for the same.
Thanks,
HrushiHi GP/PK,
Does that mean the trust certificate of AD is used for SSL configuration between OIM and Connector Server ?? I am not sure how this is gonna work. However, I have followed the steps in sections 2.3.2.2 to 2.3.2.4 in the link provided by you, but still I get the error posted earlier.
Could you please list the steps for SSL configuration ???
Also, Could you point me to the document which says Connector Server uses internal SSL to communicate to AD.
Also, In our environment, connector server is installed on seperate machine and not on machine where AD is running.
Thanks,
Hrushi
Edited by: 920194 on Sep 10, 2012 11:57 PM
Edited by: 920194 on Sep 10, 2012 11:59 PM -
SSL configuration on oracle 10g realease 3 web server
what all are the changes should i do
in ssl.conf,httpd.conf,opmn.xml
to enable ssl.
i have clustered one web server and one application server
i have the authorized trusted certificate from CA.SSL configuration on oracle 10g webserver release 3
-
ZCM 11.2 Second Primary - SSL Configuration
Primary Server 11.2.4MU1 on OES 11SP2 - Running ZCM11.2.4MU1 / DSFW / DNS
I am attempting to bring up a Second Primary Server. Maybe I am miss reading the documentation, however Each time I attempt the setup and bring the second primary into the "Existing" zone I give it the DNS / IP of the server, the correct Port - 444 In this case, and user / password. It authenticates fine, asks me to import the CA / MGMT Zone Cert. I click yes. Then I am taken to the SSL Configuration page.
From my reading I believe I should not be taken to this page.... I believe this should only be done if its a new server as the secondary should import and use the primary?
Currently my Plan was to bring up a secondary Primary and look at doing a DB / Content Migration, as I can not upgrade the current 11.2.4MU1 to 11.3 as install on OES is not supported (any longer).
I could be a bit discombobulated....
Thanks
PatrickNever mind.....I forgot about the CSR / Cert generation part of the Zenworks setup...
-
I am using Lion os on a Mac Book Pro. I have installed MySQL and I use the default mac Apache server. I have tried to config SSL in Apache. I have read many posts on the internet and tried many of them and followed their instructions step by step, but the SSL doesn't work on Lion.
Any idea how to config Apache SSL?Hua,
make sure that the entry under the alias is a key entry, not the trusted CA certificate
entry.
Pavel.
"Hua Cao" <[email protected]> wrote:
>
Hi, Wajid,
I have similar problems but it is with 8.1
The bea server says 'no key/identity found in the key store file'. I
checked the
keystore using keytool. The specified alias is there for sure.
If you find a solution, please share it with me ([email protected]).
Thanks.
Hua
"Wajid" <[email protected]> wrote:
While doing ssl configuration in importprivatekey utility iam gettin
following
error
D:\bea\user_projects\mydomain>java utils.ImportPrivateKey d:\bea\users_projects\
mydomain\mykeystore.jks null myalias myphrase myCert.pem upendra-key.pem
Keystore file not found, creating it
java.security.KeyManagementException: ASN.1: Lengths longer than 32bits
are not
supported
at com.certicom.security.cert.internal.x509.SSLPlusSupport.getLocalIdent
ityPartial(Unknown Source)
at com.certicom.net.ssl.CerticomContextWrapper.inputPrivateKey(Unknown
S
ource)
at utils.ImportPrivateKey.importKey(ImportPrivateKey.java:57)
at utils.ImportPrivateKey.main(ImportPrivateKey.java:24)
Please help -
OHS - Webserver SSL Termination for EPM
Gurus,
Could you please help me with the instructions to setting up the EPM environment as SSL (web server termiantion at OHS.)
I am done wih the installing an configuring all of the EPM products and now I need to enable the SSL at OHS.
I have reviewed the document but I am getting confused with all kind of setups. Do you have any detailed steps or point to me something ( other than Oracle documentation )?
Thank you in advance !
Edited by: 945478 on Aug 9, 2012 5:24 AMHello,
Check this URL, I have uploaded a document which can help you with terminating SSL at web server.
http://www.scribd.com/doc/102533508/Implementation-Steps
Thanks. -
Hello,
I'm working on migrating our BOE XI R2 to BOE 3.1 SP2 on a new server (windows).
Before we were using iis and ssl setting was easy. Now on tomcat I'm having problems.
I'm not creating a new certificate I want to use a special one created for our domain from a 3rd party cert authority.
I don't know much about certificates.
so I have domain.cer domain.der domain.key domain.pem domain.pfx password.txt trustedcer.crt (root ceritiificate) files in d:\ssl folder.
From CCM I check the "enable the ssl"
and I try to fill below
SSL certificates folder=d:\ssl
server ssl certificate file=domain.cer
SSL trusted certificates file=trustedcer.crt
SSL private key file=domain.key
SSL private key passphrase file=password.txt
in tomcat configuration I use the same pattern.
Do I have to convert cer files to der.
Why this combination is not working how can I set the ssl.
Thank youIf yoour users are using the browser and no thick clients then it is all about configuring Tomcat for SSL. You can find plenty information about this in Internet or here https://css.wdf.sap.corp/sap/support/notes/1299147.
Regards,
Stratos -
OBIEE 11g SSL Configuration Issue : Unable to import the Server certs
Hello All,
We are trying to configure OBIEE 11.1.1.6.0 with SSL using Windows server 2003 (IIS) and facing some issues with that.
