SSL enabled directory proxies and F5?

Similar Messages

• SSL Enabling Shared Services and Active Directory

  The SSL config guidfe suggests that a valid certificate (CA) must be issue for User directories (MSAD/LDAP), Web and application servers. Is it essential to obtain a CA for for MSAD as well? Can we do without MSAD cert? We have the certs for our Web and App layers ready. We are not sure if the IT department has SSL configured MSAD. If MSAD/LDAP is not SSL configured - can we still go about SSL-Enabling Hyperion? Thanks.
  -- Srini

  If your MSAD is set for SSL, you can import their certificates through your Java Application Server. Since you are unsure, I would set up MSAD and if you are able to browse for users on the AD domain in Shared Services, you are good to go.
  I must say that SSL is a big pain from my point of view. Unless you are required to encrypt because of the data you have stored, I would pass it up. The certificates often expire on a yearly basis and there are many different certificates to keep track of. Multiply that by Development, Prod, BCP or Recovery server, and you're looking at lots of maintenance.
  The big pain comes when the signer certificate for your server expires because after the next reboot or restart of your JVMs, Shared Services starts up but none of the other applications can talk to it which means your whole application is down until you get that certificate fixed. My organization is fairly strict on their controls, so that means that I either make a federal case out of my system being down or I get to wait three days for a change request. Big pain in the rear.

• How do I ssl enable targets and EM in 10.1.2

  How do I ssl enable targets and EM in 10.1.2 in
  "Standalone console" (is this the correct forum?)
  These are the steps I followed
  1) emctl secure em
  This enabled ssl for EM.
  Problem is with monitoring a target - Oracle Reports
  2) The I SSL Enabled reports. Added a port in webcache and gave default wallet directory. Following works
  https://host:port/reports/rwservlet?getserverinfo
  3) In sysman/emd/targets.xml , for reports target I changed http protocol to https and also changed port
  (Report uses HTTP Fetchlet for getting metrics)
  But I am not able to monitor Oracle Reports successfully.
  I get the following in EM logs
  emias.log
  <MetricGetError ERRMSG="Error connecting to <host:port> return status = -1 " ERRID="32" ERRCODE="3">
  emagent.trc
  2005-01-05 18:29:07 Thread-2228 ERROR ssl: nzos_Handshake failed, ret=29024
  2005-01-05 18:29:07 Thread-2228 ERROR http: 652: Unable to initialize ssl connection with server, aborting connection attempt
  2005-01-05 18:29:08 Thread-2228 ERROR engine: [oracle_repserv,Ben.<host>_Reports_Server:rep_strep13,ServerPerf] : nmeegd_GetMetricData failed : Error connecting to <host>:4447 return status = -1
  Any idea how to do SSL enable targets (in particular Oracle Reports) in 10.1.2 ?

  Open and close iPhoto or GarageBand and relaunch FCP X. Sometimes just relaunching FCP X works also. You can trash FCP X preferences as well if the above doesn't work.

• SSL Required but Microsoft says the directory can't have SSL enabled?

  I am confused? iPhone is requiring an SSL connection to the Exchange server, however, Microsoft's KB's are saying the Exchange directory that OMA and ActiveSync talks to cannot have SSL enabled, which means the iPhone will be attempting to sync through port 80?
  How are we suppose to use this technology with SSL, if the Exchange directory is configured for non-SSL connections. They are even going as far as telling you to set up a secondary virtual Exchange directory with SSL disabled, leaving WebAccess connections SSL enabled...

  Mr Upson wrote:
  But, I am still confused, why would Apple enable SSL to an option that Microsoft is not even allowing to begin with? If the virtual directory cannot have SSL enabled, why would Apple think differently?
  ActiveSync has allowances for SSL for certain components of access. I don't know which parts, but I can assure you that all phones that I have ever dealt with (most of those being windows mobile based) have SSL as the default checked option while configuring
  I had a full bar of power this morning that was charged over night and with Active Sync enabled for my Calendar and Contacts, I am now at 10% battery life.
  This has become more of a problem than a solution....
  I would have no idea what would be causing that. I have full push services on for both exchange (everything synced) alsong side of MobileMe. Now I don't use SSL, but all that does is force communications over a different port - I seriously doubt that usage of data differs weather or not SSL is used or not. I can tell you that I do not experience the same type of drain you describe unless you are heavily using things like you tube other services over WI-Fi.