Followed the document : OBIEE11g SSL Setup and Configuration [1326781.1]
http://obieedue.blogspot.sg/2012/08/obiee11g-ssl-setup-and-configuration.html
and also completed generating the required certificate signing request and keystores for SSL communication and sent it to the CA (IT Admin team) to to have the certificate signed by CA. The issue comes when I am trying to import the CA certificate (Root certificate) and Server Certificate into the Java Keystore.
I am importing the Root CA Certificate first which is successfully added to the keystore.
keytool -import -trustcacerts -alias mycacert -file cacert.pem -keystore mykeystore.jks -storepass Welcome1
Trust this certificate? [no]: yes
Certificate was added to keystore.
But when trying to add the Server Certificate to the keystore using the command below :
keytool -import -v -alias testserver -file server.cer -keystore mykeystore.jks -keypass Welcome1 -storepass Welcome1
Certificate reply was installed in keystore
I get the following error:
keytool error: java.lang.Exception: Failed to establish chain from reply
java.lang.Exception: Failed to establish chain from reply
at sun.security.tools.KeyTool.establishCertChain(KeyTool.java:2662)
at sun.security.tools.KeyTool.installReply(KeyTool.java:1870)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:807)
at sun.security.tools.KeyTool.run(KeyTool.java:172)
at sun.security.tools.KeyTool.main(KeyTool.java:166)
Read many forums and tried to convert it to the PKCS#7 format and import the cert to the identity keystore, but was not successful in that either. I have also checked with the IT Admin team and found there is only one RootCA and no other intermediate CA's.
Please advice if any one has similar issues or suggestions.
Thanks in advance,
SVSHi,
One obvious reason would be that you did not specify -trustcacerts, and the root CA is not included in the present server keystore. In that case, using the -trustcacerts option would solve the problem, if the root CA is indeed in the JDK cacerts.
To print out the certificates present in the JDK cacerts, use the following command:
keytool -list -keystore <JAVA_HOME>/jre/lib/security/cacerts -storepass changeit -v
Then check if the root CA that signed your server certificate is present, and has not expired (in which case,you would need to re-import a newer one into cacerts).
Another common reason for that error message is when you have used a proprietary CA to sign your server certificate. Then it would obviously not be in the JDK cacerts. The solution in that case is to import your proprietary root CA into the JDK cacerts, using the following command:
keytool -import -keystore <JAVA_HOME>/jre/lib/security/cacerts -file yourRootCA.pem -storepass changeit -alias youralias
A third reason for that error message is when your server was signed by an intermediate certificate. In that case, you would have received from your CA a chain of certificates. One way to solve this (not the only one, but this one works well): Prepend your intermediate CA file to your server cert file, and import the obtained concatenated file into the server keystore. Be careful, the intermediate CA must be BEFORE the server cert. Example:
copy rootca.cer certchain.p7b
type server.cer >> certchain.p7b
The file certchain.p7b will be the concatenation of the intermediate CA and the signed server cert. Then import the newly created file under the key alias as follows:
keytool -import -keystore serverks.jks -file certchain.p7b -alias yourkey -trustcacerts
If you only prepend the intermediate root CA, you must make sure the the final root CA is in cacerts. But you can also prepend your whole chain of trust inside the server keystore.
Regards,
Kal -
Configuration of EPM 11.1.2 Shared Services issue during installation
Hi,
I am running into issue with configuration of Shared Services after installing EPM 11.1.2 on my machine. I am running the installation on Windows 8 and 64 Bit. All of the components that I wanted installed successfully. After that I went into the Configuration for Shared Services, I ran into the issue with the status of Deploy Application to Server not completed successfully (configuring...). I was hoping to configure one thing at a time as suggested in the blogs.... then I'd configure Essbase and not Financial Reporting...in that sequence. Thus, I also do not see any of the services installed under Foundation Services; Shared Services URL, Start EPM nor Start FoundationServices (Oracle Weblogic 10) tmplink.
I've tried to search online but found nothing specific on the issue. Am I missing something? Please help.
ThanksWindows 8 has not been officially released yet so don't expect EPM products to support it.
Cheers
John
http://john-goodwin.blogspot.com/
Maybe you are looking for
-
ABAP Mapping :: for multi files
Dear Experts, We are doing an Idoc to file interface, using ABAP mapping. This is 1:n mapping i.e receiver message interface is 0..unbounded. We have achieved the mapping for 1:1. But when I test for multi, i get an error in moni saying Parsing error
-
Satelltie A200 - No power at all
Hi all, after searching for hours, I've finally found a decent site, anyway, to the problem.... I have no power going to my laptop at all. I've bought a new charger and battery but still nothing. I've read that there may be a connection burnt out ins
-
Want to check which data source is used by the composites
HI All, I have a requirement here in which i want to see that which data source is used by the composites deployed on SOA. I dont have the code. Is there any quick way to do it(from console or backend without downloading the code) Thanks
-
Spotlight not working correctly 10.7
My Spotlight search has been broken since updating to 10.7 Has anyone else had a problem with it? (i7 13" MBP) Search results for a Command F search give no results of any kind a complete blank response. Restaring the machine fixes the search for awh
-
What is the best way to recover stolen ipod
i want all of my pictures back