• How can I verify the SSL service enabled in CSS and SCA ?

  I'm working for the OpenSSL vulnerability for CSS and SCA. How can I check if the device enabled the SSL service ?
  - https://x.x.x.x --> cannot access.
  - telnet x.x.x.x 443 --> I got a blank screen. I think this should be connection rejected if no SSL enabled.
  Please guide me what command should I issue on the device(CSS and SCA) to verify the SSL service enabled ?
  Thanks,

  To see what ports are being listened to.
  On the SCA, you can do "show netstat"
  On the CSS, you would go into debug mode and do
  symbol-table load
  shell inetstatShow
  Michael

• Facing issue when LDAPSync is enabled for OIM-AD integration with SSL enabled

  Hi
  We are performing LDAPSync for OIM AD real time sync.We have done all configuration as per oracle documentation on LDAPSync for OIM 11gR2 : http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/oid_oim.htm The OIM environment we tested is the latest OIM version OIM 11gR2 PS1 (11.1.2.1.0).
  WE have performed LDAPSync enablement on postinstallation of OIM .So we dont have OVD , we have configured libOVD as mentioned in this doc.
  We have performed following  steps mentioned in this document  in our OIM environment.
  3.1 Enabling Post installation LDAP Synchronization
  3.3 Creating Identity Virtualization Library (libOVD) Adapters and Integrating With Oracle Identity Manager
  As attribute like password  might be not getting updated in AD from OIM , we have configured SSL enabled integration in LDAP sync as mentioned in above document.
  We implemented this step  3.4.1 Enabling SSL Between Identity Virtualization Library (libOVD) and Microsoft Active Directory,
  but here it is not properly mentioned that about how to import public key certificate of AD into OIM envirioment for SSL.
  We are getting following error message in logs : Looking at logs it looks like the import of AD SSL certificate did not happen properly in OIM environment. But ,we have imported it using keytool and OVD keystore ...please let us know if we are missing any configuration in this process.Above oracle document is not pretty clear on this.
  <Dec 7, 2013 12:22:53 AM IST> <Warning> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.BackendJNDI> <OVD-40118> <Could not automatically detect binary attribute list: simple bind failed: 10.88.164.231:636.>
  <Dec 7, 2013 12:22:53 AM IST> <Warning> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.JNDIConnectionPool> <OVD-60024> <Connection error: simple bind failed: 10.88.164.231:636.>
  <Dec 7, 2013 12:22:53 AM IST> <Error> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.BackendJNDI> <OVD-60143> <[#LDAP2]  Unable to create connection to ldap://[10.88.164.231]:636 as null.
  javax.naming.CommunicationException: simple bind failed: 10.88.164.231:636 [Root exception is javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]
  at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195)
  at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
  at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
  at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
  at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
  at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
  at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
  at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
  at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
  at javax.naming.InitialContext.init(InitialContext.java:223)
  at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
  at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.createCtx(JNDIConnectionPool.java:463)
  at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.create(JNDIConnectionPool.java:494)
  at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.<init>(JNDIConnectionPool.java:156)
  at oracle.ods.virtualization.engine.backend.jndi.RemoteServer.getJNDIConnectionPool(RemoteServer.java:163)
  at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:984)
  at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:927)
  at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.getHolder(ConnectionHandle.java:415)
  at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.search(ConnectionHandle.java:250)
  at oracle.ods.virtualization.engine.backend.jndi.JNDIEntrySet.initialize(JNDIEntrySet.java:219)
  at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.get(BackendJNDI.java:728)
  at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:303)
  at oracle.ods.virtualization.engine.chain.BasePlugin.get(BasePlugin.java:89)
  at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
  at oracle.ods.virtualization.engine.chain.BasePlugin.get(BasePlugin.java:89)
  at oracle.ods.virtualization.engine.chain.plugins.usermanagement.UserManagement.get(UserManagement.java:742)
  at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
  at oracle.ods.virtualization.engine.chain.PluginChain.runGet(PluginChain.java:211)
  at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:351)
  at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:316)
  ...more
  Caused By: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
  at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1731)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1692)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1675)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1601)
  at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:94)
  at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
  at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
  at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:414)
  at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:387)
  at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332)
  at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190)
  at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
  at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
  at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
  at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
  at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
  at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
  at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
  at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
  at javax.naming.InitialContext.init(InitialContext.java:223)
  at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
  at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.createCtx(JNDIConnectionPool.java:463)
  at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.create(JNDIConnectionPool.java:494)
  at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.<init>(JNDIConnectionPool.java:156)
  at oracle.ods.virtualization.engine.backend.jndi.RemoteServer.getJNDIConnectionPool(RemoteServer.java:163)
  at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:984)
  at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:927)
  ...more
  Caused By: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
  at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:57)
  at sun.security.validator.Validator.getInstance(Validator.java:161)
  at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:108)
  at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:204)
  at oracle.ods.virtualization.engine.util.OVDTrustManager.checkServerTrusted(OVDTrustManager.java:99)
  at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1198)
  at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
  at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
  at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
  at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:89)
  at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
  Let us know for any helpful pointers on this
  Thanks in advance,
  RPB25

  Use the steps given below to perform import public key certificate of AD into OIM envirioment for SSL
  Obtain the AD Certificates from the AD Administrator.
  Copy the AD Certificates to the directory /jrockit-jdk1.6.0_20/jre/lib/security
  Run the following command to import all the certificates
  /jrockit-jdk1.6.0_20/bin/keytool -import -alias <provide_alias> -file <file-name> -keystorecacerts -storepasschangeit
    4. The CA certificates are now present in the trust store.

• Sun Directory Server and OID Synchronization

  I'm having a problem with synchronizing OID with our existing Sun Directory Server. This is a one way synchronization, using Sun DS as the source, and OID as the destination. I've successfully installed OID with SSL enabled (this is part of an Oracle Portal installation), and followed what docs I could find. I created an integration profile based off the iPlanet Import profile, and imported a custom mapping profile based off a differing DIT naming convention (o=company.com vs dc=company,dc=com). I have applied an ACI that should allow the synchronization profile user to update entries on the OID side, and a user in Sun DS that has access to the appropriate areas on that side. I was able to successfully bootstrap and import all of our users, and it was also able modify the last changelog number.
  Having said all of that, incremental changes aren't propagating to OID. I'm not sure where to look or what steps to take to troubleshoot this, as I'm brand new to OID. There's an agent execution command that is blank in the integration profile, but according to what I've found that's the default and is acceptable.
  Am I missing a step here? According to the docs, all I need to do is enable the profile, and away it goes.
  One last thing I had to do to overcome an issue with the changelog number not updating was adding our internal root ca's certificate to the local JVM's cacerts file. I accomplished this with the keytool command, and it seemed to work fine. I'm unsure if it's the SSL config that is hosed and is causing this, or if it's a configuration parameter I'm missing.. but I don't have anywhere to start as far as troubleshooting is concerned.

  On your integration profile, did you set the debug level to 63? You should have a _____.aud and a _____.trc file in your $ORACLE_HOME/ldap/odi/log directory that will provide more info. Did you start your DIP server (odisrv) with the oidctl command?
  You might also look at downloading the "diptester" utility for troubleshooting OID synchronization issues.
  - Brian

• NmConnect() error when SSL enabled

  Hello,
  I am on welogic 10.3.2 and I am trying to create my domain to use SSL.
  I created a domain and Admin server with SSL enabled. Before starting the admin server. I start the nodemanager and then try the nmConnect as below and i see this error. Please help.
  nmConnect('weblogic','weblogic1','localhost','10001','../wldomain','skDomain')
  weblogic.nodemanager.NMException: Configuration error while reading domain directory
  at weblogic.nodemanager.client.NMServerClient.checkResponse(NMServerClient.java:299)
  at weblogic.nodemanager.client.NMServerClient.checkResponse(NMServerClient.java:312)
  at weblogic.nodemanager.client.NMServerClient.connect(NMServerClient.java:248)
  at weblogic.nodemanager.client.NMServerClient.checkConnected(NMServerClient.java:199)
  at weblogic.nodemanager.client.NMServerClient.checkConnected(NMServerClient.java:205)
  at weblogic.nodemanager.client.NMServerClient.getVersion(NMServerClient.java:52)
  at weblogic.management.scripting.NodeManagerService.verifyConnection(NodeManagerService.java:175)
  at weblogic.management.scripting.NodeManagerService.nmConnect(NodeManagerService.java:169)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:

  Hello,
  I am on welogic 10.3.2 and I am trying to create my domain to use SSL.
  I created a domain and Admin server with SSL enabled. Before starting the admin server. I start the nodemanager and then try the nmConnect as below and i see this error. Please help.
  nmConnect('weblogic','weblogic1','localhost','10001','../wldomain','skDomain')
  weblogic.nodemanager.NMException: Configuration error while reading domain directory
  at weblogic.nodemanager.client.NMServerClient.checkResponse(NMServerClient.java:299)
  at weblogic.nodemanager.client.NMServerClient.checkResponse(NMServerClient.java:312)
  at weblogic.nodemanager.client.NMServerClient.connect(NMServerClient.java:248)
  at weblogic.nodemanager.client.NMServerClient.checkConnected(NMServerClient.java:199)
  at weblogic.nodemanager.client.NMServerClient.checkConnected(NMServerClient.java:205)
  at weblogic.nodemanager.client.NMServerClient.getVersion(NMServerClient.java:52)
  at weblogic.management.scripting.NodeManagerService.verifyConnection(NodeManagerService.java:175)
  at weblogic.management.scripting.NodeManagerService.nmConnect(NodeManagerService.java:169)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:

• SSL + LDAP + Directory 5.2

  How to enable SSL in Directory 5.2 without obtaining a real CA - this is test only

  Certutil ships with Solaris 10. It has all you need.
  cd
  mkdir certdb
  echo "password" > certdb/.pwf
  head -20 /dev/random > certdb/noisefile-ca
  certutil -N -d certdb -P ca- -f certdb/.pwf
  certutil -S -x -n "ca-cert" -s "cn=CA Certificate, ou=certs, o=test" -t CTPu -v 120 -d certdb -P ca- -z certdb/noisefile-ca -f certdb/.pwf
  certutil -L -d certdb -P ca- -n ca-cert -a > certdb/cacert.pemAt this point, you have a CA cert in certdb/cacert.pem.
  Now, you need to get a signed certificate into the DS certificate DB. First, get a certificate request from the DS certificate DB:
  cd /var/opt/mps/serverroot/alias
  echo "password" > .pwf
  head -20 /dev/random > noisefile
  certutil -N -d . -P slapd-host- -f .pwf
  certutil -R -s "cn=host.domain,o=certs, o=test" -a -o certrequest.pem -d .  -P slapd-host- -z noisefile -f .pwfThen, sign that certficiate request with the CA cert:
  cd
  certutil -C -c "ca-cert" -i /var/opt/mps/serverroot/alias/certrequest.pem -a -o /var/opt/mps/serveroot/alias/sslcert.pem -v 12 -d certdb -P ca- -f certdb/.pwfFinally, import the CA certificate and SSL server certificate into the DS cert DB.
  cd /var/opt/mps/serverroot/alias
  certutil -A -n "ca-cert" -i ~/certdb/cacert.pem -a -t CT -d . -P slapd-host-
  certutil -A -n "server-cert" -i sslcert.pem -a -t Pu -d . -P slapd-host-Then, enabling SSL is a matter of turning it on in the console.

• Can port 25 be used for SSL-enable SMTP server ?

  Hi,
  Our customer is using port 25 for a SSL-enabled SMTP server without certificate. When our email client tried to connect to it, the following exception thrown:
  DEBUG SMTP: exception reading response: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
  Since we don't want to ask our customer to change their port configuration unless absolutely necessary, we did some tests with our own SSL-enabled SMTP server that uses certificate. Here is what I got:
  1) with port 25, got the same exception as above;
  2) with port 465, worked fine;
  3) with any other randomly pick up valid port, worked fine.
  This made me wonder if 25 is for non SSL SMTP server ONLY. By the way, I'm using Javamail 1.3.4 and JSDK 1.4.2_02. My question is whether we can configure javamail so that port 25 can be used by SSL-enabled SMTP server?
  Your help will be appreciated.

  Yes, port 25 is intended for non-SSL servers only, although that doesn't
  prevent a client from making a plain text connection and then using the
  STARTTLS command to switch the connection to SSL/TLS. JavaMail 1.4
  supports that usage.
  You can configure JavaMail to use port 25 for SSL connections if you
  really want to. JavaMail 1.3.x requires you configure an appropriate
  socket factory to get SSL connections; you can configure whatever port
  you want for use with that socket factory.

• What should be done in certmap.conf for 2-way SSL support from a standalone Java application to an SSL enabled LDAP Server

  To support certficate based client authentication using 2-way SSL from a standalone java application which uses JNDI and JSSE1.0.2 to connect to an SSL enabled LDAP Server how do we configure the certmap.conf?Is there any additional setup required at the LDAP Server side apart from enablinf SSL with the option"Required Client Authentication" enabled.The 2 way SSL handshake goes through but the access log file (After configuring the certmap.conf for the issuer DN of the client certficate etc..)shows SSL failed to LDAP DN?But inspite of this access log error the Java client does get an SSL Connection object with which it is able to connect to the LDAP.IS the certmap.conf file being looked up by the LDAP Server at all?

  have you out.flush() and out.close() before you call connection.getInputStream()?

• Security Issues: SSL on SOAP Adapter and Digital Signature in BPM

  Hi there,
  we're developing a R/3-XI-3rd Party Application scenario, where the XI/3rd Party communication is based on a webservice (SOAP adapter with SSL). Also, the messages in the XI/3rd Party communication must be digitally signed. I've got some questions on both subjects.
  1. About the SSL. I've started to investigate what will be necessary to enable the HTTPS option under SOAP Adapter (it's not enabled now). If I'm not correct, all I need to do is:
  - check whether the SAP Java Crypto Lib is installed in the Web AS;
  - generate the certificate request in the Visual Administrator and, after acquiring the certificate, store it with the KeyStorage option.
  Is that right?
  I'm considering that I won't need to use SSL in the ABAP Web AS, only the J2EE Java Engine (since the SOAP Adapter is based on J2EE).
  2. About the digital signature. As a first solution, we had decided on accessing a webservice based on another machine running a signature application. We'd send the unsigned XML and receive a signed XML. But since that needed to be done into the BPM, I thought that using a piece of Java code in a mapping would suit it better.
  But to be able to use the hashing/encrypting/encoding algorithms, which library needs to be installed? Is it the same SAP Java Crypto Lib that was installed for the SSL enabling?
  Thanks in advance!

  Hello Henrique,
  1. You're right. For detailed instructions please have a look at the online help: http://help.sap.com/nw04 - Security - Network and Transport Layer Security - Transport Layer Security on the SAP J2EE Engine
  2. The SOAP adapter supports security profiles. Please have a look at the online docu http://help.sap.com/nw04 -Process Integration - SAP Exchange Infrastructure - Runtime - Connectivty - Adapters - SOPA Adapter - Configuring the Sender SOAP adapter and from the link under Security Parameters to the Sender Agreement. You'll find some additional information in the following document: http://service.sap.com/~sapdownload/011000358700002767992005E/HowToMLSXI30_02_final.pdf
  Rgds.,
  Andreas

• Starting Server with SSL Enabled

  I want to start iplanet directory server 5.1 with SSL Enabled, but It always ask me PIN Token.
  I write slapd-test-pin.txt file as following :
  slapd-test-pin.txt
  -------begin-----------
  Token:test123456
  -------end ------------
  I put the slapd-test-pin.txt into /usr/iplanet/server/alias
  then, I restart directory server from command line.
  /usr/iplanet/servers/slapd-test/stop-slapd
  /usr/iplanet/servers/slapd-test/start-slapd
  What's wrong ?
  Thank you !!!!

  I have a similar problem. I actually do set the correct format of certidcate db password file but the server stll does not start but reports the following:
  [26/Sep/2003:17:21:11 -0400] - Sun-ONE-Directory/5.2 B2003.143.0014 (32-bit) starting up
  [26/Sep/2003:17:21:11 -0400] - ERROR<12362> - Connection - conn=-1 op=-1 msgId=-1 - PR_Bind() on address <all interfaces> port <636> failed : error -5966 (Access Denied.).
  I installed the certificate correctly. It was obtained from VeriSign with a ds 5.2 generated request.
  Any ideas?
  Thanks in advance!

• IHat : connecting to an SSL-enabled opmn notifcation server

  I'm having trouble connecting iHat to an app server
  instance, where the opmn.xml file contains
  <notification-server>
  <port local="6100" remote="6200" request="6003"/>
  <log-file path="$ORACLE_HOME/opmn/logs/ons.log" level="4" rotation-size="1500000"/>
  <ssl enabled="true" wallet-file="$ORACLE_HOME/opmn/conf/ssl.wlt/default"/>
  </notification-server>
  In the ons.log I get errors
  ... :6200 SSL handshake failed
  Has anyone had any success working around this problem?
  Thanks
  - Charles Poulsen

  Clear the cache and the cookies from sites that cause problems.
  "Clear the Cache":
  * Tools > Options > Advanced > Network > Offline Storage (Cache): "Clear Now"
  "Remove Cookies" from sites causing problems:
  * Tools > Options > Privacy > Cookies: "Show Cookies"

• Problems in accessing an SSL enabled site through Weblogic 6.1

  Hi,
  We want to connect to an SSL enabled site (https://test.SalesForce.com) through Weblogic 6.1. We are using JDK1.3.1_08 and Apache axis.
  We have followed the appropriate steps explained in the URL -
  http://www.pankaj-k.net/WSOverSSL/WSOverSSL-HOWTO.html
  As mentioned in the above link, we made the configurations in JDK 1.3.1_08 to put the jsse.jar and other important JARs in jre\lib\ext folder and also updated the java security file to add the proper "Provider".
  After that we tried to execute the test application to connect to an SSL site specified in it. It is a stand alone Java application and connects to the site and reads the bytes of the home page and displays them on the console.
  When we tried to connect the SalesForce test site, we figured out that we were able to connect to the site and were able to read entire stream of bytes.
  Then we copied the same code in a sample JSP, set the JDK1.3.1_06 as the JAVA_HOME for Weblogic6.1 and tried to connect to our test site through that JSP.
  We observed that it is connecting to the site but reading just a few initial bytes and not the entire stream.
  When we tried the same steps with Weblogic8.1 and JDK1.4.2_X, it works fine and reads the entire page with Weblogic8.1 as client.
  So, we observed that the standalone application works fine with JDK1.3.1_08, it also works fine on the the Weblogic 8.1 and JDK1.4.2_x combination, but when we use Weblogic6.1 and JDK1.3.1_08, it does not work properly.
  Is there any setup issue in Weblogic 6.1 regarding connecting to a SSL enabled site?
  Our actual problem scenario is a bit different than this, but we are sure that it is related to this situation and a solution to this problem can resolve the actual problem.
  Another question we have is do we need to configure SSL in Weblogic 6.1 and also care for installing certificates evenif Weblogic 6.1 in this case is a mere client?
  We have tried to connect to the same site using Weblogic 8.1 and JDK1.4.2_X. We did not require any kind of certicates in that case. Hence I want to clear my doubt.
  Please help.

  Hello,
  Just wondering if you ever found a solution to this problem. We are suffering just about the exact same issue, where our environment with WebLogic 6.1 SP4 cannot access an SSL enabled site, but our WebLogic 8.1 SP2 upgrade environment can. The only difference we've been able to pinpoint is that our 6.1 server connects via TLS1.0 (SSL3.1) and our 8.1 server connects via SSLv3 (SSL3.0). Does anyone know how to control which version of SSL WebLogic 6.1 uses?